github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 05:03:09 +00:00
Code Issues Projects Releases Wiki Activity

kube-proxy: inline args in most cases

Browse Source
This commit is contained in:
Tim Hockin 2022-03-28 16:59:47 -07:00
parent c4271c9a6f
commit 7726b5f9fc
1 changed files with 8 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/proxy/iptables/proxier.go
View File

@ -1192,18 +1192,14 @@ func (proxier *Proxier) syncProxyRules() {
// Capture externalIPs. // Capture externalIPs.
for _, externalIP := range svcInfo.ExternalIPStrings() { for _, externalIP := range svcInfo.ExternalIPStrings() {
if hasEndpoints { if hasEndpoints {
args = append(args[:0],
"-m", "comment", "--comment", fmt.Sprintf(`"%s external IP"`, svcNameString),
"-m", protocol, "-p", protocol,
"-d", externalIP,
"--dport", strconv.Itoa(svcInfo.Port()),
)
// Send traffic bound for external IPs to the "external // Send traffic bound for external IPs to the "external
// destinations" chain. // destinations" chain.
proxier.natRules.Write( proxier.natRules.Write(
"-A", string(kubeServicesChain), "-A", string(kubeServicesChain),
args, "-m", "comment", "--comment", fmt.Sprintf(`"%s external IP"`, svcNameString),
"-m", protocol, "-p", protocol,
"-d", externalIP,
"--dport", strconv.Itoa(svcInfo.Port()),
"-j", string(externalTrafficChain)) "-j", string(externalTrafficChain))
} else { } else {
@ -1235,15 +1231,13 @@ func (proxier *Proxier) syncProxyRules() {
activeNATChains[fwChain] = true activeNATChains[fwChain] = true
for _, lbip := range svcInfo.LoadBalancerIPStrings() { for _, lbip := range svcInfo.LoadBalancerIPStrings() {
args = append(args[:0], proxier.natRules.Write(
"-A", string(kubeServicesChain), "-A", string(kubeServicesChain),
"-m", "comment", "--comment", fmt.Sprintf(`"%s loadbalancer IP"`, svcNameString), "-m", "comment", "--comment", fmt.Sprintf(`"%s loadbalancer IP"`, svcNameString),
"-m", protocol, "-p", protocol, "-m", protocol, "-p", protocol,
"-d", lbip, "-d", lbip,
"--dport", strconv.Itoa(svcInfo.Port()), "--dport", strconv.Itoa(svcInfo.Port()),
) "-j", string(fwChain))
// LBIP matches jump to the firewall chain first.
proxier.natRules.Write(args, "-j", string(fwChain))
args = append(args[:0], args = append(args[:0],
"-A", string(fwChain), "-A", string(fwChain),
@ -1382,12 +1376,11 @@ func (proxier *Proxier) syncProxyRules() {
// other service portal rules. // other service portal rules.
for address := range nodeAddresses { for address := range nodeAddresses {
if utilproxy.IsZeroCIDR(address) { if utilproxy.IsZeroCIDR(address) {
args = append(args[:0], proxier.natRules.Write(
"-A", string(kubeServicesChain), "-A", string(kubeServicesChain),
"-m", "comment", "--comment", `"kubernetes service nodeports; NOTE: this must be the last rule in this chain"`, "-m", "comment", "--comment", `"kubernetes service nodeports; NOTE: this must be the last rule in this chain"`,
"-m", "addrtype", "--dst-type", "LOCAL", "-m", "addrtype", "--dst-type", "LOCAL",
"-j", string(kubeNodePortsChain)) "-j", string(kubeNodePortsChain))
proxier.natRules.Write(args)
// Nothing else matters after the zero CIDR. // Nothing else matters after the zero CIDR.
break break
} }
@ -1397,12 +1390,11 @@ func (proxier *Proxier) syncProxyRules() {
continue continue
} }
// create nodeport rules for each IP one by one // create nodeport rules for each IP one by one
args = append(args[:0], proxier.natRules.Write(
"-A", string(kubeServicesChain), "-A", string(kubeServicesChain),
"-m", "comment", "--comment", `"kubernetes service nodeports; NOTE: this must be the last rule in this chain"`, "-m", "comment", "--comment", `"kubernetes service nodeports; NOTE: this must be the last rule in this chain"`,
"-d", address, "-d", address,
"-j", string(kubeNodePortsChain)) "-j", string(kubeNodePortsChain))
proxier.natRules.Write(args)
} }
// Drop the packets in INVALID state, which would potentially cause // Drop the packets in INVALID state, which would potentially cause