mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
proxy/ipvs: fix some identifiers
kubeLoadbalancerFWSet was the only LoadBalancer-related identifier with a lowercase "b", so fix that. rename TestLoadBalanceSourceRanges to TestLoadBalancerSourceRanges to match the field name (and the iptables proxier test).
This commit is contained in:
parent
0b1e364814
commit
400d474bac
@ -49,8 +49,8 @@ const (
|
||||
kubeLoadBalancerLocalSetComment = "Kubernetes service load balancer ip + port with externalTrafficPolicy=local"
|
||||
kubeLoadBalancerLocalSet = "KUBE-LOAD-BALANCER-LOCAL"
|
||||
|
||||
kubeLoadbalancerFWSetComment = "Kubernetes service load balancer ip + port for load balancer with sourceRange"
|
||||
kubeLoadbalancerFWSet = "KUBE-LOAD-BALANCER-FW"
|
||||
kubeLoadBalancerFWSetComment = "Kubernetes service load balancer ip + port for load balancer with sourceRange"
|
||||
kubeLoadBalancerFWSet = "KUBE-LOAD-BALANCER-FW"
|
||||
|
||||
kubeLoadBalancerSourceIPSetComment = "Kubernetes service load balancer ip + port + source IP for packet filter purpose"
|
||||
kubeLoadBalancerSourceIPSet = "KUBE-LOAD-BALANCER-SOURCE-IP"
|
||||
|
@ -157,7 +157,7 @@ var ipsetInfo = []struct {
|
||||
{kubeExternalIPSet, utilipset.HashIPPort, kubeExternalIPSetComment},
|
||||
{kubeExternalIPLocalSet, utilipset.HashIPPort, kubeExternalIPLocalSetComment},
|
||||
{kubeLoadBalancerSet, utilipset.HashIPPort, kubeLoadBalancerSetComment},
|
||||
{kubeLoadbalancerFWSet, utilipset.HashIPPort, kubeLoadbalancerFWSetComment},
|
||||
{kubeLoadBalancerFWSet, utilipset.HashIPPort, kubeLoadBalancerFWSetComment},
|
||||
{kubeLoadBalancerLocalSet, utilipset.HashIPPort, kubeLoadBalancerLocalSetComment},
|
||||
{kubeLoadBalancerSourceIPSet, utilipset.HashIPPortIP, kubeLoadBalancerSourceIPSetComment},
|
||||
{kubeLoadBalancerSourceCIDRSet, utilipset.HashIPPortNet, kubeLoadBalancerSourceCIDRSetComment},
|
||||
@ -184,7 +184,7 @@ var ipsetWithIptablesChain = []struct {
|
||||
}{
|
||||
{kubeLoopBackIPSet, string(kubePostroutingChain), "MASQUERADE", "dst,dst,src", ""},
|
||||
{kubeLoadBalancerSet, string(kubeServicesChain), string(kubeLoadBalancerChain), "dst,dst", ""},
|
||||
{kubeLoadbalancerFWSet, string(kubeLoadBalancerChain), string(kubeFirewallChain), "dst,dst", ""},
|
||||
{kubeLoadBalancerFWSet, string(kubeLoadBalancerChain), string(kubeFirewallChain), "dst,dst", ""},
|
||||
{kubeLoadBalancerSourceCIDRSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
|
||||
{kubeLoadBalancerSourceIPSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
|
||||
{kubeLoadBalancerLocalSet, string(kubeLoadBalancerChain), "RETURN", "dst,dst", ""},
|
||||
@ -1307,11 +1307,11 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
// The service firewall rules are created based on ServiceSpec.loadBalancerSourceRanges field.
|
||||
// This currently works for loadbalancers that preserves source ips.
|
||||
// For loadbalancers which direct traffic to service NodePort, the firewall rules will not apply.
|
||||
if valid := proxier.ipsetList[kubeLoadbalancerFWSet].validateEntry(entry); !valid {
|
||||
klog.ErrorS(nil, "Error adding entry to ipset", "entry", entry, "ipset", proxier.ipsetList[kubeLoadbalancerFWSet].Name)
|
||||
if valid := proxier.ipsetList[kubeLoadBalancerFWSet].validateEntry(entry); !valid {
|
||||
klog.ErrorS(nil, "Error adding entry to ipset", "entry", entry, "ipset", proxier.ipsetList[kubeLoadBalancerFWSet].Name)
|
||||
continue
|
||||
}
|
||||
proxier.ipsetList[kubeLoadbalancerFWSet].activeEntries.Insert(entry.String())
|
||||
proxier.ipsetList[kubeLoadBalancerFWSet].activeEntries.Insert(entry.String())
|
||||
allowFromNode := false
|
||||
for _, src := range svcInfo.LoadBalancerSourceRanges() {
|
||||
// ipset call
|
||||
|
@ -2151,7 +2151,7 @@ func TestHealthCheckNodePort(t *testing.T) {
|
||||
checkIptables(t, ipt, epIpt)
|
||||
}
|
||||
|
||||
func TestLoadBalanceSourceRanges(t *testing.T) {
|
||||
func TestLoadBalancerSourceRanges(t *testing.T) {
|
||||
ipt, fp := buildFakeProxier()
|
||||
|
||||
svcIP := "10.20.30.41"
|
||||
@ -2214,7 +2214,7 @@ func TestLoadBalanceSourceRanges(t *testing.T) {
|
||||
Protocol: strings.ToLower(string(v1.ProtocolTCP)),
|
||||
SetType: utilipset.HashIPPort,
|
||||
}},
|
||||
kubeLoadbalancerFWSet: {{
|
||||
kubeLoadBalancerFWSet: {{
|
||||
IP: svcLBIP,
|
||||
Port: svcPort,
|
||||
Protocol: strings.ToLower(string(v1.ProtocolTCP)),
|
||||
@ -2244,7 +2244,7 @@ func TestLoadBalanceSourceRanges(t *testing.T) {
|
||||
JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet,
|
||||
}},
|
||||
string(kubeLoadBalancerChain): {{
|
||||
JumpChain: string(kubeFirewallChain), MatchSet: kubeLoadbalancerFWSet,
|
||||
JumpChain: string(kubeFirewallChain), MatchSet: kubeLoadBalancerFWSet,
|
||||
}, {
|
||||
JumpChain: string(kubeMarkMasqChain), MatchSet: "",
|
||||
}},
|
||||
|
Loading…
Reference in New Issue
Block a user