github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 01:40:07 +00:00
Code Issues Projects Releases Wiki Activity

Remove errors from LocalTrafficDetector constructors

Browse Source 
The constructors only return an error if you pass them invalid data,
but we only ever pass them data which has already been validated,
making the error checking just annoying. Just make them return garbage
output if you give them garbage input.
This commit is contained in:
Dan Winship 2024-01-28 09:38:55 -05:00
parent 59cecf8a36
commit 3db434d6be
6 changed files with 122 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
cmd/kube-proxy/app/server_linux.go
View File

@ -174,10 +174,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
if dualStack { if dualStack {
ipt, _ := getIPTables(s.PrimaryIPFamily) ipt, _ := getIPTables(s.PrimaryIPFamily)
localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs)
if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err)
}
// TODO this has side effects that should only happen when Run() is invoked. // TODO this has side effects that should only happen when Run() is invoked.
proxier, err = iptables.NewDualStackProxier( proxier, err = iptables.NewDualStackProxier(
@ -201,10 +198,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
} else { } else {
// Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support). // Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support).
_, iptInterface := getIPTables(s.PrimaryIPFamily) _, iptInterface := getIPTables(s.PrimaryIPFamily)
localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs)
if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err)
}
// TODO this has side effects that should only happen when Run() is invoked. // TODO this has side effects that should only happen when Run() is invoked.
proxier, err = iptables.NewProxier( proxier, err = iptables.NewProxier(
@ -244,10 +238,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
ipt, _ := getIPTables(s.PrimaryIPFamily) ipt, _ := getIPTables(s.PrimaryIPFamily)
// Always ordered to match []ipt // Always ordered to match []ipt
localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs)
if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err)
}
proxier, err = ipvs.NewDualStackProxier( proxier, err = ipvs.NewDualStackProxier(
ctx, ctx,
@ -276,10 +267,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
) )
} else { } else {
_, iptInterface := getIPTables(s.PrimaryIPFamily) _, iptInterface := getIPTables(s.PrimaryIPFamily)
localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs)
if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err)
}
proxier, err = ipvs.NewProxier( proxier, err = ipvs.NewProxier(
ctx, ctx,
@ -315,10 +303,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
logger.Info("Using nftables Proxier") logger.Info("Using nftables Proxier")
if dualStack { if dualStack {
localDetectors, err = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs) localDetectors = getDualStackLocalDetectorTuple(logger, config.DetectLocalMode, config, s.podCIDRs)
if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err)
}
// TODO this has side effects that should only happen when Run() is invoked. // TODO this has side effects that should only happen when Run() is invoked.
proxier, err = nftables.NewDualStackProxier( proxier, err = nftables.NewDualStackProxier(
@ -338,10 +323,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
) )
} else { } else {
// Create a single-stack proxier if and only if the node does not support dual-stack // Create a single-stack proxier if and only if the node does not support dual-stack
localDetector, err = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) localDetector = getLocalDetector(logger, s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs)
if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err)
}
// TODO this has side effects that should only happen when Run() is invoked. // TODO this has side effects that should only happen when Run() is invoked.
proxier, err = nftables.NewProxier( proxier, err = nftables.NewProxier(
@ -504,7 +486,7 @@ func detectNumCPU() int {
return numCPU return numCPU
} }
func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) (proxyutil.LocalTrafficDetector, error) { func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) proxyutil.LocalTrafficDetector {
switch mode { switch mode {
case proxyconfigapi.LocalModeClusterCIDR: case proxyconfigapi.LocalModeClusterCIDR:
// LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed, // LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed,
@ -538,22 +520,14 @@ func getLocalDetector(logger klog.Logger, ipFamily v1.IPFamily, mode proxyconfig
} }
logger.Info("Defaulting to no-op detect-local") logger.Info("Defaulting to no-op detect-local")
return proxyutil.NewNoOpLocalDetector(), nil return proxyutil.NewNoOpLocalDetector()
} }
func getDualStackLocalDetectorTuple(logger klog.Logger, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) ([2]proxyutil.LocalTrafficDetector, error) { func getDualStackLocalDetectorTuple(logger klog.Logger, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) [2]proxyutil.LocalTrafficDetector {
var localDetectors [2]proxyutil.LocalTrafficDetector return [2]proxyutil.LocalTrafficDetector{
var err error getLocalDetector(logger, v1.IPv4Protocol, mode, config, nodePodCIDRs),
getLocalDetector(logger, v1.IPv6Protocol, mode, config, nodePodCIDRs),
localDetectors[0], err = getLocalDetector(logger, v1.IPv4Protocol, mode, config, nodePodCIDRs)
if err != nil {
return localDetectors, err
} }
localDetectors[1], err = getLocalDetector(logger, v1.IPv6Protocol, mode, config, nodePodCIDRs)
if err != nil {
return localDetectors, err
}
return localDetectors, nil
} }
// platformCleanup removes stale kube-proxy rules that can be safely removed. If // platformCleanup removes stale kube-proxy rules that can be safely removed. If

253
cmd/kube-proxy/app/server_linux_test.go
View File

@ -116,56 +116,49 @@ func Test_getLocalDetector(t *testing.T) {
family v1.IPFamily family v1.IPFamily
expected proxyutil.LocalTrafficDetector expected proxyutil.LocalTrafficDetector
nodePodCIDRs []string nodePodCIDRs []string
errExpected bool
}{ }{
// LocalModeClusterCIDR // LocalModeClusterCIDR
{ {
name: "LocalModeClusterCIDR, IPv4 cluster", name: "LocalModeClusterCIDR, IPv4 cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"),
errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv6 cluster", name: "LocalModeClusterCIDR, IPv6 cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"},
family: v1.IPv6Protocol, family: v1.IPv6Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), expected: proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"),
errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv6 cluster with IPv6 config", name: "LocalModeClusterCIDR, IPv6 cluster with IPv4 config",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
family: v1.IPv6Protocol, family: v1.IPv6Protocol,
expected: proxyutil.NewNoOpLocalDetector(), expected: proxyutil.NewNoOpLocalDetector(),
errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config", name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"},
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: proxyutil.NewNoOpLocalDetector(), expected: proxyutil.NewNoOpLocalDetector(),
errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster", name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"},
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"),
errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, no ClusterCIDR", name: "LocalModeClusterCIDR, no ClusterCIDR",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""},
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: proxyutil.NewNoOpLocalDetector(), expected: proxyutil.NewNoOpLocalDetector(),
errExpected: false,
}, },
// LocalModeNodeCIDR // LocalModeNodeCIDR
{ {
@ -173,18 +166,16 @@ func Test_getLocalDetector(t *testing.T) {
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/24")), expected: proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"),
nodePodCIDRs: []string{"10.0.0.0/24"}, nodePodCIDRs: []string{"10.0.0.0/24"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv6 cluster", name: "LocalModeNodeCIDR, IPv6 cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"},
family: v1.IPv6Protocol, family: v1.IPv6Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), expected: proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"),
nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv6 cluster with IPv4 config", name: "LocalModeNodeCIDR, IPv6 cluster with IPv4 config",
@ -193,7 +184,6 @@ func Test_getLocalDetector(t *testing.T) {
family: v1.IPv6Protocol, family: v1.IPv6Protocol,
expected: proxyutil.NewNoOpLocalDetector(), expected: proxyutil.NewNoOpLocalDetector(),
nodePodCIDRs: []string{"10.0.0.0/24"}, nodePodCIDRs: []string{"10.0.0.0/24"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv4 cluster with IPv6 config", name: "LocalModeNodeCIDR, IPv4 cluster with IPv6 config",
@ -202,16 +192,14 @@ func Test_getLocalDetector(t *testing.T) {
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: proxyutil.NewNoOpLocalDetector(), expected: proxyutil.NewNoOpLocalDetector(),
nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv6 kube-proxy in dual-stack IPv4-primary cluster", name: "LocalModeNodeCIDR, IPv6 kube-proxy in dual-stack IPv4-primary cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"},
family: v1.IPv6Protocol, family: v1.IPv6Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), expected: proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"),
nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"}, nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, no PodCIDRs", name: "LocalModeNodeCIDR, no PodCIDRs",
@ -220,16 +208,14 @@ func Test_getLocalDetector(t *testing.T) {
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: proxyutil.NewNoOpLocalDetector(), expected: proxyutil.NewNoOpLocalDetector(),
nodePodCIDRs: []string{}, nodePodCIDRs: []string{},
errExpected: false,
}, },
// unknown mode // unknown mode
{ {
name: "unknown LocalMode", name: "unknown LocalMode",
mode: proxyconfigapi.LocalMode("abcd"), mode: proxyconfigapi.LocalMode("abcd"),
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: proxyutil.NewNoOpLocalDetector(), expected: proxyutil.NewNoOpLocalDetector(),
errExpected: false,
}, },
// LocalModeBridgeInterface // LocalModeBridgeInterface
{ {
@ -238,9 +224,8 @@ func Test_getLocalDetector(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"},
}, },
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByBridgeInterface("eth")), expected: proxyutil.NewDetectLocalByBridgeInterface("eth"),
errExpected: false,
}, },
{ {
name: "LocalModeBridgeInterface, strange bridge name", name: "LocalModeBridgeInterface, strange bridge name",
@ -248,9 +233,8 @@ func Test_getLocalDetector(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "1234567890123456789"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "1234567890123456789"},
}, },
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByBridgeInterface("1234567890123456789")), expected: proxyutil.NewDetectLocalByBridgeInterface("1234567890123456789"),
errExpected: false,
}, },
// LocalModeInterfaceNamePrefix // LocalModeInterfaceNamePrefix
{ {
@ -259,9 +243,8 @@ func Test_getLocalDetector(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "eth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "eth"},
}, },
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByInterfaceNamePrefix("eth")), expected: proxyutil.NewDetectLocalByInterfaceNamePrefix("eth"),
errExpected: false,
}, },
{ {
name: "LocalModeInterfaceNamePrefix, strange interface name", name: "LocalModeInterfaceNamePrefix, strange interface name",
@ -269,25 +252,14 @@ func Test_getLocalDetector(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "1234567890123456789"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "1234567890123456789"},
}, },
family: v1.IPv4Protocol, family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutil.NewDetectLocalByInterfaceNamePrefix("1234567890123456789")), expected: proxyutil.NewDetectLocalByInterfaceNamePrefix("1234567890123456789"),
errExpected: false,
}, },
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.name, func(t *testing.T) { t.Run(c.name, func(t *testing.T) {
logger, _ := ktesting.NewTestContext(t) logger, _ := ktesting.NewTestContext(t)
r, err := getLocalDetector(logger, c.family, c.mode, c.config, c.nodePodCIDRs) r := getLocalDetector(logger, c.family, c.mode, c.config, c.nodePodCIDRs)
if c.errExpected {
if err == nil {
t.Errorf("Expected error, but succeeded with %v", r)
}
return
}
if err != nil {
t.Errorf("Error resolving detect-local: %v", err)
return
}
if !reflect.DeepEqual(r, c.expected) { if !reflect.DeepEqual(r, c.expected) {
t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r)
} }
@ -302,35 +274,34 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) {
config *proxyconfigapi.KubeProxyConfiguration config *proxyconfigapi.KubeProxyConfiguration
expected [2]proxyutil.LocalTrafficDetector expected [2]proxyutil.LocalTrafficDetector
nodePodCIDRs []string nodePodCIDRs []string
errExpected bool
}{ }{
// LocalModeClusterCIDR // LocalModeClusterCIDR
{ {
name: "LocalModeClusterCIDR, dual-stack IPv4-primary cluster", name: "LocalModeClusterCIDR, dual-stack IPv4-primary cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"},
expected: resolveDualStackLocalDetectors(t)( expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"))( proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"),
proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"),
errExpected: false, },
}, },
{ {
name: "LocalModeClusterCIDR, dual-stack IPv6-primary cluster", name: "LocalModeClusterCIDR, dual-stack IPv6-primary cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"},
expected: resolveDualStackLocalDetectors(t)( expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"))( proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"),
proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64")), proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"),
errExpected: false, },
}, },
{ {
name: "LocalModeClusterCIDR, single-stack IPv4 cluster", name: "LocalModeClusterCIDR, single-stack IPv4 cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
expected: [2]proxyutil.LocalTrafficDetector{ expected: [2]proxyutil.LocalTrafficDetector{
resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/14")), proxyutil.NewDetectLocalByCIDR("10.0.0.0/14"),
proxyutil.NewNoOpLocalDetector()}, proxyutil.NewNoOpLocalDetector(),
errExpected: false, },
}, },
{ {
name: "LocalModeClusterCIDR, single-stack IPv6 cluster", name: "LocalModeClusterCIDR, single-stack IPv6 cluster",
@ -338,46 +309,48 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"},
expected: [2]proxyutil.LocalTrafficDetector{ expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector(),
resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"))}, proxyutil.NewDetectLocalByCIDR("2002:0:0:1234::/64"),
errExpected: false, },
}, },
{ {
name: "LocalModeClusterCIDR, no ClusterCIDR", name: "LocalModeClusterCIDR, no ClusterCIDR",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""},
expected: [2]proxyutil.LocalTrafficDetector{proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector()}, expected: [2]proxyutil.LocalTrafficDetector{
errExpected: false, proxyutil.NewNoOpLocalDetector(),
proxyutil.NewNoOpLocalDetector(),
},
}, },
// LocalModeNodeCIDR // LocalModeNodeCIDR
{ {
name: "LocalModeNodeCIDR, dual-stack IPv4-primary cluster", name: "LocalModeNodeCIDR, dual-stack IPv4-primary cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002:0:0:1234::/64"},
expected: resolveDualStackLocalDetectors(t)( expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"))( proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"),
proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"),
},
nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"}, nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:0:0/96"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, dual-stack IPv6-primary cluster", name: "LocalModeNodeCIDR, dual-stack IPv6-primary cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64,10.0.0.0/14"},
expected: resolveDualStackLocalDetectors(t)( expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"))( proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"),
proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96")), proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"),
},
nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96", "10.0.0.0/24"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96", "10.0.0.0/24"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, single-stack IPv4 cluster", name: "LocalModeNodeCIDR, single-stack IPv4 cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
expected: [2]proxyutil.LocalTrafficDetector{ expected: [2]proxyutil.LocalTrafficDetector{
resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("10.0.0.0/24")), proxyutil.NewDetectLocalByCIDR("10.0.0.0/24"),
proxyutil.NewNoOpLocalDetector()}, proxyutil.NewNoOpLocalDetector(),
},
nodePodCIDRs: []string{"10.0.0.0/24"}, nodePodCIDRs: []string{"10.0.0.0/24"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, single-stack IPv6 cluster", name: "LocalModeNodeCIDR, single-stack IPv6 cluster",
@ -385,17 +358,19 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002:0:0:1234::/64"},
expected: [2]proxyutil.LocalTrafficDetector{ expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector(),
resolveLocalDetector(t)(proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"))}, proxyutil.NewDetectLocalByCIDR("2002::1234:abcd:ffff:0:0/96"),
},
nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:0:0/96"},
errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, no PodCIDRs", name: "LocalModeNodeCIDR, no PodCIDRs",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""},
expected: [2]proxyutil.LocalTrafficDetector{proxyutil.NewNoOpLocalDetector(), proxyutil.NewNoOpLocalDetector()}, expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewNoOpLocalDetector(),
proxyutil.NewNoOpLocalDetector(),
},
nodePodCIDRs: []string{}, nodePodCIDRs: []string{},
errExpected: false,
}, },
// LocalModeBridgeInterface // LocalModeBridgeInterface
{ {
@ -404,10 +379,10 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"},
}, },
expected: resolveDualStackLocalDetectors(t)( expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewDetectLocalByBridgeInterface("eth"))( proxyutil.NewDetectLocalByBridgeInterface("eth"),
proxyutil.NewDetectLocalByBridgeInterface("eth")), proxyutil.NewDetectLocalByBridgeInterface("eth"),
errExpected: false, },
}, },
// LocalModeInterfaceNamePrefix // LocalModeInterfaceNamePrefix
{ {
@ -416,26 +391,16 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) {
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "veth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "veth"},
}, },
expected: resolveDualStackLocalDetectors(t)( expected: [2]proxyutil.LocalTrafficDetector{
proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"))( proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"),
proxyutil.NewDetectLocalByInterfaceNamePrefix("veth")), proxyutil.NewDetectLocalByInterfaceNamePrefix("veth"),
errExpected: false, },
}, },
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.name, func(t *testing.T) { t.Run(c.name, func(t *testing.T) {
logger, _ := ktesting.NewTestContext(t) logger, _ := ktesting.NewTestContext(t)
r, err := getDualStackLocalDetectorTuple(logger, c.mode, c.config, c.nodePodCIDRs) r := getDualStackLocalDetectorTuple(logger, c.mode, c.config, c.nodePodCIDRs)
if c.errExpected {
if err == nil {
t.Errorf("Expected error, but succeeded with %q", r)
}
return
}
if err != nil {
t.Errorf("Error resolving detect-local: %v", err)
return
}
if !reflect.DeepEqual(r, c.expected) { if !reflect.DeepEqual(r, c.expected) {
t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r)
} }
@ -455,32 +420,6 @@ func makeNodeWithPodCIDRs(cidrs ...string) *v1.Node {
} }
} }
func resolveLocalDetector(t *testing.T) func(proxyutil.LocalTrafficDetector, error) proxyutil.LocalTrafficDetector {
return func(localDetector proxyutil.LocalTrafficDetector, err error) proxyutil.LocalTrafficDetector {
t.Helper()
if err != nil {
t.Fatalf("Error resolving detect-local: %v", err)
}
return localDetector
}
}
func resolveDualStackLocalDetectors(t *testing.T) func(localDetector proxyutil.LocalTrafficDetector, err1 error) func(proxyutil.LocalTrafficDetector, error) [2]proxyutil.LocalTrafficDetector {
return func(localDetector proxyutil.LocalTrafficDetector, err error) func(proxyutil.LocalTrafficDetector, error) [2]proxyutil.LocalTrafficDetector {
t.Helper()
if err != nil {
t.Fatalf("Error resolving dual stack detect-local: %v", err)
}
return func(otherLocalDetector proxyutil.LocalTrafficDetector, err1 error) [2]proxyutil.LocalTrafficDetector {
t.Helper()
if err1 != nil {
t.Fatalf("Error resolving dual stack detect-local: %v", err)
}
return [2]proxyutil.LocalTrafficDetector{localDetector, otherLocalDetector}
}
}
}
func TestConfigChange(t *testing.T) { func TestConfigChange(t *testing.T) {
setUp := func() (*os.File, string, error) { setUp := func() (*os.File, string, error) {
tempDir, err := os.MkdirTemp("", "kubeproxy-config-change") tempDir, err := os.MkdirTemp("", "kubeproxy-config-change")

2
pkg/proxy/iptables/proxier_test.go
View File

@ -93,7 +93,7 @@ func NewFakeProxier(ipt utiliptables.Interface) *Proxier {
ipfamily = v1.IPv6Protocol ipfamily = v1.IPv6Protocol
podCIDR = "fd00:10::/64" podCIDR = "fd00:10::/64"
} }
detectLocal, _ := proxyutil.NewDetectLocalByCIDR(podCIDR) detectLocal := proxyutil.NewDetectLocalByCIDR(podCIDR)
networkInterfacer := proxyutiltest.NewFakeNetwork() networkInterfacer := proxyutiltest.NewFakeNetwork()
itf := net.Interface{Index: 0, MTU: 0, Name: "lo", HardwareAddr: nil, Flags: 0} itf := net.Interface{Index: 0, MTU: 0, Name: "lo", HardwareAddr: nil, Flags: 0}

2
pkg/proxy/nftables/proxier_test.go
View File

@ -84,7 +84,7 @@ func NewFakeProxier(ipFamily v1.IPFamily) (*knftables.Fake, *Proxier) {
podCIDR = "fd00:10::/64" podCIDR = "fd00:10::/64"
serviceCIDRs = "fd00:10:96::/112" serviceCIDRs = "fd00:10:96::/112"
} }
detectLocal, _ := proxyutil.NewDetectLocalByCIDR(podCIDR) detectLocal := proxyutil.NewDetectLocalByCIDR(podCIDR)
nodePortAddresses := []string{fmt.Sprintf("%s/32", testNodeIP), fmt.Sprintf("%s/128", testNodeIPv6)} nodePortAddresses := []string{fmt.Sprintf("%s/32", testNodeIP), fmt.Sprintf("%s/128", testNodeIPv6)}
networkInterfacer := proxyutiltest.NewFakeNetwork() networkInterfacer := proxyutiltest.NewFakeNetwork()

30
pkg/proxy/util/localdetector.go
View File

@ -17,8 +17,6 @@ limitations under the License.
package util package util
import ( import (
"fmt"
netutils "k8s.io/utils/net" netutils "k8s.io/utils/net"
) )
@ -77,15 +75,11 @@ func NewNoOpLocalDetector() LocalTrafficDetector {
} }
// NewDetectLocalByCIDR returns a LocalTrafficDetector that considers traffic from the // NewDetectLocalByCIDR returns a LocalTrafficDetector that considers traffic from the
// provided cidr to be from a local pod, and other traffic to be non-local. // provided cidr to be from a local pod, and other traffic to be non-local. cidr is
func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) { // assumed to be valid.
_, parsed, err := netutils.ParseCIDRSloppy(cidr) func NewDetectLocalByCIDR(cidr string) LocalTrafficDetector {
if err != nil {
return nil, err
}
nftFamily := "ip" nftFamily := "ip"
if netutils.IsIPv6CIDR(parsed) { if netutils.IsIPv6CIDRString(cidr) {
nftFamily = "ip6" nftFamily = "ip6"
} }
@ -94,35 +88,29 @@ func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) {
ifNotLocal: []string{"!", "-s", cidr}, ifNotLocal: []string{"!", "-s", cidr},
ifLocalNFT: []string{nftFamily, "saddr", cidr}, ifLocalNFT: []string{nftFamily, "saddr", cidr},
ifNotLocalNFT: []string{nftFamily, "saddr", "!=", cidr}, ifNotLocalNFT: []string{nftFamily, "saddr", "!=", cidr},
}, nil }
} }
// NewDetectLocalByBridgeInterface returns a LocalTrafficDetector that considers traffic // NewDetectLocalByBridgeInterface returns a LocalTrafficDetector that considers traffic
// from interfaceName to be from a local pod, and traffic from other interfaces to be // from interfaceName to be from a local pod, and traffic from other interfaces to be
// non-local. // non-local.
func NewDetectLocalByBridgeInterface(interfaceName string) (LocalTrafficDetector, error) { func NewDetectLocalByBridgeInterface(interfaceName string) LocalTrafficDetector {
if len(interfaceName) == 0 {
return nil, fmt.Errorf("no bridge interface name set")
}
return &detectLocal{ return &detectLocal{
ifLocal: []string{"-i", interfaceName}, ifLocal: []string{"-i", interfaceName},
ifNotLocal: []string{"!", "-i", interfaceName}, ifNotLocal: []string{"!", "-i", interfaceName},
ifLocalNFT: []string{"iif", interfaceName}, ifLocalNFT: []string{"iif", interfaceName},
ifNotLocalNFT: []string{"iif", "!=", interfaceName}, ifNotLocalNFT: []string{"iif", "!=", interfaceName},
}, nil }
} }
// NewDetectLocalByInterfaceNamePrefix returns a LocalTrafficDetector that considers // NewDetectLocalByInterfaceNamePrefix returns a LocalTrafficDetector that considers
// traffic from interfaces starting with interfacePrefix to be from a local pod, and // traffic from interfaces starting with interfacePrefix to be from a local pod, and
// traffic from other interfaces to be non-local. // traffic from other interfaces to be non-local.
func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) (LocalTrafficDetector, error) { func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) LocalTrafficDetector {
if len(interfacePrefix) == 0 {
return nil, fmt.Errorf("no interface prefix set")
}
return &detectLocal{ return &detectLocal{
ifLocal: []string{"-i", interfacePrefix + "+"}, ifLocal: []string{"-i", interfacePrefix + "+"},
ifNotLocal: []string{"!", "-i", interfacePrefix + "+"}, ifNotLocal: []string{"!", "-i", interfacePrefix + "+"},
ifLocalNFT: []string{"iif", interfacePrefix + "*"}, ifLocalNFT: []string{"iif", interfacePrefix + "*"},
ifNotLocalNFT: []string{"iif", "!=", interfacePrefix + "*"}, ifNotLocalNFT: []string{"iif", "!=", interfacePrefix + "*"},
}, nil }
} }

118
pkg/proxy/util/localdetector_test.go
View File

@ -38,46 +38,6 @@ func TestNoOpLocalDetector(t *testing.T) {
} }
} }
func TestNewDetectLocalByCIDR(t *testing.T) {
cases := []struct {
cidr string
errExpected bool
}{
{
cidr: "10.0.0.0/14",
errExpected: false,
},
{
cidr: "2002:0:0:1234::/64",
errExpected: false,
},
{
cidr: "10.0.0.0",
errExpected: true,
},
{
cidr: "2002:0:0:1234::",
errExpected: true,
},
{
cidr: "",
errExpected: true,
},
}
for i, c := range cases {
r, err := NewDetectLocalByCIDR(c.cidr)
if c.errExpected {
if err == nil {
t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r)
}
continue
}
if err != nil {
t.Errorf("Case[%d] failed with error: %v", i, err)
}
}
}
func TestDetectLocalByCIDR(t *testing.T) { func TestDetectLocalByCIDR(t *testing.T) {
cases := []struct { cases := []struct {
cidr string cidr string
@ -96,11 +56,7 @@ func TestDetectLocalByCIDR(t *testing.T) {
}, },
} }
for _, c := range cases { for _, c := range cases {
localDetector, err := NewDetectLocalByCIDR(c.cidr) localDetector := NewDetectLocalByCIDR(c.cidr)
if err != nil {
t.Errorf("Error initializing localDetector: %v", err)
continue
}
if !localDetector.IsImplemented() { if !localDetector.IsImplemented() {
t.Error("DetectLocalByCIDR returns false for IsImplemented") t.Error("DetectLocalByCIDR returns false for IsImplemented")
} }
@ -118,66 +74,6 @@ func TestDetectLocalByCIDR(t *testing.T) {
} }
} }
func TestNewDetectLocalByBridgeInterface(t *testing.T) {
cases := []struct {
ifaceName string
errExpected bool
}{
{
ifaceName: "avz",
errExpected: false,
},
{
ifaceName: "",
errExpected: true,
},
}
for i, c := range cases {
r, err := NewDetectLocalByBridgeInterface(c.ifaceName)
if c.errExpected {
if err == nil {
t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r)
}
continue
}
if err != nil {
t.Errorf("Case[%d] failed with error: %v", i, err)
}
}
}
func TestNewDetectLocalByInterfaceNamePrefix(t *testing.T) {
cases := []struct {
ifacePrefix string
errExpected bool
}{
{
ifacePrefix: "veth",
errExpected: false,
},
{
ifacePrefix: "cbr0",
errExpected: false,
},
{
ifacePrefix: "",
errExpected: true,
},
}
for i, c := range cases {
r, err := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix)
if c.errExpected {
if err == nil {
t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r)
}
continue
}
if err != nil {
t.Errorf("Case[%d] failed with error: %v", i, err)
}
}
}
func TestDetectLocalByBridgeInterface(t *testing.T) { func TestDetectLocalByBridgeInterface(t *testing.T) {
cases := []struct { cases := []struct {
ifaceName string ifaceName string
@ -191,11 +87,7 @@ func TestDetectLocalByBridgeInterface(t *testing.T) {
}, },
} }
for _, c := range cases { for _, c := range cases {
localDetector, err := NewDetectLocalByBridgeInterface(c.ifaceName) localDetector := NewDetectLocalByBridgeInterface(c.ifaceName)
if err != nil {
t.Errorf("Error initializing localDetector: %v", err)
continue
}
if !localDetector.IsImplemented() { if !localDetector.IsImplemented() {
t.Error("DetectLocalByBridgeInterface returns false for IsImplemented") t.Error("DetectLocalByBridgeInterface returns false for IsImplemented")
} }
@ -228,11 +120,7 @@ func TestDetectLocalByInterfaceNamePrefix(t *testing.T) {
}, },
} }
for _, c := range cases { for _, c := range cases {
localDetector, err := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) localDetector := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix)
if err != nil {
t.Errorf("Error initializing localDetector: %v", err)
continue
}
if !localDetector.IsImplemented() { if !localDetector.IsImplemented() {
t.Error("DetectLocalByInterfaceNamePrefix returns false for IsImplemented") t.Error("DetectLocalByInterfaceNamePrefix returns false for IsImplemented")
} }