mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
proxy/ipvs: fix some identifiers
kubeLoadbalancerFWSet was the only LoadBalancer-related identifier with a lowercase "b", so fix that. rename TestLoadBalanceSourceRanges to TestLoadBalancerSourceRanges to match the field name (and the iptables proxier test).
This commit is contained in:
Dan Winship
parent
0b1e364814
commit
400d474bac
@ -49,8 +49,8 @@ const (
|
|||||||
kubeLoadBalancerLocalSetComment = "Kubernetes service load balancer ip + port with externalTrafficPolicy=local"
|
kubeLoadBalancerLocalSetComment = "Kubernetes service load balancer ip + port with externalTrafficPolicy=local"
|
||||||
kubeLoadBalancerLocalSet = "KUBE-LOAD-BALANCER-LOCAL"
|
kubeLoadBalancerLocalSet = "KUBE-LOAD-BALANCER-LOCAL"
|
||||||
|
|
||||||
kubeLoadbalancerFWSetComment = "Kubernetes service load balancer ip + port for load balancer with sourceRange"
|
kubeLoadBalancerFWSetComment = "Kubernetes service load balancer ip + port for load balancer with sourceRange"
|
||||||
kubeLoadbalancerFWSet = "KUBE-LOAD-BALANCER-FW"
|
kubeLoadBalancerFWSet = "KUBE-LOAD-BALANCER-FW"
|
||||||
|
|
||||||
kubeLoadBalancerSourceIPSetComment = "Kubernetes service load balancer ip + port + source IP for packet filter purpose"
|
kubeLoadBalancerSourceIPSetComment = "Kubernetes service load balancer ip + port + source IP for packet filter purpose"
|
||||||
kubeLoadBalancerSourceIPSet = "KUBE-LOAD-BALANCER-SOURCE-IP"
|
kubeLoadBalancerSourceIPSet = "KUBE-LOAD-BALANCER-SOURCE-IP"
|
||||||
|
|||||||
@ -157,7 +157,7 @@ var ipsetInfo = []struct {
|
|||||||
{kubeExternalIPSet, utilipset.HashIPPort, kubeExternalIPSetComment},
|
{kubeExternalIPSet, utilipset.HashIPPort, kubeExternalIPSetComment},
|
||||||
{kubeExternalIPLocalSet, utilipset.HashIPPort, kubeExternalIPLocalSetComment},
|
{kubeExternalIPLocalSet, utilipset.HashIPPort, kubeExternalIPLocalSetComment},
|
||||||
{kubeLoadBalancerSet, utilipset.HashIPPort, kubeLoadBalancerSetComment},
|
{kubeLoadBalancerSet, utilipset.HashIPPort, kubeLoadBalancerSetComment},
|
||||||
{kubeLoadbalancerFWSet, utilipset.HashIPPort, kubeLoadbalancerFWSetComment},
|
{kubeLoadBalancerFWSet, utilipset.HashIPPort, kubeLoadBalancerFWSetComment},
|
||||||
{kubeLoadBalancerLocalSet, utilipset.HashIPPort, kubeLoadBalancerLocalSetComment},
|
{kubeLoadBalancerLocalSet, utilipset.HashIPPort, kubeLoadBalancerLocalSetComment},
|
||||||
{kubeLoadBalancerSourceIPSet, utilipset.HashIPPortIP, kubeLoadBalancerSourceIPSetComment},
|
{kubeLoadBalancerSourceIPSet, utilipset.HashIPPortIP, kubeLoadBalancerSourceIPSetComment},
|
||||||
{kubeLoadBalancerSourceCIDRSet, utilipset.HashIPPortNet, kubeLoadBalancerSourceCIDRSetComment},
|
{kubeLoadBalancerSourceCIDRSet, utilipset.HashIPPortNet, kubeLoadBalancerSourceCIDRSetComment},
|
||||||
@ -184,7 +184,7 @@ var ipsetWithIptablesChain = []struct {
|
|||||||
}{
|
}{
|
||||||
{kubeLoopBackIPSet, string(kubePostroutingChain), "MASQUERADE", "dst,dst,src", ""},
|
{kubeLoopBackIPSet, string(kubePostroutingChain), "MASQUERADE", "dst,dst,src", ""},
|
||||||
{kubeLoadBalancerSet, string(kubeServicesChain), string(kubeLoadBalancerChain), "dst,dst", ""},
|
{kubeLoadBalancerSet, string(kubeServicesChain), string(kubeLoadBalancerChain), "dst,dst", ""},
|
||||||
{kubeLoadbalancerFWSet, string(kubeLoadBalancerChain), string(kubeFirewallChain), "dst,dst", ""},
|
{kubeLoadBalancerFWSet, string(kubeLoadBalancerChain), string(kubeFirewallChain), "dst,dst", ""},
|
||||||
{kubeLoadBalancerSourceCIDRSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
|
{kubeLoadBalancerSourceCIDRSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
|
||||||
{kubeLoadBalancerSourceIPSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
|
{kubeLoadBalancerSourceIPSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
|
||||||
{kubeLoadBalancerLocalSet, string(kubeLoadBalancerChain), "RETURN", "dst,dst", ""},
|
{kubeLoadBalancerLocalSet, string(kubeLoadBalancerChain), "RETURN", "dst,dst", ""},
|
||||||
@ -1307,11 +1307,11 @@ func (proxier *Proxier) syncProxyRules() {
|
|||||||
// The service firewall rules are created based on ServiceSpec.loadBalancerSourceRanges field.
|
// The service firewall rules are created based on ServiceSpec.loadBalancerSourceRanges field.
|
||||||
// This currently works for loadbalancers that preserves source ips.
|
// This currently works for loadbalancers that preserves source ips.
|
||||||
// For loadbalancers which direct traffic to service NodePort, the firewall rules will not apply.
|
// For loadbalancers which direct traffic to service NodePort, the firewall rules will not apply.
|
||||||
if valid := proxier.ipsetList[kubeLoadbalancerFWSet].validateEntry(entry); !valid {
|
if valid := proxier.ipsetList[kubeLoadBalancerFWSet].validateEntry(entry); !valid {
|
||||||
klog.ErrorS(nil, "Error adding entry to ipset", "entry", entry, "ipset", proxier.ipsetList[kubeLoadbalancerFWSet].Name)
|
klog.ErrorS(nil, "Error adding entry to ipset", "entry", entry, "ipset", proxier.ipsetList[kubeLoadBalancerFWSet].Name)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
proxier.ipsetList[kubeLoadbalancerFWSet].activeEntries.Insert(entry.String())
|
proxier.ipsetList[kubeLoadBalancerFWSet].activeEntries.Insert(entry.String())
|
||||||
allowFromNode := false
|
allowFromNode := false
|
||||||
for _, src := range svcInfo.LoadBalancerSourceRanges() {
|
for _, src := range svcInfo.LoadBalancerSourceRanges() {
|
||||||
// ipset call
|
// ipset call
|
||||||
|
|||||||
@ -2151,7 +2151,7 @@ func TestHealthCheckNodePort(t *testing.T) {
|
|||||||
checkIptables(t, ipt, epIpt)
|
checkIptables(t, ipt, epIpt)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLoadBalanceSourceRanges(t *testing.T) {
|
func TestLoadBalancerSourceRanges(t *testing.T) {
|
||||||
ipt, fp := buildFakeProxier()
|
ipt, fp := buildFakeProxier()
|
||||||
|
|
||||||
svcIP := "10.20.30.41"
|
svcIP := "10.20.30.41"
|
||||||
@ -2214,7 +2214,7 @@ func TestLoadBalanceSourceRanges(t *testing.T) {
|
|||||||
Protocol: strings.ToLower(string(v1.ProtocolTCP)),
|
Protocol: strings.ToLower(string(v1.ProtocolTCP)),
|
||||||
SetType: utilipset.HashIPPort,
|
SetType: utilipset.HashIPPort,
|
||||||
}},
|
}},
|
||||||
kubeLoadbalancerFWSet: {{
|
kubeLoadBalancerFWSet: {{
|
||||||
IP: svcLBIP,
|
IP: svcLBIP,
|
||||||
Port: svcPort,
|
Port: svcPort,
|
||||||
Protocol: strings.ToLower(string(v1.ProtocolTCP)),
|
Protocol: strings.ToLower(string(v1.ProtocolTCP)),
|
||||||
@ -2244,7 +2244,7 @@ func TestLoadBalanceSourceRanges(t *testing.T) {
|
|||||||
JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet,
|
JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet,
|
||||||
}},
|
}},
|
||||||
string(kubeLoadBalancerChain): {{
|
string(kubeLoadBalancerChain): {{
|
||||||
JumpChain: string(kubeFirewallChain), MatchSet: kubeLoadbalancerFWSet,
|
JumpChain: string(kubeFirewallChain), MatchSet: kubeLoadBalancerFWSet,
|
||||||
}, {
|
}, {
|
||||||
JumpChain: string(kubeMarkMasqChain), MatchSet: "",
|
JumpChain: string(kubeMarkMasqChain), MatchSet: "",
|
||||||
}},
|
}},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user