kubeadm: reimplement IPVS check

Used existing IPVS Proxier API CanUseIPVSProxier instead
of custom implementation.

Fixes kubernetes/kubeadm#975

cmd/kubeadm/.import-restrictions

@@ -43,7 +43,8 @@
 				"k8s.io/utils/integer",
 				"k8s.io/utils/path",
 				"k8s.io/utils/pointer",
-				"k8s.io/utils/net"
+				"k8s.io/utils/net",
+				"k8s.io/utils/trace"
 			]
 		},
 		{
@@ -57,6 +58,7 @@
 				"k8s.io/kubernetes/pkg/apis/rbac",
 				"k8s.io/kubernetes/pkg/apis/scheduling",
 				"k8s.io/kubernetes/pkg/api/v1/pod",
+				"k8s.io/kubernetes/pkg/api/v1/service",
 				"k8s.io/kubernetes/pkg/capabilities",
 				"k8s.io/kubernetes/pkg/controller",
 				"k8s.io/kubernetes/pkg/features",
@@ -67,20 +69,26 @@
 				"k8s.io/kubernetes/pkg/kubelet/types",
 				"k8s.io/kubernetes/pkg/master/ports",
 				"k8s.io/kubernetes/pkg/proxy/apis/config",
+				"k8s.io/kubernetes/pkg/proxy",
 				"k8s.io/kubernetes/pkg/registry/core/service/allocator",
 				"k8s.io/kubernetes/pkg/registry/core/service/ipallocator",
 				"k8s.io/kubernetes/pkg/security/apparmor",
 				"k8s.io/kubernetes/pkg/serviceaccount",
+				"k8s.io/kubernetes/pkg/util/async",
+				"k8s.io/kubernetes/pkg/util/conntrack",
+				"k8s.io/kubernetes/pkg/util/dbus",
 				"k8s.io/kubernetes/pkg/util/hash",
 				"k8s.io/kubernetes/pkg/util/initsystem",
+				"k8s.io/kubernetes/pkg/util/ipset",
+				"k8s.io/kubernetes/pkg/util/iptables",
 				"k8s.io/kubernetes/pkg/util/ipvs",
 				"k8s.io/kubernetes/pkg/util/metrics",
 				"k8s.io/kubernetes/pkg/util/node",
 				"k8s.io/kubernetes/pkg/util/normalizer",
 				"k8s.io/kubernetes/pkg/util/parsers",
 				"k8s.io/kubernetes/pkg/util/procfs",
+				"k8s.io/kubernetes/pkg/util/sysctl",
 				"k8s.io/kubernetes/pkg/util/taints",
-				"k8s.io/kubernetes/pkg/util/ipvs",
 				"k8s.io/kubernetes/pkg/version"
 			],
 			"ForbiddenPrefixes": [
@@ -120,6 +128,7 @@
 				"github.com/docker/go-connections/tlsconfig",
 				"github.com/docker/go-units",
 				"github.com/docker/libnetwork/ipvs",
+				"github.com/godbus/dbus",
 				"github.com/gogo/protobuf/proto",
 				"github.com/gogo/protobuf/sortkeys",
 				"github.com/golang/groupcache/lru",
@@ -156,7 +165,8 @@
 				"github.com/russross/blackfriday",
 				"github.com/shurcooL/sanitized_anchor_name",
 				"github.com/spf13/cobra",
-				"github.com/spf13/pflag"
+				"github.com/spf13/pflag",
+				"github.com/vishvananda/netlink"
 			]
 		},
 		{

cmd/kubeadm/app/preflight/BUILD

@@ -39,6 +39,8 @@ go_library(
     ] + select({
         "@io_bazel_rules_go//go/platform:linux": [
             "//cmd/kubeadm/app/util:go_default_library",
+            "//pkg/proxy/ipvs:go_default_library",
+            "//pkg/util/ipset:go_default_library",
         ],
         "//conditions:default": [],
     }),

cmd/kubeadm/app/preflight/checks.go

@@ -872,6 +872,16 @@ func (ncc NumCPUCheck) Check() (warnings, errorList []error) {
 	return warnings, errorList
 }
 
+// IPVSProxierCheck tests if IPVS proxier can be used.
+type IPVSProxierCheck struct {
+	exec utilsexec.Interface
+}
+
+// Name returns label for IPVSProxierCheck
+func (r IPVSProxierCheck) Name() string {
+	return "IPVSProxierCheck"
+}
+
 // RunInitNodeChecks executes all individual, applicable to control-plane node checks.
 // The boolean flag 'isSecondaryControlPlane' controls whether we are running checks in a --join-control-plane scenario.
 // If the flag is set to true we should skip checks already executed by RunJoinNodeChecks and RunOptionalJoinNodeChecks.
@@ -903,11 +913,9 @@ func RunInitNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.InitConfigura
 	if !isSecondaryControlPlane {
 		checks = addCommonChecks(execer, cfg, checks)
 
-		// Check IVPS required kernel module once we use IVPS kube-proxy mode
+		// Check if IVPS kube-proxy mode is supported
 		if cfg.ComponentConfigs.KubeProxy != nil && cfg.ComponentConfigs.KubeProxy.Mode == ipvsutil.IPVSProxyMode {
-			checks = append(checks,
-				ipvsutil.RequiredIPVSKernelModulesAvailableCheck{Executor: execer},
-			)
+			checks = append(checks, IPVSProxierCheck{exec: execer})
 		}
 
 		// Check if Bridge-netfilter and IPv6 relevant flags are set
@@ -994,11 +1002,9 @@ func RunJoinNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.JoinConfigura
 func RunOptionalJoinNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.ClusterConfiguration, ignorePreflightErrors sets.String) error {
 	checks := []Checker{}
 
-	// Check ipvs required kernel module if we use ipvs kube-proxy mode
+	// Check if IVPS kube-proxy mode is supported
 	if cfg.ComponentConfigs.KubeProxy != nil && cfg.ComponentConfigs.KubeProxy.Mode == ipvsutil.IPVSProxyMode {
-		checks = append(checks,
-			ipvsutil.RequiredIPVSKernelModulesAvailableCheck{Executor: execer},
-		)
+		checks = append(checks, IPVSProxierCheck{exec: execer})
 	}
 
 	return RunChecks(checks, os.Stderr, ignorePreflightErrors)

cmd/kubeadm/app/preflight/checks_darwin.go

@@ -25,3 +25,9 @@ package preflight
 func (idsc IsDockerSystemdCheck) Check() (warnings, errorList []error) {
 	return nil, nil
 }
+
+// Check determines if IPVS proxier can be used or not
+// No-op for for Darwin (MacOS).
+func (ipvspc IPVSProxierCheck) Check() (warnings, errors []error) {
+	return nil, nil
+}

cmd/kubeadm/app/preflight/checks_linux.go

@@ -21,7 +21,10 @@ package preflight
 import (
 	"github.com/pkg/errors"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util"
+	"k8s.io/kubernetes/pkg/proxy/ipvs"
 	"k8s.io/utils/exec"
+
+	utilipset "k8s.io/kubernetes/pkg/util/ipset"
 )
 
 // Check validates if Docker is setup to use systemd as the cgroup driver.
@@ -42,3 +45,13 @@ func (idsc IsDockerSystemdCheck) Check() (warnings, errorList []error) {
 	}
 	return warnings, nil
 }
+
+// Check determines if IPVS proxier can be used or not
+func (ipvspc IPVSProxierCheck) Check() (warnings, errors []error) {
+	ipsetInterface := utilipset.New(ipvspc.exec)
+	kernelHandler := ipvs.NewLinuxKernelHandler()
+	if _, err := ipvs.CanUseIPVSProxier(kernelHandler, ipsetInterface); err != nil {
+		return nil, append(errors, err)
+	}
+	return nil, nil
+}

cmd/kubeadm/app/preflight/checks_windows.go

@@ -49,3 +49,9 @@ func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) {
 func (idsc IsDockerSystemdCheck) Check() (warnings, errorList []error) {
 	return nil, nil
 }
+
+// Check determines if IPVS proxier can be used or not
+// No-op for Windows.
+func (ipvspc IPVSProxierCheck) Check() (warnings, errors []error) {
+	return nil, nil
+}