Merge pull request #91886 from sbangari/fixsourcevip

Fix access to Kubernetes Service from inside Windows Pod when two ser…
2025-07-22 19:31:44 +00:00 · 2020-06-09 14:49:50 -07:00 · 2020-06-09 14:49:50 -07:00 · 6ac3ca4b17
commit 6ac3ca4b17
parent dbfc3aa877 c3eb69c1f1
2 changed files with 53 additions and 15 deletions
--- a/pkg/proxy/winkernel/proxier.go
+++ b/pkg/proxy/winkernel/proxier.go
@ -290,6 +290,24 @@ func newServiceInfo(svcPortName proxy.ServicePortName, port *v1.ServicePort, ser
 	return info
 }

+func (network hnsNetworkInfo) findRemoteSubnetProviderAddress(ip string) string {
+	var providerAddress string
+	for _, rs := range network.remoteSubnets {
+		_, ipNet, err := net.ParseCIDR(rs.destinationPrefix)
+		if err != nil {
+			klog.Fatalf("%v", err)
+		}
+		if ipNet.Contains(net.ParseIP(ip)) {
+			providerAddress = rs.providerAddress
+		}
+		if ip == rs.providerAddress {
+			providerAddress = rs.providerAddress
+		}
+	}
+
+	return providerAddress
+}
+
 type endpointsChange struct {
 	previous proxyEndpointsMap
 	current  proxyEndpointsMap
@ -1169,24 +1187,12 @@ func (proxier *Proxier) syncProxyRules() {
 						return
 					}
 					proxier.network = *updatedNetwork
-					var providerAddress string
-					for _, rs := range proxier.network.remoteSubnets {
-						_, ipNet, err := net.ParseCIDR(rs.destinationPrefix)
-						if err != nil {
-							klog.Fatalf("%v", err)
-						}
-						if ipNet.Contains(net.ParseIP(ep.ip)) {
-							providerAddress = rs.providerAddress
-						}
-						if ep.ip == rs.providerAddress {
-							providerAddress = rs.providerAddress
-							containsNodeIP = true
-						}
-					}
+
+					providerAddress := proxier.network.findRemoteSubnetProviderAddress(ep.ip)
+
 					if len(providerAddress) == 0 {
 						klog.Infof("Could not find provider address for %s. Assuming it is a public IP", ep.ip)
 						providerAddress = proxier.nodeIP.String()
-						containsPublicIP = true
 					}

 					hnsEndpoint := &endpointsInfo{
@ -1216,6 +1222,17 @@ func (proxier *Proxier) syncProxyRules() {
 				}
 			}

+			if proxier.network.networkType == "Overlay" {
+				providerAddress := proxier.network.findRemoteSubnetProviderAddress(ep.ip)
+
+				isNodeIP := (ep.ip == providerAddress)
+				isPublicIP := (len(providerAddress) == 0)
+				klog.Infof("Endpoint %s on overlay network %s is classified as NodeIp: %v, Public Ip: %v", ep.ip, hnsNetworkName, isNodeIP, isPublicIP)
+
+				containsNodeIP = containsNodeIP || isNodeIP
+				containsPublicIP = containsPublicIP || isPublicIP
+			}
+
 			// Save the hnsId for reference
 			LogJson(newHnsEndpoint, "Hns Endpoint resource", 1)
 			hnsEndpoints = append(hnsEndpoints, *newHnsEndpoint)
--- a/pkg/proxy/winkernel/proxier_test.go
+++ b/pkg/proxy/winkernel/proxier_test.go
@ -340,6 +340,27 @@ func TestNoopEndpointSlice(t *testing.T) {
 	p.OnEndpointSlicesSynced()
 }

+func TestFindRemoteSubnetProviderAddress(t *testing.T) {
+	networkInfo, _ := newFakeHNS().getNetworkByName("TestNetwork")
+	pa := networkInfo.findRemoteSubnetProviderAddress(providerAddress)
+
+	if pa != providerAddress {
+		t.Errorf("%v does not match %v", pa, providerAddress)
+	}
+
+	pa = networkInfo.findRemoteSubnetProviderAddress(epIpAddressRemote)
+
+	if pa != providerAddress {
+		t.Errorf("%v does not match %v", pa, providerAddress)
+	}
+
+	pa = networkInfo.findRemoteSubnetProviderAddress(serviceVip)
+
+	if len(pa) != 0 {
+		t.Errorf("Provider address is not empty as expected")
+	}
+}
+
 func makeNSN(namespace, name string) types.NamespacedName {
 	return types.NamespacedName{Namespace: namespace, Name: name}
 }