diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go index 7a5b0c861c5..59aa34e5a97 100644 --- a/cmd/kube-proxy/app/server.go +++ b/cmd/kube-proxy/app/server.go @@ -19,7 +19,6 @@ limitations under the License. package app import ( - "errors" goflag "flag" "fmt" "net" @@ -75,9 +74,6 @@ import ( "k8s.io/kubernetes/pkg/proxy/apis/config/validation" "k8s.io/kubernetes/pkg/proxy/config" "k8s.io/kubernetes/pkg/proxy/healthcheck" - "k8s.io/kubernetes/pkg/proxy/iptables" - "k8s.io/kubernetes/pkg/proxy/ipvs" - "k8s.io/kubernetes/pkg/proxy/userspace" proxyutil "k8s.io/kubernetes/pkg/proxy/util" "k8s.io/kubernetes/pkg/util/filesystem" utilflag "k8s.io/kubernetes/pkg/util/flag" @@ -100,7 +96,6 @@ const ( // proxyRun defines the interface to run a specified ProxyServer type proxyRun interface { Run() error - CleanupAndExit() error } // Options contains everything necessary to create and run a proxy server. @@ -314,15 +309,15 @@ func (o *Options) Run() error { return o.writeConfigFile() } + if o.CleanupAndExit { + return cleanupAndExit() + } + proxyServer, err := NewProxyServer(o) if err != nil { return err } - if o.CleanupAndExit { - return proxyServer.CleanupAndExit() - } - o.proxyServer = proxyServer return o.runLoop() } @@ -815,27 +810,6 @@ func getConntrackMax(config kubeproxyconfig.KubeProxyConntrackConfiguration) (in return 0, nil } -// CleanupAndExit remove iptables rules and ipset/ipvs rules in ipvs proxy mode -// and exit if success return nil -func (s *ProxyServer) CleanupAndExit() error { - // cleanup IPv6 and IPv4 iptables rules - ipts := []utiliptables.Interface{ - utiliptables.New(s.execer, utiliptables.ProtocolIPv4), - utiliptables.New(s.execer, utiliptables.ProtocolIPv6), - } - var encounteredError bool - for _, ipt := range ipts { - encounteredError = userspace.CleanupLeftovers(ipt) || encounteredError - encounteredError = iptables.CleanupLeftovers(ipt) || encounteredError - encounteredError = ipvs.CleanupLeftovers(s.IpvsInterface, ipt, s.IpsetInterface) || encounteredError - } - if encounteredError { - return errors.New("encountered an error while tearing down rules") - } - - return nil -} - // detectNodeIP returns the nodeIP used by the proxier // The order of precedence is: // 1. config.bindAddress if bindAddress is not 0.0.0.0 or :: diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index 8a5d580f93d..f0ac6210e5c 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -74,12 +74,11 @@ var timeoutForNodePodCIDR = 5 * time.Minute // NewProxyServer returns a new ProxyServer. func NewProxyServer(o *Options) (*ProxyServer, error) { - return newProxyServer(o.config, o.CleanupAndExit, o.master) + return newProxyServer(o.config, o.master) } func newProxyServer( config *proxyconfigapi.KubeProxyConfiguration, - cleanupAndExit bool, master string) (*ProxyServer, error) { if config == nil { @@ -111,15 +110,6 @@ func newProxyServer( ipvsInterface = utilipvs.New() } - // We omit creation of pretty much everything if we run in cleanup mode - if cleanupAndExit { - return &ProxyServer{ - execer: execer, - IpvsInterface: ipvsInterface, - IpsetInterface: ipsetInterface, - }, nil - } - if len(config.ShowHiddenMetricsForVersion) > 0 { metrics.SetShowHidden() } @@ -603,3 +593,29 @@ func tryIPTablesProxy(kcompat iptables.KernelCompatTester) string { klog.V(1).InfoS("Can't use iptables proxy, using userspace proxier") return proxyModeUserspace } + +// cleanupAndExit remove iptables rules and ipset/ipvs rules +func cleanupAndExit() error { + execer := exec.New() + + // cleanup IPv6 and IPv4 iptables rules, regardless of current configuration + ipts := []utiliptables.Interface{ + utiliptables.New(execer, utiliptables.ProtocolIPv4), + utiliptables.New(execer, utiliptables.ProtocolIPv6), + } + + ipsetInterface := utilipset.New(execer) + ipvsInterface := utilipvs.New() + + var encounteredError bool + for _, ipt := range ipts { + encounteredError = userspace.CleanupLeftovers(ipt) || encounteredError + encounteredError = iptables.CleanupLeftovers(ipt) || encounteredError + encounteredError = ipvs.CleanupLeftovers(ipvsInterface, ipt, ipsetInterface) || encounteredError + } + if encounteredError { + return errors.New("encountered an error while tearing down rules") + } + + return nil +} diff --git a/cmd/kube-proxy/app/server_windows.go b/cmd/kube-proxy/app/server_windows.go index b26f8e328e2..5ba57692429 100644 --- a/cmd/kube-proxy/app/server_windows.go +++ b/cmd/kube-proxy/app/server_windows.go @@ -52,10 +52,10 @@ import ( // NewProxyServer returns a new ProxyServer. func NewProxyServer(o *Options) (*ProxyServer, error) { - return newProxyServer(o.config, o.CleanupAndExit, o.master) + return newProxyServer(o.config, o.master) } -func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExit bool, master string) (*ProxyServer, error) { +func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, master string) (*ProxyServer, error) { if config == nil { return nil, errors.New("config is required") } @@ -66,11 +66,6 @@ func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExi return nil, fmt.Errorf("unable to register configz: %s", err) } - // We omit creation of pretty much everything if we run in cleanup mode - if cleanupAndExit { - return &ProxyServer{}, nil - } - if len(config.ShowHiddenMetricsForVersion) > 0 { metrics.SetShowHidden() } @@ -225,3 +220,8 @@ func tryWinKernelSpaceProxy(kcompat winkernel.KernelCompatTester) string { klog.V(1).InfoS("Can't use winkernel proxy, using userspace proxier") return proxyModeUserspace } + +// cleanupAndExit cleans up after a previous proxy run +func cleanupAndExit() error { + return errors.New("--cleanup-and-exit is not implemented on Windows") +}