diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index 061152a8882..517f44e20cf 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -50,10 +50,10 @@ import ( utilipset "k8s.io/kubernetes/pkg/proxy/ipvs/ipset" utilipvs "k8s.io/kubernetes/pkg/proxy/ipvs/util" proxymetrics "k8s.io/kubernetes/pkg/proxy/metrics" + proxyutil "k8s.io/kubernetes/pkg/proxy/util" proxyutiliptables "k8s.io/kubernetes/pkg/proxy/util/iptables" utiliptables "k8s.io/kubernetes/pkg/util/iptables" "k8s.io/utils/exec" - netutils "k8s.io/utils/net" "k8s.io/klog/v2" ) @@ -154,7 +154,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio if dualStack { // Always ordered to match []ipt var localDetectors [2]proxyutiliptables.LocalTrafficDetector - localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, ipt, s.podCIDRs) + localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, s.podCIDRs) if err != nil { return nil, fmt.Errorf("unable to create proxier: %v", err) } @@ -179,7 +179,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio } else { // Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support). var localDetector proxyutiliptables.LocalTrafficDetector - localDetector, err = getLocalDetector(config.DetectLocalMode, config, iptInterface, s.podCIDRs) + localDetector, err = getLocalDetector(s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) if err != nil { return nil, fmt.Errorf("unable to create proxier: %v", err) } @@ -219,7 +219,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio if dualStack { // Always ordered to match []ipt var localDetectors [2]proxyutiliptables.LocalTrafficDetector - localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, ipt, s.podCIDRs) + localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, s.podCIDRs) if err != nil { return nil, fmt.Errorf("unable to create proxier: %v", err) } @@ -250,7 +250,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio ) } else { var localDetector proxyutiliptables.LocalTrafficDetector - localDetector, err = getLocalDetector(config.DetectLocalMode, config, iptInterface, s.podCIDRs) + localDetector, err = getLocalDetector(s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs) if err != nil { return nil, fmt.Errorf("unable to create proxier: %v", err) } @@ -402,123 +402,58 @@ func detectNumCPU() int { return numCPU } -func getLocalDetector(mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, ipt utiliptables.Interface, nodePodCIDRs []string) (proxyutiliptables.LocalTrafficDetector, error) { +func getLocalDetector(ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) (proxyutiliptables.LocalTrafficDetector, error) { switch mode { case proxyconfigapi.LocalModeClusterCIDR: // LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed, // but --cluster-cidr is optional. - if len(strings.TrimSpace(config.ClusterCIDR)) == 0 { + clusterCIDRs := strings.TrimSpace(config.ClusterCIDR) + if len(clusterCIDRs) == 0 { klog.InfoS("Detect-local-mode set to ClusterCIDR, but no cluster CIDR defined") break } - return proxyutiliptables.NewDetectLocalByCIDR(config.ClusterCIDR, ipt) - case proxyconfigapi.LocalModeNodeCIDR: - if len(nodePodCIDRs) == 0 { - klog.InfoS("Detect-local-mode set to NodeCIDR, but no PodCIDR defined at node") - break + + cidrsByFamily := proxyutil.MapCIDRsByIPFamily(strings.Split(clusterCIDRs, ",")) + if len(cidrsByFamily[ipFamily]) != 0 { + return proxyutiliptables.NewDetectLocalByCIDR(cidrsByFamily[ipFamily][0]) } - return proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[0], ipt) + + klog.InfoS("Detect-local-mode set to ClusterCIDR, but no cluster CIDR for family", "ipFamily", ipFamily) + + case proxyconfigapi.LocalModeNodeCIDR: + cidrsByFamily := proxyutil.MapCIDRsByIPFamily(nodePodCIDRs) + if len(cidrsByFamily[ipFamily]) != 0 { + return proxyutiliptables.NewDetectLocalByCIDR(cidrsByFamily[ipFamily][0]) + } + + klog.InfoS("Detect-local-mode set to NodeCIDR, but no PodCIDR defined at node for family", "ipFamily", ipFamily) + case proxyconfigapi.LocalModeBridgeInterface: return proxyutiliptables.NewDetectLocalByBridgeInterface(config.DetectLocal.BridgeInterface) + case proxyconfigapi.LocalModeInterfaceNamePrefix: return proxyutiliptables.NewDetectLocalByInterfaceNamePrefix(config.DetectLocal.InterfaceNamePrefix) } - klog.InfoS("Defaulting to no-op detect-local", "detectLocalMode", string(mode)) + + klog.InfoS("Defaulting to no-op detect-local") return proxyutiliptables.NewNoOpLocalDetector(), nil } -func getDualStackLocalDetectorTuple(mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, ipt [2]utiliptables.Interface, nodePodCIDRs []string) ([2]proxyutiliptables.LocalTrafficDetector, error) { +func getDualStackLocalDetectorTuple(mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) ([2]proxyutiliptables.LocalTrafficDetector, error) { + var localDetectors [2]proxyutiliptables.LocalTrafficDetector var err error - localDetectors := [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()} - switch mode { - case proxyconfigapi.LocalModeClusterCIDR: - // LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed, - // but --cluster-cidr is optional. - if len(strings.TrimSpace(config.ClusterCIDR)) == 0 { - klog.InfoS("Detect-local-mode set to ClusterCIDR, but no cluster CIDR defined") - break - } - clusterCIDRs := cidrTuple(config.ClusterCIDR) - - if len(strings.TrimSpace(clusterCIDRs[0])) == 0 { - klog.InfoS("Detect-local-mode set to ClusterCIDR, but no IPv4 cluster CIDR defined, defaulting to no-op detect-local for IPv4") - } else { - localDetectors[0], err = proxyutiliptables.NewDetectLocalByCIDR(clusterCIDRs[0], ipt[0]) - if err != nil { // don't loose the original error - return localDetectors, err - } - } - - if len(strings.TrimSpace(clusterCIDRs[1])) == 0 { - klog.InfoS("Detect-local-mode set to ClusterCIDR, but no IPv6 cluster CIDR defined, defaulting to no-op detect-local for IPv6") - } else { - localDetectors[1], err = proxyutiliptables.NewDetectLocalByCIDR(clusterCIDRs[1], ipt[1]) - } + localDetectors[0], err = getLocalDetector(v1.IPv4Protocol, mode, config, nodePodCIDRs) + if err != nil { + return localDetectors, err + } + localDetectors[1], err = getLocalDetector(v1.IPv6Protocol, mode, config, nodePodCIDRs) + if err != nil { return localDetectors, err - case proxyconfigapi.LocalModeNodeCIDR: - if len(nodePodCIDRs) == 0 { - klog.InfoS("No node info available to configure detect-local-mode NodeCIDR") - break - } - // localDetectors, like ipt, need to be of the order [IPv4, IPv6], but PodCIDRs is setup so that PodCIDRs[0] == PodCIDR. - // so have to handle the case where PodCIDR can be IPv6 and set that to localDetectors[1] - if netutils.IsIPv6CIDRString(nodePodCIDRs[0]) { - localDetectors[1], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[0], ipt[1]) - if err != nil { - return localDetectors, err - } - if len(nodePodCIDRs) > 1 { - localDetectors[0], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[1], ipt[0]) - } - } else { - localDetectors[0], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[0], ipt[0]) - if err != nil { - return localDetectors, err - } - if len(nodePodCIDRs) > 1 { - localDetectors[1], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[1], ipt[1]) - } - } - return localDetectors, err - case proxyconfigapi.LocalModeBridgeInterface, proxyconfigapi.LocalModeInterfaceNamePrefix: - localDetector, err := getLocalDetector(mode, config, ipt[0], nodePodCIDRs) - if err == nil { - localDetectors[0] = localDetector - localDetectors[1] = localDetector - } - return localDetectors, err - default: - klog.InfoS("Unknown detect-local-mode", "detectLocalMode", mode) } - klog.InfoS("Defaulting to no-op detect-local", "detectLocalMode", string(mode)) return localDetectors, nil } -// cidrTuple takes a comma separated list of CIDRs and return a tuple (ipv4cidr,ipv6cidr) -// The returned tuple is guaranteed to have the order (ipv4,ipv6) and if no cidr from a family is found an -// empty string "" is inserted. -func cidrTuple(cidrList string) [2]string { - cidrs := [2]string{"", ""} - foundIPv4 := false - foundIPv6 := false - - for _, cidr := range strings.Split(cidrList, ",") { - if netutils.IsIPv6CIDRString(cidr) && !foundIPv6 { - cidrs[1] = cidr - foundIPv6 = true - } else if !foundIPv4 { - cidrs[0] = cidr - foundIPv4 = true - } - if foundIPv6 && foundIPv4 { - break - } - } - - return cidrs -} - // cleanupAndExit remove iptables rules and ipset/ipvs rules func cleanupAndExit() error { execer := exec.New() diff --git a/cmd/kube-proxy/app/server_others_test.go b/cmd/kube-proxy/app/server_others_test.go index 9323f8327a1..32311315fc8 100644 --- a/cmd/kube-proxy/app/server_others_test.go +++ b/cmd/kube-proxy/app/server_others_test.go @@ -38,8 +38,6 @@ import ( clientgotesting "k8s.io/client-go/testing" proxyconfigapi "k8s.io/kubernetes/pkg/proxy/apis/config" proxyutiliptables "k8s.io/kubernetes/pkg/proxy/util/iptables" - utiliptables "k8s.io/kubernetes/pkg/util/iptables" - utiliptablestest "k8s.io/kubernetes/pkg/util/iptables/testing" netutils "k8s.io/utils/net" "k8s.io/utils/pointer" ) @@ -109,255 +107,295 @@ func Test_platformApplyDefaults(t *testing.T) { func Test_getLocalDetector(t *testing.T) { cases := []struct { + name string mode proxyconfigapi.LocalMode config *proxyconfigapi.KubeProxyConfiguration - ipt utiliptables.Interface + family v1.IPFamily expected proxyutiliptables.LocalTrafficDetector nodePodCIDRs []string errExpected bool }{ // LocalModeClusterCIDR { + name: "LocalModeClusterCIDR, IPv4 cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: utiliptablestest.NewFake(), - expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake())), + family: v1.IPv4Protocol, + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14")), errExpected: false, }, { + name: "LocalModeClusterCIDR, IPv6 cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: utiliptablestest.NewIPv6Fake(), - expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), + family: v1.IPv6Protocol, + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64")), errExpected: false, }, { + name: "LocalModeClusterCIDR, IPv6 cluster with IPv6 config", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: utiliptablestest.NewIPv6Fake(), - expected: nil, - errExpected: true, + family: v1.IPv6Protocol, + expected: proxyutiliptables.NewNoOpLocalDetector(), + errExpected: false, }, { + name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: utiliptablestest.NewFake(), - expected: nil, - errExpected: true, + family: v1.IPv4Protocol, + expected: proxyutiliptables.NewNoOpLocalDetector(), + errExpected: false, }, { + name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster", + mode: proxyconfigapi.LocalModeClusterCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"}, + family: v1.IPv4Protocol, + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14")), + errExpected: false, + }, + { + name: "LocalModeClusterCIDR, no ClusterCIDR", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: utiliptablestest.NewFake(), + family: v1.IPv4Protocol, expected: proxyutiliptables.NewNoOpLocalDetector(), errExpected: false, }, // LocalModeNodeCIDR { + name: "LocalModeNodeCIDR, IPv4 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: utiliptablestest.NewFake(), - expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake())), + family: v1.IPv4Protocol, + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24")), nodePodCIDRs: []string{"10.0.0.0/24"}, errExpected: false, }, { + name: "LocalModeNodeCIDR, IPv6 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: utiliptablestest.NewIPv6Fake(), - expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), + family: v1.IPv6Protocol, + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")), nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"}, errExpected: false, }, { + name: "LocalModeNodeCIDR, IPv6 cluster with IPv4 config", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: utiliptablestest.NewIPv6Fake(), - expected: nil, + family: v1.IPv6Protocol, + expected: proxyutiliptables.NewNoOpLocalDetector(), nodePodCIDRs: []string{"10.0.0.0/24"}, - errExpected: true, + errExpected: false, }, { + name: "LocalModeNodeCIDR, IPv4 cluster with IPv6 config", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: utiliptablestest.NewFake(), - expected: nil, + family: v1.IPv4Protocol, + expected: proxyutiliptables.NewNoOpLocalDetector(), nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"}, - errExpected: true, + errExpected: false, }, { + name: "LocalModeNodeCIDR, IPv6 kube-proxy in dual-stack IPv4-primary cluster", + mode: proxyconfigapi.LocalModeNodeCIDR, + config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"}, + family: v1.IPv6Protocol, + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")), + nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:c0a8:101/96"}, + errExpected: false, + }, + { + name: "LocalModeNodeCIDR, no PodCIDRs", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: utiliptablestest.NewFake(), + family: v1.IPv4Protocol, expected: proxyutiliptables.NewNoOpLocalDetector(), nodePodCIDRs: []string{}, errExpected: false, }, // unknown mode { + name: "unknown LocalMode", mode: proxyconfigapi.LocalMode("abcd"), config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: utiliptablestest.NewFake(), + family: v1.IPv4Protocol, expected: proxyutiliptables.NewNoOpLocalDetector(), errExpected: false, }, // LocalModeBridgeInterface { + name: "LocalModeBrideInterface", mode: proxyconfigapi.LocalModeBridgeInterface, config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, }, + family: v1.IPv4Protocol, expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByBridgeInterface("eth")), errExpected: false, }, { + name: "LocalModeBridgeInterface, strange bridge name", mode: proxyconfigapi.LocalModeBridgeInterface, config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "1234567890123456789"}, }, + family: v1.IPv4Protocol, expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByBridgeInterface("1234567890123456789")), errExpected: false, }, // LocalModeInterfaceNamePrefix { + name: "LocalModeInterfaceNamePrefix", mode: proxyconfigapi.LocalModeInterfaceNamePrefix, config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "eth"}, }, + family: v1.IPv4Protocol, expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByInterfaceNamePrefix("eth")), errExpected: false, }, { + name: "LocalModeInterfaceNamePrefix, strange interface name", mode: proxyconfigapi.LocalModeInterfaceNamePrefix, config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "1234567890123456789"}, }, + family: v1.IPv4Protocol, expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByInterfaceNamePrefix("1234567890123456789")), errExpected: false, }, } - for i, c := range cases { - r, err := getLocalDetector(c.mode, c.config, c.ipt, c.nodePodCIDRs) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] Expected error, but succeeded with %v", i, r) + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + r, err := getLocalDetector(c.family, c.mode, c.config, c.nodePodCIDRs) + if c.errExpected { + if err == nil { + t.Errorf("Expected error, but succeeded with %v", r) + } + return } - continue - } - if err != nil { - t.Errorf("Case[%d] Error resolving detect-local: %v", i, err) - continue - } - if !reflect.DeepEqual(r, c.expected) { - t.Errorf("Case[%d] Unexpected detect-local implementation, expected: %q, got: %q", i, c.expected, r) - } + if err != nil { + t.Errorf("Error resolving detect-local: %v", err) + return + } + if !reflect.DeepEqual(r, c.expected) { + t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) + } + }) } } func Test_getDualStackLocalDetectorTuple(t *testing.T) { cases := []struct { + name string mode proxyconfigapi.LocalMode config *proxyconfigapi.KubeProxyConfiguration - ipt [2]utiliptables.Interface expected [2]proxyutiliptables.LocalTrafficDetector nodePodCIDRs []string errExpected bool }{ // LocalModeClusterCIDR { + name: "LocalModeClusterCIDR, dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( - proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14"))( + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64")), errExpected: false, }, { + name: "LocalModeClusterCIDR, dual-stack IPv6-primary cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( - proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14"))( + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64")), errExpected: false, }, { + name: "LocalModeClusterCIDR, single-stack IPv4 cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ - resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake())), + resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14")), proxyutiliptables.NewNoOpLocalDetector()}, errExpected: false, }, { + name: "LocalModeClusterCIDR, single-stack IPv6 cluster", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ proxyutiliptables.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake()))}, + resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64"))}, errExpected: false, }, { + name: "LocalModeClusterCIDR, no ClusterCIDR", mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, errExpected: false, }, // LocalModeNodeCIDR { + name: "LocalModeNodeCIDR, dual-stack IPv4-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( - proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24"))( + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")), nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:c0a8:101/96"}, errExpected: false, }, { + name: "LocalModeNodeCIDR, dual-stack IPv6-primary cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( - proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24"))( + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")), nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96", "10.0.0.0/24"}, errExpected: false, }, { + name: "LocalModeNodeCIDR, single-stack IPv4 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ - resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake())), + resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24")), proxyutiliptables.NewNoOpLocalDetector()}, nodePodCIDRs: []string{"10.0.0.0/24"}, errExpected: false, }, { + name: "LocalModeNodeCIDR, single-stack IPv6 cluster", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ proxyutiliptables.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake()))}, + resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96"))}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"}, errExpected: false, }, { + name: "LocalModeNodeCIDR, no PodCIDRs", mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, nodePodCIDRs: []string{}, errExpected: false, }, // LocalModeBridgeInterface { + name: "LocalModeBridgeInterface", mode: proxyconfigapi.LocalModeBridgeInterface, config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, @@ -369,6 +407,7 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { }, // LocalModeInterfaceNamePrefix { + name: "LocalModeInterfaceNamePrefix", mode: proxyconfigapi.LocalModeInterfaceNamePrefix, config: &proxyconfigapi.KubeProxyConfiguration{ DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "veth"}, @@ -379,21 +418,23 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { errExpected: false, }, } - for i, c := range cases { - r, err := getDualStackLocalDetectorTuple(c.mode, c.config, c.ipt, c.nodePodCIDRs) - if c.errExpected { - if err == nil { - t.Errorf("Case[%d] expected error, but succeeded with %q", i, r) + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + r, err := getDualStackLocalDetectorTuple(c.mode, c.config, c.nodePodCIDRs) + if c.errExpected { + if err == nil { + t.Errorf("Expected error, but succeeded with %q", r) + } + return } - continue - } - if err != nil { - t.Errorf("Case[%d] Error resolving detect-local: %v", i, err) - continue - } - if !reflect.DeepEqual(r, c.expected) { - t.Errorf("Case[%d] Unexpected detect-local implementation, expected: %q, got: %q", i, c.expected, r) - } + if err != nil { + t.Errorf("Error resolving detect-local: %v", err) + return + } + if !reflect.DeepEqual(r, c.expected) { + t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r) + } + }) } } diff --git a/pkg/proxy/iptables/proxier_test.go b/pkg/proxy/iptables/proxier_test.go index 166f7e1ffbc..7d104da9987 100644 --- a/pkg/proxy/iptables/proxier_test.go +++ b/pkg/proxy/iptables/proxier_test.go @@ -291,7 +291,7 @@ func NewFakeProxier(ipt utiliptables.Interface) *Proxier { ipfamily = v1.IPv6Protocol podCIDR = "fd00::/64" } - detectLocal, _ := proxyutiliptables.NewDetectLocalByCIDR(podCIDR, ipt) + detectLocal, _ := proxyutiliptables.NewDetectLocalByCIDR(podCIDR) networkInterfacer := proxyutiltest.NewFakeNetwork() itf := net.Interface{Index: 0, MTU: 0, Name: "lo", HardwareAddr: nil, Flags: 0} diff --git a/pkg/proxy/util/iptables/traffic.go b/pkg/proxy/util/iptables/traffic.go index 4666c6c3de6..f27d89e9a57 100644 --- a/pkg/proxy/util/iptables/traffic.go +++ b/pkg/proxy/util/iptables/traffic.go @@ -19,7 +19,6 @@ package iptables import ( "fmt" - utiliptables "k8s.io/kubernetes/pkg/util/iptables" netutils "k8s.io/utils/net" ) @@ -62,10 +61,7 @@ type detectLocalByCIDR struct { // NewDetectLocalByCIDR implements the LocalTrafficDetector interface using a CIDR. This can be used when a single CIDR // range can be used to capture the notion of local traffic. -func NewDetectLocalByCIDR(cidr string, ipt utiliptables.Interface) (LocalTrafficDetector, error) { - if netutils.IsIPv6CIDRString(cidr) != ipt.IsIPv6() { - return nil, fmt.Errorf("CIDR %s has incorrect IP version: expect isIPv6=%t", cidr, ipt.IsIPv6()) - } +func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) { _, _, err := netutils.ParseCIDRSloppy(cidr) if err != nil { return nil, err diff --git a/pkg/proxy/util/iptables/traffic_test.go b/pkg/proxy/util/iptables/traffic_test.go index f74b850b2fa..f60169de9da 100644 --- a/pkg/proxy/util/iptables/traffic_test.go +++ b/pkg/proxy/util/iptables/traffic_test.go @@ -19,9 +19,6 @@ package iptables import ( "reflect" "testing" - - utiliptables "k8s.io/kubernetes/pkg/util/iptables" - iptablestest "k8s.io/kubernetes/pkg/util/iptables/testing" ) func TestNoOpLocalDetector(t *testing.T) { @@ -44,52 +41,35 @@ func TestNoOpLocalDetector(t *testing.T) { func TestNewDetectLocalByCIDR(t *testing.T) { cases := []struct { cidr string - ipt utiliptables.Interface errExpected bool }{ { cidr: "10.0.0.0/14", - ipt: iptablestest.NewFake(), errExpected: false, }, { cidr: "2002::1234:abcd:ffff:c0a8:101/64", - ipt: iptablestest.NewIPv6Fake(), errExpected: false, }, - { - cidr: "10.0.0.0/14", - ipt: iptablestest.NewIPv6Fake(), - errExpected: true, - }, - { - cidr: "2002::1234:abcd:ffff:c0a8:101/64", - ipt: iptablestest.NewFake(), - errExpected: true, - }, { cidr: "10.0.0.0", - ipt: iptablestest.NewFake(), errExpected: true, }, { cidr: "2002::1234:abcd:ffff:c0a8:101", - ipt: iptablestest.NewIPv6Fake(), errExpected: true, }, { cidr: "", - ipt: iptablestest.NewFake(), errExpected: true, }, { cidr: "", - ipt: iptablestest.NewIPv6Fake(), errExpected: true, }, } for i, c := range cases { - r, err := NewDetectLocalByCIDR(c.cidr, c.ipt) + r, err := NewDetectLocalByCIDR(c.cidr) if c.errExpected { if err == nil { t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) @@ -105,25 +85,22 @@ func TestNewDetectLocalByCIDR(t *testing.T) { func TestDetectLocalByCIDR(t *testing.T) { cases := []struct { cidr string - ipt utiliptables.Interface expectedIfLocalOutput []string expectedIfNotLocalOutput []string }{ { cidr: "10.0.0.0/14", - ipt: iptablestest.NewFake(), expectedIfLocalOutput: []string{"-s", "10.0.0.0/14"}, expectedIfNotLocalOutput: []string{"!", "-s", "10.0.0.0/14"}, }, { cidr: "2002::1234:abcd:ffff:c0a8:101/64", - ipt: iptablestest.NewIPv6Fake(), expectedIfLocalOutput: []string{"-s", "2002::1234:abcd:ffff:c0a8:101/64"}, expectedIfNotLocalOutput: []string{"!", "-s", "2002::1234:abcd:ffff:c0a8:101/64"}, }, } for _, c := range cases { - localDetector, err := NewDetectLocalByCIDR(c.cidr, c.ipt) + localDetector, err := NewDetectLocalByCIDR(c.cidr) if err != nil { t.Errorf("Error initializing localDetector: %v", err) continue