From 3db434d6be345dea55afd5fc3ac841fcec003020 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Sun, 28 Jan 2024 09:38:55 -0500 Subject: [PATCH] Remove errors from LocalTrafficDetector constructors The constructors only return an error if you pass them invalid data, but we only ever pass them data which has already been validated, making the error checking just annoying. Just make them return garbage output if you give them garbage input. --- cmd/kube-proxy/app/server_linux.go | 50 ++--- cmd/kube-proxy/app/server_linux_test.go | 253 +++++++++--------------- pkg/proxy/iptables/proxier_test.go | 2 +- pkg/proxy/nftables/proxier_test.go | 2 +- pkg/proxy/util/localdetector.go | 30 +-- pkg/proxy/util/localdetector_test.go | 118 +---------- 6 files changed, 122 insertions(+), 333 deletions(-) diff --git a/cmd/kube-proxy/app/server_linux.go b/cmd/kube-proxy/app/server_linux.go index 7e93bbb29a9..0413983390c 100644 --- a/cmd/kube-proxy/app/server_linux.go +++ b/cmd/kube-proxy/app/server_linux.go @@ -174,10 +174,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. if dualStack { ipt, _ := getIPTables(s.PrimaryIPFamily) - localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = iptables.NewDualStackProxier( @@ -201,10 +198,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. } else { // Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support). _, iptInterface := getIPTables(s.PrimaryIPFamily) - localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = iptables.NewProxier( @@ -244,10 +238,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. ipt, _ := getIPTables(s.PrimaryIPFamily) // Always ordered to match []ipt - localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) proxier, err = ipvs.NewDualStackProxier( ctx, @@ -276,10 +267,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. ) } else { _, iptInterface := getIPTables(s.PrimaryIPFamily) - localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) proxier, err = ipvs.NewProxier( ctx, @@ -315,10 +303,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. logger.Info("Using nftables Proxier") if dualStack { - localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = nftables.NewDualStackProxier( @@ -338,10 +323,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi. ) } else { // Create a single-stack proxier if and only if the node does not support dual-stack - localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) - if err != nil { - return nil, fmt.Errorf("unable to create proxier: %v", err) - } + localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) // TODO this has side effects that should only happen when Run() is invoked. proxier, err = nftables.NewProxier( @@ -504,7 +486,7 @@ func detectNumCPU() int { return numCPU } -func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) (proxyutil.LocalTrafficDetector, error) { +func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) proxyutil.LocalTrafficDetector { switch mode { case proxyconfigapi.LocalModeClusterCIDR: // LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed, @@ -538,22 +520,14 @@ func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfig } logger.Info("Defaulting to no-op detect-local") - return proxyutil.NewNoOpLocalDetector(), nil + return proxyutil.NewNoOpLocalDetector() } -func getDualStackLocalDetectorTuple(logger klog.Logger, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) ([2]proxyutil.LocalTrafficDetector, error) { - var localDetectors [2]proxyutil.LocalTrafficDetector - var err error - - localDetectors[0], err = getLocalDetector(logger, v1.IPv4Protocol, mode, config, nodePodCIDRs) - if err != nil { - return localDetectors, err +func getDualStackLocalDetectorTuple(logger klog.Logger, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) [2]proxyutil.LocalTrafficDetector { + return [2]proxyutil.LocalTrafficDetector{ + getLocalDetector(logger, v1.IPv4Protocol, mode, config, nodePodCIDRs), + getLocalDetector(logger, v1.IPv6Protocol, mode, config, nodePodCIDRs), } - localDetectors[1], err = getLocalDetector(logger, v1.IPv6Protocol, mode, config, nodePodCIDRs) - if err != nil { - return localDetectors, err - } - return localDetectors, nil } // platformCleanup removes stale kube-proxy rules that can be safely removed. If diff --git a/cmd/kube-proxy/app/server_linux_test.go b/cmd/kube-proxy/app/server_linux_test.go index 11ebc4bc849..776c5d0fa14 100644 --- a/cmd/kube-proxy/app/server_linux_test.go +++ b/cmd/kube-proxy/app/server_linux_test.go @@ -116,56 +116,49 @@ func Test_getLocalDetector(t *testing.T) { family v1.IPFamily expected proxyutil.LocalTrafficDetector nodePodCIDRs []string - errExpected bool }{ // LocalModeClusterCIDR { - name: "LocalModeClusterCIDR, IPv4 cluster", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), - errExpected: false, + name: "LocalModeClusterCIDR, IPv4 cluster", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), }, { - name: "LocalModeClusterCIDR, IPv6 cluster", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, - family: v1.IPv6Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), - errExpected: false, + name: "LocalModeClusterCIDR, IPv6 cluster", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, + family: v1.IPv6Protocol, + expected: proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), }, { - name: "LocalModeClusterCIDR, IPv6 cluster with IPv6 config", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - family: v1.IPv6Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "LocalModeClusterCIDR, IPv6 cluster with IPv4 config", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, + family: v1.IPv6Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, { - name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, - family: v1.IPv4Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, { - name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), - errExpected: false, + name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), }, { - name: "LocalModeClusterCIDR, no ClusterCIDR", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - family: v1.IPv4Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "LocalModeClusterCIDR, no ClusterCIDR", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, + family: v1.IPv4Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, // LocalModeNodeCIDR { @@ -173,18 +166,16 @@ func Test_getLocalDetector(t *testing.T) { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/24")), + expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), nodePodCIDRs: []string{"10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv6 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, family: v1.IPv6Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv6 cluster with IPv4 config", @@ -193,7 +184,6 @@ func Test_getLocalDetector(t *testing.T) { family: v1.IPv6Protocol, expected: proxyutil.NewNoOpLocalDetector(), nodePodCIDRs: []string{"10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv4 cluster with IPv6 config", @@ -202,16 +192,14 @@ func Test_getLocalDetector(t *testing.T) { family: v1.IPv4Protocol, expected: proxyutil.NewNoOpLocalDetector(), nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, IPv6 kube-proxy in dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, family: v1.IPv6Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, no PodCIDRs", @@ -220,16 +208,14 @@ func Test_getLocalDetector(t *testing.T) { family: v1.IPv4Protocol, expected: proxyutil.NewNoOpLocalDetector(), nodePodCIDRs: []string{}, - errExpected: false, }, // unknown mode { - name: "unknown LocalMode", - mode: proxyconfigapi.LocalMode("abcd"), - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - family: v1.IPv4Protocol, - expected: proxyutil.NewNoOpLocalDetector(), - errExpected: false, + name: "unknown LocalMode", + mode: proxyconfigapi.LocalMode("abcd"), + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, + family: v1.IPv4Protocol, + expected: proxyutil.NewNoOpLocalDetector(), }, // LocalModeBridgeInterface { @@ -238,9 +224,8 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByBridgeInterface("eth")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByBridgeInterface("eth"), }, { name: "LocalModeBridgeInterface, strange bridge name", @@ -248,9 +233,8 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "1234567890123456789"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByBridgeInterface("1234567890123456789")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByBridgeInterface("1234567890123456789"), }, // LocalModeInterfaceNamePrefix { @@ -259,9 +243,8 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "eth"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByInterfaceNamePrefix("eth")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByInterfaceNamePrefix("eth"), }, { name: "LocalModeInterfaceNamePrefix, strange interface name", @@ -269,25 +252,14 @@ func Test_getLocalDetector(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "1234567890123456789"}, }, - family: v1.IPv4Protocol, - expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByInterfaceNamePrefix("1234567890123456789")), - errExpected: false, + family: v1.IPv4Protocol, + expected: proxyutil.NewDetectLocalByInterfaceNamePrefix("1234567890123456789"), }, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { logger, _ := ktesting.NewTestContext(t) - r, err := getLocalDetector(logger, c.family, c.mode, c.config, c.nodePodCIDRs) - if c.errExpected { - if err == nil { - t.Errorf("Expected error, but succeeded with %v", r) - } - return - } - if err != nil { - t.Errorf("Error resolving detect-local: %v", err) - return - } + r := getLocalDetector(logger, c.family, c.mode, c.config, c.nodePodCIDRs) if !reflect.DeepEqual(r, c.expected) { t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) } @@ -302,35 +274,34 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config *proxyconfigapi.KubeProxyConfiguration expected [2]proxyutil.LocalTrafficDetector nodePodCIDRs []string - errExpected bool }{ // LocalModeClusterCIDR { name: "LocalModeClusterCIDR, dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"))( - proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), + proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), + }, }, { name: "LocalModeClusterCIDR, dual-stack IPv6-primary cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"))( - proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), + proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), + }, }, { name: "LocalModeClusterCIDR, single-stack IPv4 cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, expected: [2]proxyutil.LocalTrafficDetector{ - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), - proxyutil.NewNoOpLocalDetector()}, - errExpected: false, + proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"), + proxyutil.NewNoOpLocalDetector(), + }, }, { name: "LocalModeClusterCIDR, single-stack IPv6 cluster", @@ -338,46 +309,48 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, expected: [2]proxyutil.LocalTrafficDetector{ proxyutil.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"))}, - errExpected: false, + proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"), + }, }, { - name: "LocalModeClusterCIDR, no ClusterCIDR", - mode: proxyconfigapi.LocalModeClusterCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - expected: [2]proxyutil.LocalTrafficDetector{proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector()}, - errExpected: false, + name: "LocalModeClusterCIDR, no ClusterCIDR", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewNoOpLocalDetector(), + proxyutil.NewNoOpLocalDetector(), + }, }, // LocalModeNodeCIDR { name: "LocalModeNodeCIDR, dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"))( - proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), + proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), + }, nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, dual-stack IPv6-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"))( - proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), + proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), + }, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96", "10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, single-stack IPv4 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, expected: [2]proxyutil.LocalTrafficDetector{ - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/24")), - proxyutil.NewNoOpLocalDetector()}, + proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"), + proxyutil.NewNoOpLocalDetector(), + }, nodePodCIDRs: []string{"10.0.0.0/24"}, - errExpected: false, }, { name: "LocalModeNodeCIDR, single-stack IPv6 cluster", @@ -385,17 +358,19 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, expected: [2]proxyutil.LocalTrafficDetector{ proxyutil.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"))}, + proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"), + }, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, - errExpected: false, }, { - name: "LocalModeNodeCIDR, no PodCIDRs", - mode: proxyconfigapi.LocalModeNodeCIDR, - config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - expected: [2]proxyutil.LocalTrafficDetector{proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector()}, + name: "LocalModeNodeCIDR, no PodCIDRs", + mode: proxyconfigapi.LocalModeNodeCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewNoOpLocalDetector(), + proxyutil.NewNoOpLocalDetector(), + }, nodePodCIDRs: []string{}, - errExpected: false, }, // LocalModeBridgeInterface { @@ -404,10 +379,10 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, }, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByBridgeInterface("eth"))( - proxyutil.NewDetectLocalByBridgeInterface("eth")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByBridgeInterface("eth"), + proxyutil.NewDetectLocalByBridgeInterface("eth"), + }, }, // LocalModeInterfaceNamePrefix { @@ -416,26 +391,16 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "veth"}, }, - expected: resolveDualStackLocalDetectors(t)( - proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"))( - proxyutil.NewDetectLocalByInterfaceNamePrefix("veth")), - errExpected: false, + expected: [2]proxyutil.LocalTrafficDetector{ + proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"), + proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"), + }, }, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { logger, _ := ktesting.NewTestContext(t) - r, err := getDualStackLocalDetectorTuple(logger, c.mode, c.config, c.nodePodCIDRs) - if c.errExpected { - if err == nil { - t.Errorf("Expected error, but succeeded with %q", r) - } - return - } - if err != nil { - t.Errorf("Error resolving detect-local: %v", err) - return - } + r := getDualStackLocalDetectorTuple(logger, c.mode, c.config, c.nodePodCIDRs) if !reflect.DeepEqual(r, c.expected) { t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) } @@ -455,32 +420,6 @@ func makeNodeWithPodCIDRs(cidrs ...string) *v1.Node { } } -func resolveLocalDetector(t *testing.T) func(proxyutil.LocalTrafficDetector, error) proxyutil.LocalTrafficDetector { - return func(localDetector proxyutil.LocalTrafficDetector, err error) proxyutil.LocalTrafficDetector { - t.Helper() - if err != nil { - t.Fatalf("Error resolving detect-local: %v", err) - } - return localDetector - } -} - -func resolveDualStackLocalDetectors(t *testing.T) func(localDetector proxyutil.LocalTrafficDetector, err1 error) func(proxyutil.LocalTrafficDetector, error) [2]proxyutil.LocalTrafficDetector { - return func(localDetector proxyutil.LocalTrafficDetector, err error) func(proxyutil.LocalTrafficDetector, error) [2]proxyutil.LocalTrafficDetector { - t.Helper() - if err != nil { - t.Fatalf("Error resolving dual stack detect-local: %v", err) - } - return func(otherLocalDetector proxyutil.LocalTrafficDetector, err1 error) [2]proxyutil.LocalTrafficDetector { - t.Helper() - if err1 != nil { - t.Fatalf("Error resolving dual stack detect-local: %v", err) - } - return [2]proxyutil.LocalTrafficDetector{localDetector, otherLocalDetector} - } - } -} - func TestConfigChange(t *testing.T) { setUp := func() (*os.File, string, error) { tempDir, err := os.MkdirTemp("", "kubeproxy-config-change") diff --git a/pkg/proxy/iptables/proxier_test.go b/pkg/proxy/iptables/proxier_test.go index 5ae5788d8af..552764643d6 100644 --- a/pkg/proxy/iptables/proxier_test.go +++ b/pkg/proxy/iptables/proxier_test.go @@ -93,7 +93,7 @@ func NewFakeProxier(ipt utiliptables.Interface) *Proxier { ipfamily = v1.IPv6Protocol podCIDR = "fd00:10::/64" } - detectLocal, _ := proxyutil.NewDetectLocalByCIDR(podCIDR) + detectLocal := proxyutil.NewDetectLocalByCIDR(podCIDR) networkInterfacer := proxyutiltest.NewFakeNetwork() itf := net.Interface{Index: 0, MTU: 0, Name: "lo", HardwareAddr: nil, Flags: 0} diff --git a/pkg/proxy/nftables/proxier_test.go b/pkg/proxy/nftables/proxier_test.go index 833aa5798c1..12f40e86aed 100644 --- a/pkg/proxy/nftables/proxier_test.go +++ b/pkg/proxy/nftables/proxier_test.go @@ -84,7 +84,7 @@ func NewFakeProxier(ipFamily v1.IPFamily) (*knftables.Fake, *Proxier) { podCIDR = "fd00:10::/64" serviceCIDRs = "fd00:10:96::/112" } - detectLocal, _ := proxyutil.NewDetectLocalByCIDR(podCIDR) + detectLocal := proxyutil.NewDetectLocalByCIDR(podCIDR) nodePortAddresses := []string{fmt.Sprintf("%s/32", testNodeIP), fmt.Sprintf("%s/128", testNodeIPv6)} networkInterfacer := proxyutiltest.NewFakeNetwork() diff --git a/pkg/proxy/util/localdetector.go b/pkg/proxy/util/localdetector.go index 6f2d77a9b0d..6e296b0c71b 100644 --- a/pkg/proxy/util/localdetector.go +++ b/pkg/proxy/util/localdetector.go @@ -17,8 +17,6 @@ limitations under the License. package util import ( - "fmt" - netutils "k8s.io/utils/net" ) @@ -77,15 +75,11 @@ func NewNoOpLocalDetector() LocalTrafficDetector { } // NewDetectLocalByCIDR returns a LocalTrafficDetector that considers traffic from the -// provided cidr to be from a local pod, and other traffic to be non-local. -func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) { - _, parsed, err := netutils.ParseCIDRSloppy(cidr) - if err != nil { - return nil, err - } - +// provided cidr to be from a local pod, and other traffic to be non-local. cidr is +// assumed to be valid. +func NewDetectLocalByCIDR(cidr string) LocalTrafficDetector { nftFamily := "ip" - if netutils.IsIPv6CIDR(parsed) { + if netutils.IsIPv6CIDRString(cidr) { nftFamily = "ip6" } @@ -94,35 +88,29 @@ func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) { ifNotLocal: []string{"!", "-s", cidr}, ifLocalNFT: []string{nftFamily, "saddr", cidr}, ifNotLocalNFT: []string{nftFamily, "saddr", "!=", cidr}, - }, nil + } } // NewDetectLocalByBridgeInterface returns a LocalTrafficDetector that considers traffic // from interfaceName to be from a local pod, and traffic from other interfaces to be // non-local. -func NewDetectLocalByBridgeInterface(interfaceName string) (LocalTrafficDetector, error) { - if len(interfaceName) == 0 { - return nil, fmt.Errorf("no bridge interface name set") - } +func NewDetectLocalByBridgeInterface(interfaceName string) LocalTrafficDetector { return &detectLocal{ ifLocal: []string{"-i", interfaceName}, ifNotLocal: []string{"!", "-i", interfaceName}, ifLocalNFT: []string{"iif", interfaceName}, ifNotLocalNFT: []string{"iif", "!=", interfaceName}, - }, nil + } } // NewDetectLocalByInterfaceNamePrefix returns a LocalTrafficDetector that considers // traffic from interfaces starting with interfacePrefix to be from a local pod, and // traffic from other interfaces to be non-local. -func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) (LocalTrafficDetector, error) { - if len(interfacePrefix) == 0 { - return nil, fmt.Errorf("no interface prefix set") - } +func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) LocalTrafficDetector { return &detectLocal{ ifLocal: []string{"-i", interfacePrefix + "+"}, ifNotLocal: []string{"!", "-i", interfacePrefix + "+"}, ifLocalNFT: []string{"iif", interfacePrefix + "*"}, ifNotLocalNFT: []string{"iif", "!=", interfacePrefix + "*"}, - }, nil + } } diff --git a/pkg/proxy/util/localdetector_test.go b/pkg/proxy/util/localdetector_test.go index f21e2014f7e..473aaeb8ce4 100644 --- a/pkg/proxy/util/localdetector_test.go +++ b/pkg/proxy/util/localdetector_test.go @@ -38,46 +38,6 @@ func TestNoOpLocalDetector(t *testing.T) { } } -func TestNewDetectLocalByCIDR(t *testing.T) { - cases := []struct { - cidr string - errExpected bool - }{ - { - cidr: "10.0.0.0/14", - errExpected: false, - }, - { - cidr: "2002:0:0:1234::/64", - errExpected: false, - }, - { - cidr: "10.0.0.0", - errExpected: true, - }, - { - cidr: "2002:0:0:1234::", - errExpected: true, - }, - { - cidr: "", - errExpected: true, - }, - } - for i, c := range cases { - r, err := NewDetectLocalByCIDR(c.cidr) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) - } - continue - } - if err != nil { - t.Errorf("Case[%d] failed with error: %v", i, err) - } - } -} - func TestDetectLocalByCIDR(t *testing.T) { cases := []struct { cidr string @@ -96,11 +56,7 @@ func TestDetectLocalByCIDR(t *testing.T) { }, } for _, c := range cases { - localDetector, err := NewDetectLocalByCIDR(c.cidr) - if err != nil { - t.Errorf("Error initializing localDetector: %v", err) - continue - } + localDetector := NewDetectLocalByCIDR(c.cidr) if !localDetector.IsImplemented() { t.Error("DetectLocalByCIDR returns false for IsImplemented") } @@ -118,66 +74,6 @@ func TestDetectLocalByCIDR(t *testing.T) { } } -func TestNewDetectLocalByBridgeInterface(t *testing.T) { - cases := []struct { - ifaceName string - errExpected bool - }{ - { - ifaceName: "avz", - errExpected: false, - }, - { - ifaceName: "", - errExpected: true, - }, - } - for i, c := range cases { - r, err := NewDetectLocalByBridgeInterface(c.ifaceName) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) - } - continue - } - if err != nil { - t.Errorf("Case[%d] failed with error: %v", i, err) - } - } -} - -func TestNewDetectLocalByInterfaceNamePrefix(t *testing.T) { - cases := []struct { - ifacePrefix string - errExpected bool - }{ - { - ifacePrefix: "veth", - errExpected: false, - }, - { - ifacePrefix: "cbr0", - errExpected: false, - }, - { - ifacePrefix: "", - errExpected: true, - }, - } - for i, c := range cases { - r, err := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) - } - continue - } - if err != nil { - t.Errorf("Case[%d] failed with error: %v", i, err) - } - } -} - func TestDetectLocalByBridgeInterface(t *testing.T) { cases := []struct { ifaceName string @@ -191,11 +87,7 @@ func TestDetectLocalByBridgeInterface(t *testing.T) { }, } for _, c := range cases { - localDetector, err := NewDetectLocalByBridgeInterface(c.ifaceName) - if err != nil { - t.Errorf("Error initializing localDetector: %v", err) - continue - } + localDetector := NewDetectLocalByBridgeInterface(c.ifaceName) if !localDetector.IsImplemented() { t.Error("DetectLocalByBridgeInterface returns false for IsImplemented") } @@ -228,11 +120,7 @@ func TestDetectLocalByInterfaceNamePrefix(t *testing.T) { }, } for _, c := range cases { - localDetector, err := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) - if err != nil { - t.Errorf("Error initializing localDetector: %v", err) - continue - } + localDetector := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) if !localDetector.IsImplemented() { t.Error("DetectLocalByInterfaceNamePrefix returns false for IsImplemented") }