diff --git a/cmd/kube-proxy/app/server_linux.go b/cmd/kube-proxy/app/server_linux.go index 7e93bbb29a9..0413983390c 100644 --- a/cmd/kube-proxy/app/server_linux.go +++ b/cmd/kube-proxy/app/server_linux.go @@ -174,10 +174,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. if dualStack { ipt, _ := getIPTables(s.PrimaryIPFamily) - localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = iptables.NewDualStackProxier( @@ -201,10 +198,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. } else { // Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support). _, iptInterface := getIPTables(s.PrimaryIPFamily) - localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = iptables.NewProxier( @@ -244,10 +238,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. ipt, _ := getIPTables(s.PrimaryIPFamily) // Always ordered to match []ipt - localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) proxier, err = ipvs.NewDualStackProxier( ctx, @@ -276,10 +267,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. ) } else { _, iptInterface := getIPTables(s.PrimaryIPFamily) - localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) proxier, err = ipvs.NewProxier( ctx, @@ -315,10 +303,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. logger.Info("Using nftables Proxier") if dualStack { - localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = nftables.NewDualStackProxier( @@ -338,10 +323,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. ) } else { // Create a single-stack proxier if and only if the node does not support dual-stack - localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = nftables.NewProxier( @@ -504,7 +486,7 @@ func detectNumCPU() int { return numCPU } -func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) (proxyutil.LocalTrafficDetector, error) { +func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) proxyutil.LocalTrafficDetector { switch mode { case proxyconfigapi.LocalModeClusterCIDR: // LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed, @@ -538,22 +520,14 @@ func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfig } logger.Info("Defaulting to no-op detect-local") - return proxyutil.NewNoOpLocalDetector(), nil + return proxyutil.NewNoOpLocalDetector() } -func getDualStackLocalDetectorTuple(logger klog.Logger, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) ([2]proxyutil.LocalTrafficDetector, error) { - var localDetectors [2]proxyutil.LocalTrafficDetector - var err error - - localDetectors[0], err = getLocalDetector(logger, v1.IPv4Protocol, mode, config, nodePodCIDRs) - if err != nil { - return localDetectors, err +func getDualStackLocalDetectorTuple(logger klog.Logger, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) [2]proxyutil.LocalTrafficDetector { + return [2]proxyutil.LocalTrafficDetector{ + getLocalDetector(logger, v1.IPv4Protocol, mode, config, nodePodCIDRs), + getLocalDetector(logger, v1.IPv6Protocol, mode, config, nodePodCIDRs), } - localDetectors[1], err = getLocalDetector(logger, v1.IPv6Protocol, mode, config, nodePodCIDRs) - if err != nil { - return localDetectors, err - } - return localDetectors, nil } // platformCleanup removes stale kube-proxy rules that can be safely removed. If diff --git a/cmd/kube-proxy/app/server_linux_test.go b/cmd/kube-proxy/app/server_linux_test.go index 11ebc4bc849..776c5d0fa14 100644 --- a/cmd/kube-proxy/app/server_linux_test.go +++ b/cmd/kube-proxy/app/server_linux_test.go @@ -116,56 +116,49 @@ func Test_getLocalDetector(t *testing.T) { family v1.IPFamily expected proxyutil.LocalTrafficDetector nodePodCIDRs []string - errExpected bool }{ // LocalModeClusterCIDR { - name: "LocalModeClusterCIDR, IPv4 cluster", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), - errExpected: false, + name: "LocalModeClusterCIDR, IPv4 cluster", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), }, { - name: "LocalModeClusterCIDR, IPv6 cluster", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, - family: v1.IPv6Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), - errExpected: false, + name: "LocalModeClusterCIDR, IPv6 cluster", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, + family: v1.IPv6Protocol, + expected: proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), }, { - name: "LocalModeClusterCIDR, IPv6 cluster with IPv6 config", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - family: v1.IPv6Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "LocalModeClusterCIDR, IPv6 cluster with IPv4 config", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, + family: v1.IPv6Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, { - name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, - family: v1.IPv4Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, { - name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), - errExpected: false, + name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), }, { - name: "LocalModeClusterCIDR, no ClusterCIDR", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - family: v1.IPv4Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "LocalModeClusterCIDR, no ClusterCIDR", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, + family: v1.IPv4Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, // LocalModeNodeCIDR { @@ -173,18 +166,16 @@ func Test_getLocalDetector(t *testing.T) { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/24")), + expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), nodePodCIDRs: []string{"10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv6 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, family: v1.IPv6Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv6 cluster with IPv4 config", @@ -193,7 +184,6 @@ func Test_getLocalDetector(t *testing.T) { family: v1.IPv6Protocol, expected: proxyutil.NewNoOpLocalDetector(), nodePodCIDRs: []string{"10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv4 cluster with IPv6 config", @@ -202,16 +192,14 @@ func Test_getLocalDetector(t *testing.T) { family: v1.IPv4Protocol, expected: proxyutil.NewNoOpLocalDetector(), nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv6 kube-proxy in dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, family: v1.IPv6Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, no PodCIDRs", @@ -220,16 +208,14 @@ func Test_getLocalDetector(t *testing.T) { family: v1.IPv4Protocol, expected: proxyutil.NewNoOpLocalDetector(), nodePodCIDRs: []string{}, - errExpected: false, }, // unknown mode { - name: "unknown LocalMode", - mode: proxyconfigapi.LocalMode("abcd"), - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - family: v1.IPv4Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "unknown LocalMode", + mode: proxyconfigapi.LocalMode("abcd"), + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, // LocalModeBridgeInterface { @@ -238,9 +224,8 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByBridgeInterface("eth")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByBridgeInterface("eth"), }, { name: "LocalModeBridgeInterface, strange bridge name", @@ -248,9 +233,8 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "1234567890123456789"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByBridgeInterface("1234567890123456789")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByBridgeInterface("1234567890123456789"), }, // LocalModeInterfaceNamePrefix { @@ -259,9 +243,8 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "eth"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByInterfaceNamePrefix("eth")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByInterfaceNamePrefix("eth"), }, { name: "LocalModeInterfaceNamePrefix, strange interface name", @@ -269,25 +252,14 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "1234567890123456789"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByInterfaceNamePrefix("1234567890123456789")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByInterfaceNamePrefix("1234567890123456789"), }, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { logger, _ := ktesting.NewTestContext(t) - r, err := getLocalDetector(logger, c.family, c.mode, c.config, c.nodePodCIDRs) - if c.errExpected { - if err == nil { - t.Errorf("Expected error, but succeeded with %v", r) - } - return - } - if err != nil { - t.Errorf("Error resolving detect-local: %v", err) - return - } + r := getLocalDetector(logger, c.family, c.mode, c.config, c.nodePodCIDRs) if !reflect.DeepEqual(r, c.expected) { t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) } @@ -302,35 +274,34 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config *proxyconfigapi.KubeProxyConfiguration expected [2]proxyutil.LocalTrafficDetector nodePodCIDRs []string - errExpected bool }{ // LocalModeClusterCIDR { name: "LocalModeClusterCIDR, dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"))( - proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), + proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), + }, }, { name: "LocalModeClusterCIDR, dual-stack IPv6-primary cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"))( - proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), + proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), + }, }, { name: "LocalModeClusterCIDR, single-stack IPv4 cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, expected: [2]proxyutil.LocalTrafficDetector{ - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), - proxyutil.NewNoOpLocalDetector()}, - errExpected: false, + proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), + proxyutil.NewNoOpLocalDetector(), + }, }, { name: "LocalModeClusterCIDR, single-stack IPv6 cluster", @@ -338,46 +309,48 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, expected: [2]proxyutil.LocalTrafficDetector{ proxyutil.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"))}, - errExpected: false, + proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), + }, }, { - name: "LocalModeClusterCIDR, no ClusterCIDR", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - expected: [2]proxyutil.LocalTrafficDetector{proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector()}, - errExpected: false, + name: "LocalModeClusterCIDR, no ClusterCIDR", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewNoOpLocalDetector(), + proxyutil.NewNoOpLocalDetector(), + }, }, // LocalModeNodeCIDR { name: "LocalModeNodeCIDR, dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"))( - proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), + proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), + }, nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, dual-stack IPv6-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"))( - proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), + proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), + }, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96", "10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, single-stack IPv4 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, expected: [2]proxyutil.LocalTrafficDetector{ - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/24")), - proxyutil.NewNoOpLocalDetector()}, + proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), + proxyutil.NewNoOpLocalDetector(), + }, nodePodCIDRs: []string{"10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, single-stack IPv6 cluster", @@ -385,17 +358,19 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, expected: [2]proxyutil.LocalTrafficDetector{ proxyutil.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"))}, + proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), + }, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { - name: "LocalModeNodeCIDR, no PodCIDRs", - mode: proxyconfigapi.LocalModeNodeCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - expected: [2]proxyutil.LocalTrafficDetector{proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector()}, + name: "LocalModeNodeCIDR, no PodCIDRs", + mode: proxyconfigapi.LocalModeNodeCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewNoOpLocalDetector(), + proxyutil.NewNoOpLocalDetector(), + }, nodePodCIDRs: []string{}, - errExpected: false, }, // LocalModeBridgeInterface { @@ -404,10 +379,10 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, }, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByBridgeInterface("eth"))( - proxyutil.NewDetectLocalByBridgeInterface("eth")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByBridgeInterface("eth"), + proxyutil.NewDetectLocalByBridgeInterface("eth"), + }, }, // LocalModeInterfaceNamePrefix { @@ -416,26 +391,16 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "veth"}, }, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"))( - proxyutil.NewDetectLocalByInterfaceNamePrefix("veth")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"), + proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"), + }, }, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { logger, _ := ktesting.NewTestContext(t) - r, err := getDualStackLocalDetectorTuple(logger, c.mode, c.config, c.nodePodCIDRs) - if c.errExpected { - if err == nil { - t.Errorf("Expected error, but succeeded with %q", r) - } - return - } - if err != nil { - t.Errorf("Error resolving detect-local: %v", err) - return - } + r := getDualStackLocalDetectorTuple(logger, c.mode, c.config, c.nodePodCIDRs) if !reflect.DeepEqual(r, c.expected) { t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) } @@ -455,32 +420,6 @@ func makeNodeWithPodCIDRs(cidrs ...string) *v1.Node { } } -func resolveLocalDetector(t *testing.T) func(proxyutil.LocalTrafficDetector, error) proxyutil.LocalTrafficDetector { - return func(localDetector proxyutil.LocalTrafficDetector, err error) proxyutil.LocalTrafficDetector { - t.Helper() - if err != nil { - t.Fatalf("Error resolving detect-local: %v", err) - } - return localDetector - } -} - -func resolveDualStackLocalDetectors(t *testing.T) func(localDetector proxyutil.LocalTrafficDetector, err1 error) func(proxyutil.LocalTrafficDetector, error) [2]proxyutil.LocalTrafficDetector { - return func(localDetector proxyutil.LocalTrafficDetector, err error) func(proxyutil.LocalTrafficDetector, error) [2]proxyutil.LocalTrafficDetector { - t.Helper() - if err != nil { - t.Fatalf("Error resolving dual stack detect-local: %v", err) - } - return func(otherLocalDetector proxyutil.LocalTrafficDetector, err1 error) [2]proxyutil.LocalTrafficDetector { - t.Helper() - if err1 != nil { - t.Fatalf("Error resolving dual stack detect-local: %v", err) - } - return [2]proxyutil.LocalTrafficDetector{localDetector, otherLocalDetector} - } - } -} - func TestConfigChange(t *testing.T) { setUp := func() (*os.File, string, error) { tempDir, err := os.MkdirTemp("", "kubeproxy-config-change") diff --git a/pkg/proxy/iptables/proxier_test.go b/pkg/proxy/iptables/proxier_test.go index 5ae5788d8af..552764643d6 100644 --- a/pkg/proxy/iptables/proxier_test.go +++ b/pkg/proxy/iptables/proxier_test.go @@ -93,7 +93,7 @@ func NewFakeProxier(ipt utiliptables.Interface) *Proxier { ipfamily = v1.IPv6Protocol podCIDR = "fd00:10::/64" } - detectLocal, _ := proxyutil.NewDetectLocalByCIDR(podCIDR) + detectLocal := proxyutil.NewDetectLocalByCIDR(podCIDR) networkInterfacer := proxyutiltest.NewFakeNetwork() itf := net.Interface{Index: 0, MTU: 0, Name: "lo", HardwareAddr: nil, Flags: 0} diff --git a/pkg/proxy/nftables/proxier_test.go b/pkg/proxy/nftables/proxier_test.go index 833aa5798c1..12f40e86aed 100644 --- a/pkg/proxy/nftables/proxier_test.go +++ b/pkg/proxy/nftables/proxier_test.go @@ -84,7 +84,7 @@ func NewFakeProxier(ipFamily v1.IPFamily) (*knftables.Fake, *Proxier) { podCIDR = "fd00:10::/64" serviceCIDRs = "fd00:10:96::/112" } - detectLocal, _ := proxyutil.NewDetectLocalByCIDR(podCIDR) + detectLocal := proxyutil.NewDetectLocalByCIDR(podCIDR) nodePortAddresses := []string{fmt.Sprintf("%s/32", testNodeIP), fmt.Sprintf("%s/128", testNodeIPv6)} networkInterfacer := proxyutiltest.NewFakeNetwork() diff --git a/pkg/proxy/util/localdetector.go b/pkg/proxy/util/localdetector.go index 6f2d77a9b0d..6e296b0c71b 100644 --- a/pkg/proxy/util/localdetector.go +++ b/pkg/proxy/util/localdetector.go @@ -17,8 +17,6 @@ limitations under the License. package util import ( - "fmt" - netutils "k8s.io/utils/net" ) @@ -77,15 +75,11 @@ func NewNoOpLocalDetector() LocalTrafficDetector { } // NewDetectLocalByCIDR returns a LocalTrafficDetector that considers traffic from the -// provided cidr to be from a local pod, and other traffic to be non-local. -func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) { - _, parsed, err := netutils.ParseCIDRSloppy(cidr) - if err != nil { - return nil, err - } - +// provided cidr to be from a local pod, and other traffic to be non-local. cidr is +// assumed to be valid. +func NewDetectLocalByCIDR(cidr string) LocalTrafficDetector { nftFamily := "ip" - if netutils.IsIPv6CIDR(parsed) { + if netutils.IsIPv6CIDRString(cidr) { nftFamily = "ip6" } @@ -94,35 +88,29 @@ func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) { ifNotLocal: []string{"!", "-s", cidr}, ifLocalNFT: []string{nftFamily, "saddr", cidr}, ifNotLocalNFT: []string{nftFamily, "saddr", "!=", cidr}, - }, nil + } } // NewDetectLocalByBridgeInterface returns a LocalTrafficDetector that considers traffic // from interfaceName to be from a local pod, and traffic from other interfaces to be // non-local. -func NewDetectLocalByBridgeInterface(interfaceName string) (LocalTrafficDetector, error) { - if len(interfaceName) == 0 { - return nil, fmt.Errorf("no bridge interface name set") - } +func NewDetectLocalByBridgeInterface(interfaceName string) LocalTrafficDetector { return &detectLocal{ ifLocal: []string{"-i", interfaceName}, ifNotLocal: []string{"!", "-i", interfaceName}, ifLocalNFT: []string{"iif", interfaceName}, ifNotLocalNFT: []string{"iif", "!=", interfaceName}, - }, nil + } } // NewDetectLocalByInterfaceNamePrefix returns a LocalTrafficDetector that considers // traffic from interfaces starting with interfacePrefix to be from a local pod, and // traffic from other interfaces to be non-local. -func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) (LocalTrafficDetector, error) { - if len(interfacePrefix) == 0 { - return nil, fmt.Errorf("no interface prefix set") - } +func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) LocalTrafficDetector { return &detectLocal{ ifLocal: []string{"-i", interfacePrefix + "+"}, ifNotLocal: []string{"!", "-i", interfacePrefix + "+"}, ifLocalNFT: []string{"iif", interfacePrefix + "*"}, ifNotLocalNFT: []string{"iif", "!=", interfacePrefix + "*"}, - }, nil + } } diff --git a/pkg/proxy/util/localdetector_test.go b/pkg/proxy/util/localdetector_test.go index f21e2014f7e..473aaeb8ce4 100644 --- a/pkg/proxy/util/localdetector_test.go +++ b/pkg/proxy/util/localdetector_test.go @@ -38,46 +38,6 @@ func TestNoOpLocalDetector(t *testing.T) { } } -func TestNewDetectLocalByCIDR(t *testing.T) { - cases := []struct { - cidr string - errExpected bool - }{ - { - cidr: "10.0.0.0/14", - errExpected: false, - }, - { - cidr: "2002:0:0:1234::/64", - errExpected: false, - }, - { - cidr: "10.0.0.0", - errExpected: true, - }, - { - cidr: "2002:0:0:1234::", - errExpected: true, - }, - { - cidr: "", - errExpected: true, - }, - } - for i, c := range cases { - r, err := NewDetectLocalByCIDR(c.cidr) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) - } - continue - } - if err != nil { - t.Errorf("Case[%d] failed with error: %v", i, err) - } - } -} - func TestDetectLocalByCIDR(t *testing.T) { cases := []struct { cidr string @@ -96,11 +56,7 @@ func TestDetectLocalByCIDR(t *testing.T) { }, } for _, c := range cases { - localDetector, err := NewDetectLocalByCIDR(c.cidr) - if err != nil { - t.Errorf("Error initializing localDetector: %v", err) - continue - } + localDetector := NewDetectLocalByCIDR(c.cidr) if !localDetector.IsImplemented() { t.Error("DetectLocalByCIDR returns false for IsImplemented") } @@ -118,66 +74,6 @@ func TestDetectLocalByCIDR(t *testing.T) { } } -func TestNewDetectLocalByBridgeInterface(t *testing.T) { - cases := []struct { - ifaceName string - errExpected bool - }{ - { - ifaceName: "avz", - errExpected: false, - }, - { - ifaceName: "", - errExpected: true, - }, - } - for i, c := range cases { - r, err := NewDetectLocalByBridgeInterface(c.ifaceName) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) - } - continue - } - if err != nil { - t.Errorf("Case[%d] failed with error: %v", i, err) - } - } -} - -func TestNewDetectLocalByInterfaceNamePrefix(t *testing.T) { - cases := []struct { - ifacePrefix string - errExpected bool - }{ - { - ifacePrefix: "veth", - errExpected: false, - }, - { - ifacePrefix: "cbr0", - errExpected: false, - }, - { - ifacePrefix: "", - errExpected: true, - }, - } - for i, c := range cases { - r, err := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) - } - continue - } - if err != nil { - t.Errorf("Case[%d] failed with error: %v", i, err) - } - } -} - func TestDetectLocalByBridgeInterface(t *testing.T) { cases := []struct { ifaceName string @@ -191,11 +87,7 @@ func TestDetectLocalByBridgeInterface(t *testing.T) { }, } for _, c := range cases { - localDetector, err := NewDetectLocalByBridgeInterface(c.ifaceName) - if err != nil { - t.Errorf("Error initializing localDetector: %v", err) - continue - } + localDetector := NewDetectLocalByBridgeInterface(c.ifaceName) if !localDetector.IsImplemented() { t.Error("DetectLocalByBridgeInterface returns false for IsImplemented") } @@ -228,11 +120,7 @@ func TestDetectLocalByInterfaceNamePrefix(t *testing.T) { }, } for _, c := range cases { - localDetector, err := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) - if err != nil { - t.Errorf("Error initializing localDetector: %v", err) - continue - } + localDetector := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) if !localDetector.IsImplemented() { t.Error("DetectLocalByInterfaceNamePrefix returns false for IsImplemented") }