From b0d9c063a876153046d5f7f0e1d4916c53565308 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Wed, 27 Apr 2022 16:03:37 -0400 Subject: [PATCH] unexport mistakenly-exported constants --- pkg/proxy/iptables/proxier.go | 28 +++---- pkg/proxy/iptables/proxier_test.go | 4 +- pkg/proxy/ipvs/proxier.go | 130 ++++++++++++++--------------- pkg/proxy/ipvs/proxier_test.go | 100 +++++++++++----------- 4 files changed, 131 insertions(+), 131 deletions(-) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index bd8819b5156..55b32fd420d 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -69,11 +69,11 @@ const ( // the kubernetes postrouting chain kubePostroutingChain utiliptables.Chain = "KUBE-POSTROUTING" - // KubeMarkMasqChain is the mark-for-masquerade chain - KubeMarkMasqChain utiliptables.Chain = "KUBE-MARK-MASQ" + // kubeMarkMasqChain is the mark-for-masquerade chain + kubeMarkMasqChain utiliptables.Chain = "KUBE-MARK-MASQ" - // KubeMarkDropChain is the mark-for-drop chain - KubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" + // kubeMarkDropChain is the mark-for-drop chain + kubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" // the kubernetes forward chain kubeForwardChain utiliptables.Chain = "KUBE-FORWARD" @@ -392,7 +392,7 @@ var iptablesEnsureChains = []struct { table utiliptables.Table chain utiliptables.Chain }{ - {utiliptables.TableNAT, KubeMarkDropChain}, + {utiliptables.TableNAT, kubeMarkDropChain}, } var iptablesCleanupOnlyChains = []iptablesJumpChain{ @@ -925,7 +925,7 @@ func (proxier *Proxier) syncProxyRules() { proxier.filterChains.Write(utiliptables.MakeChainLine(chainName)) } } - for _, chainName := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain, KubeMarkMasqChain} { + for _, chainName := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain, kubeMarkMasqChain} { if chain, ok := existingNATChains[chainName]; ok { proxier.natChains.WriteBytes(chain) } else { @@ -961,7 +961,7 @@ func (proxier *Proxier) syncProxyRules() { // this so that it is easier to flush and change, for example if the mark // value should ever change. proxier.natRules.Write( - "-A", string(KubeMarkMasqChain), + "-A", string(kubeMarkMasqChain), "-j", "MARK", "--or-mark", proxier.masqueradeMark, ) @@ -1042,7 +1042,7 @@ func (proxier *Proxier) syncProxyRules() { proxier.natRules.Write( args, "-s", epInfo.IP(), - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) // Update client-affinity lists. if svcInfo.SessionAffinityType() == v1.ServiceAffinityClientIP { args = append(args, "-m", "recent", "--name", string(endpointChain), "--set") @@ -1114,7 +1114,7 @@ func (proxier *Proxier) syncProxyRules() { proxier.natRules.Write( "-A", string(externalTrafficChain), "-m", "comment", "--comment", fmt.Sprintf(`"masquerade traffic for %s external destinations"`, svcNameString), - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) } else { // If we are only using same-node endpoints, we can retain the // source IP in most cases. @@ -1138,7 +1138,7 @@ func (proxier *Proxier) syncProxyRules() { "-A", string(externalTrafficChain), "-m", "comment", "--comment", fmt.Sprintf(`"masquerade LOCAL traffic for %s external destinations"`, svcNameString), "-m", "addrtype", "--src-type", "LOCAL", - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) // Redirect all src-type=LOCAL -> external destination to the // policy=cluster chain. This allows traffic originating @@ -1168,7 +1168,7 @@ func (proxier *Proxier) syncProxyRules() { proxier.natRules.Write( "-A", string(internalTrafficChain), args, - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) } else if proxier.localDetector.IsImplemented() { // This masquerades off-cluster traffic to a service VIP. The idea // is that you can establish a static route for your Service range, @@ -1178,7 +1178,7 @@ func (proxier *Proxier) syncProxyRules() { "-A", string(internalTrafficChain), args, proxier.localDetector.IfNotLocal(), - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) } proxier.natRules.Write( "-A", string(kubeServicesChain), @@ -1282,7 +1282,7 @@ func (proxier *Proxier) syncProxyRules() { // If the packet was able to reach the end of firewall chain, // then it did not get DNATed. It means the packet cannot go // thru the firewall, then mark it for DROP. - proxier.natRules.Write(args, "-j", string(KubeMarkDropChain)) + proxier.natRules.Write(args, "-j", string(kubeMarkDropChain)) } for _, lbip := range svcInfo.LoadBalancerIPStrings() { @@ -1368,7 +1368,7 @@ func (proxier *Proxier) syncProxyRules() { "-A", string(localPolicyChain), "-m", "comment", "--comment", fmt.Sprintf(`"%s has no local endpoints"`, svcNameString), - "-j", string(KubeMarkDropChain)) + "-j", string(kubeMarkDropChain)) } } } diff --git a/pkg/proxy/iptables/proxier_test.go b/pkg/proxy/iptables/proxier_test.go index 8dac0068467..c15ba27363e 100644 --- a/pkg/proxy/iptables/proxier_test.go +++ b/pkg/proxy/iptables/proxier_test.go @@ -746,7 +746,7 @@ func checkIPTablesRuleJumps(ruleData string) error { // Ignore jumps to chains that we expect to exist even if kube-proxy // didn't create them itself. jumpedChains.Delete("ACCEPT", "REJECT", "DROP", "MARK", "RETURN", "DNAT", "SNAT", "MASQUERADE") - jumpedChains.Delete(string(KubeMarkDropChain)) + jumpedChains.Delete(string(kubeMarkDropChain)) // Find cases where we have "-A FOO ... -j BAR" but no ":BAR", meaning // that we are jumping to a chain that was not created. @@ -769,7 +769,7 @@ func checkIPTablesRuleJumps(ruleData string) error { // Find cases where we have ":BAR" but no "-A FOO ... -j BAR", meaning // that we are creating an empty chain but not using it for anything. extraChains := createdChains.Difference(jumpedChains) - extraChains.Delete(string(kubeServicesChain), string(kubeExternalServicesChain), string(kubeNodePortsChain), string(kubePostroutingChain), string(kubeForwardChain), string(KubeMarkMasqChain)) + extraChains.Delete(string(kubeServicesChain), string(kubeExternalServicesChain), string(kubeNodePortsChain), string(kubePostroutingChain), string(kubeForwardChain), string(kubeMarkMasqChain)) if len(extraChains) > 0 { return fmt.Errorf("some chains in %s are created but not used: %v", tableName, extraChains.List()) } diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 566a60bbc62..cd2fca75198 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -64,31 +64,31 @@ const ( kubeServicesChain utiliptables.Chain = "KUBE-SERVICES" // KubeFireWallChain is the kubernetes firewall chain. - KubeFireWallChain utiliptables.Chain = "KUBE-FIREWALL" + kubeFirewallChain utiliptables.Chain = "KUBE-FIREWALL" // kubePostroutingChain is the kubernetes postrouting chain kubePostroutingChain utiliptables.Chain = "KUBE-POSTROUTING" - // KubeMarkMasqChain is the mark-for-masquerade chain - KubeMarkMasqChain utiliptables.Chain = "KUBE-MARK-MASQ" + // kubeMarkMasqChain is the mark-for-masquerade chain + kubeMarkMasqChain utiliptables.Chain = "KUBE-MARK-MASQ" - // KubeNodePortChain is the kubernetes node port chain - KubeNodePortChain utiliptables.Chain = "KUBE-NODE-PORT" + // kubeNodePortChain is the kubernetes node port chain + kubeNodePortChain utiliptables.Chain = "KUBE-NODE-PORT" // KubeMarkDropChain is the mark-for-drop chain - KubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" + kubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" - // KubeForwardChain is the kubernetes forward chain - KubeForwardChain utiliptables.Chain = "KUBE-FORWARD" + // kubeForwardChain is the kubernetes forward chain + kubeForwardChain utiliptables.Chain = "KUBE-FORWARD" - // KubeLoadBalancerChain is the kubernetes chain for loadbalancer type service - KubeLoadBalancerChain utiliptables.Chain = "KUBE-LOAD-BALANCER" + // kubeLoadBalancerChain is the kubernetes chain for loadbalancer type service + kubeLoadBalancerChain utiliptables.Chain = "KUBE-LOAD-BALANCER" - // DefaultScheduler is the default ipvs scheduler algorithm - round robin. - DefaultScheduler = "rr" + // defaultScheduler is the default ipvs scheduler algorithm - round robin. + defaultScheduler = "rr" - // DefaultDummyDevice is the default dummy interface which ipvs service address will bind to it. - DefaultDummyDevice = "kube-ipvs0" + // defaultDummyDevice is the default dummy interface which ipvs service address will bind to it. + defaultDummyDevice = "kube-ipvs0" connReuseMinSupportedKernelVersion = "4.1" @@ -108,8 +108,8 @@ var iptablesJumpChain = []struct { {utiliptables.TableNAT, utiliptables.ChainOutput, kubeServicesChain, "kubernetes service portals"}, {utiliptables.TableNAT, utiliptables.ChainPrerouting, kubeServicesChain, "kubernetes service portals"}, {utiliptables.TableNAT, utiliptables.ChainPostrouting, kubePostroutingChain, "kubernetes postrouting rules"}, - {utiliptables.TableFilter, utiliptables.ChainForward, KubeForwardChain, "kubernetes forwarding rules"}, - {utiliptables.TableFilter, utiliptables.ChainInput, KubeNodePortChain, "kubernetes health check rules"}, + {utiliptables.TableFilter, utiliptables.ChainForward, kubeForwardChain, "kubernetes forwarding rules"}, + {utiliptables.TableFilter, utiliptables.ChainInput, kubeNodePortChain, "kubernetes health check rules"}, } var iptablesChains = []struct { @@ -118,19 +118,19 @@ var iptablesChains = []struct { }{ {utiliptables.TableNAT, kubeServicesChain}, {utiliptables.TableNAT, kubePostroutingChain}, - {utiliptables.TableNAT, KubeFireWallChain}, - {utiliptables.TableNAT, KubeNodePortChain}, - {utiliptables.TableNAT, KubeLoadBalancerChain}, - {utiliptables.TableNAT, KubeMarkMasqChain}, - {utiliptables.TableFilter, KubeForwardChain}, - {utiliptables.TableFilter, KubeNodePortChain}, + {utiliptables.TableNAT, kubeFirewallChain}, + {utiliptables.TableNAT, kubeNodePortChain}, + {utiliptables.TableNAT, kubeLoadBalancerChain}, + {utiliptables.TableNAT, kubeMarkMasqChain}, + {utiliptables.TableFilter, kubeForwardChain}, + {utiliptables.TableFilter, kubeNodePortChain}, } var iptablesEnsureChains = []struct { table utiliptables.Table chain utiliptables.Chain }{ - {utiliptables.TableNAT, KubeMarkDropChain}, + {utiliptables.TableNAT, kubeMarkDropChain}, } var iptablesCleanupChains = []struct { @@ -139,11 +139,11 @@ var iptablesCleanupChains = []struct { }{ {utiliptables.TableNAT, kubeServicesChain}, {utiliptables.TableNAT, kubePostroutingChain}, - {utiliptables.TableNAT, KubeFireWallChain}, - {utiliptables.TableNAT, KubeNodePortChain}, - {utiliptables.TableNAT, KubeLoadBalancerChain}, - {utiliptables.TableFilter, KubeForwardChain}, - {utiliptables.TableFilter, KubeNodePortChain}, + {utiliptables.TableNAT, kubeFirewallChain}, + {utiliptables.TableNAT, kubeNodePortChain}, + {utiliptables.TableNAT, kubeLoadBalancerChain}, + {utiliptables.TableFilter, kubeForwardChain}, + {utiliptables.TableFilter, kubeNodePortChain}, } // ipsetInfo is all ipset we needed in ipvs proxier @@ -183,17 +183,17 @@ var ipsetWithIptablesChain = []struct { protocolMatch string }{ {kubeLoopBackIPSet, string(kubePostroutingChain), "MASQUERADE", "dst,dst,src", ""}, - {kubeLoadBalancerSet, string(kubeServicesChain), string(KubeLoadBalancerChain), "dst,dst", ""}, - {kubeLoadbalancerFWSet, string(KubeLoadBalancerChain), string(KubeFireWallChain), "dst,dst", ""}, - {kubeLoadBalancerSourceCIDRSet, string(KubeFireWallChain), "RETURN", "dst,dst,src", ""}, - {kubeLoadBalancerSourceIPSet, string(KubeFireWallChain), "RETURN", "dst,dst,src", ""}, - {kubeLoadBalancerLocalSet, string(KubeLoadBalancerChain), "RETURN", "dst,dst", ""}, - {kubeNodePortLocalSetTCP, string(KubeNodePortChain), "RETURN", "dst", utilipset.ProtocolTCP}, - {kubeNodePortSetTCP, string(KubeNodePortChain), string(KubeMarkMasqChain), "dst", utilipset.ProtocolTCP}, - {kubeNodePortLocalSetUDP, string(KubeNodePortChain), "RETURN", "dst", utilipset.ProtocolUDP}, - {kubeNodePortSetUDP, string(KubeNodePortChain), string(KubeMarkMasqChain), "dst", utilipset.ProtocolUDP}, - {kubeNodePortLocalSetSCTP, string(KubeNodePortChain), "RETURN", "dst,dst", utilipset.ProtocolSCTP}, - {kubeNodePortSetSCTP, string(KubeNodePortChain), string(KubeMarkMasqChain), "dst,dst", utilipset.ProtocolSCTP}, + {kubeLoadBalancerSet, string(kubeServicesChain), string(kubeLoadBalancerChain), "dst,dst", ""}, + {kubeLoadbalancerFWSet, string(kubeLoadBalancerChain), string(kubeFirewallChain), "dst,dst", ""}, + {kubeLoadBalancerSourceCIDRSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""}, + {kubeLoadBalancerSourceIPSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""}, + {kubeLoadBalancerLocalSet, string(kubeLoadBalancerChain), "RETURN", "dst,dst", ""}, + {kubeNodePortLocalSetTCP, string(kubeNodePortChain), "RETURN", "dst", utilipset.ProtocolTCP}, + {kubeNodePortSetTCP, string(kubeNodePortChain), string(kubeMarkMasqChain), "dst", utilipset.ProtocolTCP}, + {kubeNodePortLocalSetUDP, string(kubeNodePortChain), "RETURN", "dst", utilipset.ProtocolUDP}, + {kubeNodePortSetUDP, string(kubeNodePortChain), string(kubeMarkMasqChain), "dst", utilipset.ProtocolUDP}, + {kubeNodePortLocalSetSCTP, string(kubeNodePortChain), "RETURN", "dst,dst", utilipset.ProtocolSCTP}, + {kubeNodePortSetSCTP, string(kubeNodePortChain), string(kubeMarkMasqChain), "dst,dst", utilipset.ProtocolSCTP}, } // In IPVS proxy mode, the following flags need to be set @@ -334,7 +334,7 @@ func (r *realIPGetter) NodeIPs() (ips []net.IP, err error) { // BindedIPs returns all addresses that are binded to the IPVS dummy interface kube-ipvs0 func (r *realIPGetter) BindedIPs() (sets.String, error) { - return r.nl.GetLocalAddresses(DefaultDummyDevice) + return r.nl.GetLocalAddresses(defaultDummyDevice) } // Proxier implements proxy.Provider @@ -449,7 +449,7 @@ func NewProxier(ipt utiliptables.Interface, if len(scheduler) == 0 { klog.InfoS("IPVS scheduler not specified, use rr by default") - scheduler = DefaultScheduler + scheduler = defaultScheduler } serviceHealthServer := healthcheck.NewServiceHealthServer(hostname, recorder, nodePortAddresses) @@ -732,7 +732,7 @@ func CanUseIPVSProxier(handle KernelHandler, ipsetver IPSetVersioner, scheduler wantModules := sets.NewString() // We check for the existence of the scheduler mod and will trigger a missingMods error if not found if scheduler == "" { - scheduler = DefaultScheduler + scheduler = defaultScheduler } schedulerMod := "ip_vs_" + scheduler mods = append(mods, schedulerMod) @@ -819,9 +819,9 @@ func CleanupLeftovers(ipvs utilipvs.Interface, ipt utiliptables.Interface, ipset } // Delete dummy interface created by ipvs Proxier. nl := NewNetLinkHandle(false) - err := nl.DeleteDummyDevice(DefaultDummyDevice) + err := nl.DeleteDummyDevice(defaultDummyDevice) if err != nil { - klog.ErrorS(err, "Error deleting dummy device created by ipvs proxier", "device", DefaultDummyDevice) + klog.ErrorS(err, "Error deleting dummy device created by ipvs proxier", "device", defaultDummyDevice) encounteredError = true } // Clear iptables created by ipvs Proxier. @@ -1060,9 +1060,9 @@ func (proxier *Proxier) syncProxyRules() { proxier.createAndLinkKubeChain() // make sure dummy interface exists in the system where ipvs Proxier will bind service address on it - _, err := proxier.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) + _, err := proxier.netlinkHandle.EnsureDummyDevice(defaultDummyDevice) if err != nil { - klog.ErrorS(err, "Failed to create dummy interface", "interface", DefaultDummyDevice) + klog.ErrorS(err, "Failed to create dummy interface", "interface", defaultDummyDevice) return } @@ -1078,7 +1078,7 @@ func (proxier *Proxier) syncProxyRules() { activeIPVSServices := map[string]bool{} // currentIPVSServices represent IPVS services listed from the system currentIPVSServices := make(map[string]*utilipvs.VirtualServer) - // activeBindAddrs represents ip address successfully bind to DefaultDummyDevice in this round of sync + // activeBindAddrs represents ip address successfully bind to defaultDummyDevice in this round of sync activeBindAddrs := map[string]bool{} bindedAddresses, err := proxier.ipGetter.BindedIPs() @@ -1575,8 +1575,8 @@ func (proxier *Proxier) syncProxyRules() { } // Get legacy bind address - // currentBindAddrs represents ip addresses bind to DefaultDummyDevice from the system - currentBindAddrs, err := proxier.netlinkHandle.ListBindAddress(DefaultDummyDevice) + // currentBindAddrs represents ip addresses bind to defaultDummyDevice from the system + currentBindAddrs, err := proxier.netlinkHandle.ListBindAddress(defaultDummyDevice) if err != nil { klog.ErrorS(err, "Failed to get bind address") } @@ -1661,7 +1661,7 @@ func (proxier *Proxier) writeIptablesRules() { if proxier.masqueradeAll { proxier.natRules.Write( args, "dst,dst", - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) } else if proxier.localDetector.IsImplemented() { // This masquerades off-cluster traffic to a service VIP. The idea // is that you can establish a static route for your Service range, @@ -1671,7 +1671,7 @@ func (proxier *Proxier) writeIptablesRules() { proxier.natRules.Write( args, "dst,dst", proxier.localDetector.IfNotLocal(), - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) } else { // Masquerade all OUTPUT traffic coming from a service ip. // The kube dummy interface has all service VIPs assigned which @@ -1682,7 +1682,7 @@ func (proxier *Proxier) writeIptablesRules() { // source ip and service port destination fixes the outgoing connections. proxier.natRules.Write( args, "src,dst", - "-j", string(KubeMarkMasqChain)) + "-j", string(kubeMarkMasqChain)) } } @@ -1710,7 +1710,7 @@ func (proxier *Proxier) writeIptablesRules() { "-m", "set", "--match-set", proxier.ipsetList[kubeExternalIPSet].Name, "dst,dst", ) - proxier.natRules.Write(args, "-j", string(KubeMarkMasqChain)) + proxier.natRules.Write(args, "-j", string(kubeMarkMasqChain)) externalIPRules(args) } @@ -1729,18 +1729,18 @@ func (proxier *Proxier) writeIptablesRules() { "-A", string(kubeServicesChain), "-m", "addrtype", "--dst-type", "LOCAL", ) - proxier.natRules.Write(args, "-j", string(KubeNodePortChain)) + proxier.natRules.Write(args, "-j", string(kubeNodePortChain)) // mark drop for KUBE-LOAD-BALANCER proxier.natRules.Write( - "-A", string(KubeLoadBalancerChain), - "-j", string(KubeMarkMasqChain), + "-A", string(kubeLoadBalancerChain), + "-j", string(kubeMarkMasqChain), ) // mark drop for KUBE-FIRE-WALL proxier.natRules.Write( - "-A", string(KubeFireWallChain), - "-j", string(KubeMarkDropChain), + "-A", string(kubeFirewallChain), + "-j", string(kubeMarkDropChain), ) // Accept all traffic with destination of ipvs virtual service, in case other iptables rules @@ -1752,7 +1752,7 @@ func (proxier *Proxier) writeIptablesRules() { // traffic, this allows NodePort traffic to be forwarded even if the default // FORWARD policy is not accept. proxier.filterRules.Write( - "-A", string(KubeForwardChain), + "-A", string(kubeForwardChain), "-m", "comment", "--comment", `"kubernetes forwarding rules"`, "-m", "mark", "--mark", fmt.Sprintf("%s/%s", proxier.masqueradeMark, proxier.masqueradeMark), "-j", "ACCEPT", @@ -1761,7 +1761,7 @@ func (proxier *Proxier) writeIptablesRules() { // The following rule ensures the traffic after the initial packet accepted // by the "kubernetes forwarding rules" rule above will be accepted. proxier.filterRules.Write( - "-A", string(KubeForwardChain), + "-A", string(kubeForwardChain), "-m", "comment", "--comment", `"kubernetes forwarding conntrack rule"`, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", @@ -1770,7 +1770,7 @@ func (proxier *Proxier) writeIptablesRules() { // Add rule to accept traffic towards health check node port proxier.filterRules.Write( - "-A", string(KubeNodePortChain), + "-A", string(kubeNodePortChain), "-m", "comment", "--comment", proxier.ipsetList[kubeHealthCheckNodePortSet].getComment(), "-m", "set", "--match-set", proxier.ipsetList[kubeHealthCheckNodePortSet].Name, "dst", "-j", "ACCEPT", @@ -1805,7 +1805,7 @@ func (proxier *Proxier) writeIptablesRules() { // this so that it is easier to flush and change, for example if the mark // value should ever change. proxier.natRules.Write( - "-A", string(KubeMarkMasqChain), + "-A", string(kubeMarkMasqChain), "-j", "MARK", "--or-mark", proxier.masqueradeMark, ) @@ -1949,7 +1949,7 @@ func (proxier *Proxier) syncService(svcName string, vs *utilipvs.VirtualServer, } klog.V(4).InfoS("Bind address", "address", vs.Address) - _, err := proxier.netlinkHandle.EnsureAddressBind(vs.Address.String(), DefaultDummyDevice) + _, err := proxier.netlinkHandle.EnsureAddressBind(vs.Address.String(), defaultDummyDevice) if err != nil { klog.ErrorS(err, "Failed to bind service address to dummy device", "serviceName", svcName) return err @@ -2109,8 +2109,8 @@ func (proxier *Proxier) cleanLegacyService(activeServices map[string]bool, curre addr := svc.Address.String() if _, ok := legacyBindAddrs[addr]; ok { klog.V(4).InfoS("Unbinding address", "address", addr) - if err := proxier.netlinkHandle.UnbindAddress(addr, DefaultDummyDevice); err != nil { - klog.ErrorS(err, "Failed to unbind service from dummy interface", "interface", DefaultDummyDevice, "address", addr) + if err := proxier.netlinkHandle.UnbindAddress(addr, defaultDummyDevice); err != nil { + klog.ErrorS(err, "Failed to unbind service from dummy interface", "interface", defaultDummyDevice, "address", addr) } else { // In case we delete a multi-port service, avoid trying to unbind multiple times delete(legacyBindAddrs, addr) diff --git a/pkg/proxy/ipvs/proxier_test.go b/pkg/proxy/ipvs/proxier_test.go index 79315d0dd8e..293eaf00909 100644 --- a/pkg/proxy/ipvs/proxier_test.go +++ b/pkg/proxy/ipvs/proxier_test.go @@ -144,7 +144,7 @@ func NewFakeProxier(ipt utiliptables.Interface, ipvs utilipvs.Interface, ipset u localDetector: proxyutiliptables.NewNoOpLocalDetector(), hostname: testHostname, serviceHealthServer: healthcheck.NewFakeServiceHealthServer(), - ipvsScheduler: DefaultScheduler, + ipvsScheduler: defaultScheduler, ipGetter: &fakeIPGetter{nodeIPs: nodeIPs}, iptablesData: bytes.NewBuffer(nil), filterChainsData: bytes.NewBuffer(nil), @@ -655,15 +655,15 @@ func TestNodePortIPv4(t *testing.T) { }}, }, expectedIptablesChains: netlinktest.ExpectedIptablesChain{ - string(KubeNodePortChain): {{ - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeNodePortSetUDP, + string(kubeNodePortChain): {{ + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeNodePortSetUDP, }, { JumpChain: "ACCEPT", MatchSet: kubeHealthCheckNodePortSet, }}, string(kubeServicesChain): {{ - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeClusterIPSet, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeClusterIPSet, }, { - JumpChain: string(KubeNodePortChain), MatchSet: "", + JumpChain: string(kubeNodePortChain), MatchSet: "", }, { JumpChain: "ACCEPT", MatchSet: kubeClusterIPSet, }}, @@ -982,10 +982,10 @@ func TestNodePortIPv4(t *testing.T) { }, }, expectedIptablesChains: netlinktest.ExpectedIptablesChain{ - string(KubeNodePortChain): {{ + string(kubeNodePortChain): {{ JumpChain: "RETURN", MatchSet: kubeNodePortLocalSetSCTP, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeNodePortSetSCTP, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeNodePortSetSCTP, }, { JumpChain: "ACCEPT", MatchSet: kubeHealthCheckNodePortSet, }}, @@ -1947,18 +1947,18 @@ func TestLoadBalancer(t *testing.T) { // Check iptables chain and rules epIpt := netlinktest.ExpectedIptablesChain{ string(kubeServicesChain): {{ - JumpChain: string(KubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet, + JumpChain: string(kubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeClusterIPSet, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeClusterIPSet, }, { - JumpChain: string(KubeNodePortChain), MatchSet: "", + JumpChain: string(kubeNodePortChain), MatchSet: "", }, { JumpChain: "ACCEPT", MatchSet: kubeClusterIPSet, }, { JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet, }}, string(kubeLoadBalancerSet): {{ - JumpChain: string(KubeMarkMasqChain), MatchSet: "", + JumpChain: string(kubeMarkMasqChain), MatchSet: "", }}, } checkIptables(t, ipt, epIpt) @@ -2047,16 +2047,16 @@ func TestOnlyLocalNodePorts(t *testing.T) { // Check iptables chain and rules epIpt := netlinktest.ExpectedIptablesChain{ string(kubeServicesChain): {{ - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeClusterIPSet, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeClusterIPSet, }, { - JumpChain: string(KubeNodePortChain), MatchSet: "", + JumpChain: string(kubeNodePortChain), MatchSet: "", }, { JumpChain: "ACCEPT", MatchSet: kubeClusterIPSet, }}, - string(KubeNodePortChain): {{ + string(kubeNodePortChain): {{ JumpChain: "RETURN", MatchSet: kubeNodePortLocalSetTCP, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeNodePortSetTCP, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeNodePortSetTCP, }, { JumpChain: "ACCEPT", MatchSet: kubeHealthCheckNodePortSet, }}, @@ -2126,10 +2126,10 @@ func TestHealthCheckNodePort(t *testing.T) { // Check iptables chain and rules epIpt := netlinktest.ExpectedIptablesChain{ - string(KubeNodePortChain): {{ + string(kubeNodePortChain): {{ JumpChain: "RETURN", MatchSet: kubeNodePortLocalSetTCP, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeNodePortSetTCP, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeNodePortSetTCP, }, { JumpChain: "ACCEPT", MatchSet: kubeHealthCheckNodePortSet, }}, @@ -2219,25 +2219,25 @@ func TestLoadBalanceSourceRanges(t *testing.T) { // Check iptables chain and rules epIpt := netlinktest.ExpectedIptablesChain{ string(kubeServicesChain): {{ - JumpChain: string(KubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet, + JumpChain: string(kubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeClusterIPSet, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeClusterIPSet, }, { - JumpChain: string(KubeNodePortChain), MatchSet: "", + JumpChain: string(kubeNodePortChain), MatchSet: "", }, { JumpChain: "ACCEPT", MatchSet: kubeClusterIPSet, }, { JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet, }}, - string(KubeLoadBalancerChain): {{ - JumpChain: string(KubeFireWallChain), MatchSet: kubeLoadbalancerFWSet, + string(kubeLoadBalancerChain): {{ + JumpChain: string(kubeFirewallChain), MatchSet: kubeLoadbalancerFWSet, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: "", + JumpChain: string(kubeMarkMasqChain), MatchSet: "", }}, - string(KubeFireWallChain): {{ + string(kubeFirewallChain): {{ JumpChain: "RETURN", MatchSet: kubeLoadBalancerSourceCIDRSet, }, { - JumpChain: string(KubeMarkDropChain), MatchSet: "", + JumpChain: string(kubeMarkDropChain), MatchSet: "", }}, } checkIptables(t, ipt, epIpt) @@ -2300,12 +2300,12 @@ func TestAcceptIPVSTraffic(t *testing.T) { // Check iptables chain and rules epIpt := netlinktest.ExpectedIptablesChain{ string(kubeServicesChain): { - {JumpChain: string(KubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet}, - {JumpChain: string(KubeMarkMasqChain), MatchSet: kubeClusterIPSet}, - {JumpChain: string(KubeMarkMasqChain), MatchSet: kubeExternalIPSet}, + {JumpChain: string(kubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet}, + {JumpChain: string(kubeMarkMasqChain), MatchSet: kubeClusterIPSet}, + {JumpChain: string(kubeMarkMasqChain), MatchSet: kubeExternalIPSet}, {JumpChain: "ACCEPT", MatchSet: kubeExternalIPSet}, // With externalTrafficOnlyArgs {JumpChain: "ACCEPT", MatchSet: kubeExternalIPSet}, // With dstLocalOnlyArgs - {JumpChain: string(KubeNodePortChain), MatchSet: ""}, + {JumpChain: string(kubeNodePortChain), MatchSet: ""}, {JumpChain: "ACCEPT", MatchSet: kubeClusterIPSet}, {JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet}, }, @@ -2398,20 +2398,20 @@ func TestOnlyLocalLoadBalancing(t *testing.T) { // Check iptables chain and rules epIpt := netlinktest.ExpectedIptablesChain{ string(kubeServicesChain): {{ - JumpChain: string(KubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet, + JumpChain: string(kubeLoadBalancerChain), MatchSet: kubeLoadBalancerSet, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: kubeClusterIPSet, + JumpChain: string(kubeMarkMasqChain), MatchSet: kubeClusterIPSet, }, { - JumpChain: string(KubeNodePortChain), MatchSet: "", + JumpChain: string(kubeNodePortChain), MatchSet: "", }, { JumpChain: "ACCEPT", MatchSet: kubeClusterIPSet, }, { JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet, }}, - string(KubeLoadBalancerChain): {{ + string(kubeLoadBalancerChain): {{ JumpChain: "RETURN", MatchSet: kubeLoadBalancerLocalSet, }, { - JumpChain: string(KubeMarkMasqChain), MatchSet: "", + JumpChain: string(kubeMarkMasqChain), MatchSet: "", }}, } checkIptables(t, ipt, epIpt) @@ -3786,7 +3786,7 @@ func Test_syncService(t *testing.T) { ipset := ipsettest.NewFake(testIPSetVersion) proxier := NewFakeProxier(ipt, ipvs, ipset, nil, nil, v1.IPv4Protocol) - proxier.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) + proxier.netlinkHandle.EnsureDummyDevice(defaultDummyDevice) if testCases[i].oldVirtualServer != nil { if err := proxier.ipvs.AddVirtualServer(testCases[i].oldVirtualServer); err != nil { t.Errorf("Case [%d], unexpected add IPVS virtual server error: %v", i, err) @@ -3967,12 +3967,12 @@ func TestCleanLegacyService(t *testing.T) { fp.ipvs.AddVirtualServer(currentServices[v]) } - fp.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) + fp.netlinkHandle.EnsureDummyDevice(defaultDummyDevice) activeBindAddrs := map[string]bool{"1.1.1.1": true, "2.2.2.2": true, "3.3.3.3": true, "4.4.4.4": true} // This is ipv4-only so ipv6 addresses should be ignored currentBindAddrs := []string{"1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4", "5.5.5.5", "6.6.6.6", "fd80::1:2:3", "fd80::1:2:4"} for i := range currentBindAddrs { - fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], DefaultDummyDevice) + fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], defaultDummyDevice) } fp.cleanLegacyService(activeServices, currentServices, map[string]bool{"5.5.5.5": true, "6.6.6.6": true}) @@ -3992,7 +3992,7 @@ func TestCleanLegacyService(t *testing.T) { } // Addresses 5.5.5.5 and 6.6.6.6 should not be bound any more, but the ipv6 addresses should remain - remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) + remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(defaultDummyDevice) if len(remainingAddrs) != 6 { t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 6, len(remainingAddrs)) } @@ -4066,11 +4066,11 @@ func TestCleanLegacyServiceWithRealServers(t *testing.T) { fp.ipvs.AddRealServer(v, r) } - fp.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) + fp.netlinkHandle.EnsureDummyDevice(defaultDummyDevice) activeBindAddrs := map[string]bool{"3.3.3.3": true} currentBindAddrs := []string{"1.1.1.1", "2.2.2.2", "3.3.3.3"} for i := range currentBindAddrs { - fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], DefaultDummyDevice) + fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], defaultDummyDevice) } fp.cleanLegacyService(activeServices, currentServices, map[string]bool{"1.1.1.1": true, "2.2.2.2": true}) @@ -4085,7 +4085,7 @@ func TestCleanLegacyServiceWithRealServers(t *testing.T) { t.Errorf("unexpected IPVS service") } - remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) + remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(defaultDummyDevice) if len(remainingAddrs) != 1 { t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 1, len(remainingAddrs)) } @@ -4140,9 +4140,9 @@ func TestCleanLegacyRealServersExcludeCIDRs(t *testing.T) { fp.ipvs.AddRealServer(vs, rs) } - fp.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) + fp.netlinkHandle.EnsureDummyDevice(defaultDummyDevice) - fp.netlinkHandle.EnsureAddressBind("4.4.4.4", DefaultDummyDevice) + fp.netlinkHandle.EnsureAddressBind("4.4.4.4", defaultDummyDevice) fp.cleanLegacyService( map[string]bool{}, @@ -4224,12 +4224,12 @@ func TestCleanLegacyService6(t *testing.T) { fp.ipvs.AddVirtualServer(currentServices[v]) } - fp.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) + fp.netlinkHandle.EnsureDummyDevice(defaultDummyDevice) activeBindAddrs := map[string]bool{"1000::1": true, "1000::2": true, "3000::1": true, "4000::1": true} // This is ipv6-only so ipv4 addresses should be ignored currentBindAddrs := []string{"1000::1", "1000::2", "3000::1", "4000::1", "5000::1", "1000::6", "1.1.1.1", "2.2.2.2"} for i := range currentBindAddrs { - fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], DefaultDummyDevice) + fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], defaultDummyDevice) } fp.cleanLegacyService(activeServices, currentServices, map[string]bool{"5000::1": true, "1000::6": true}) @@ -4249,7 +4249,7 @@ func TestCleanLegacyService6(t *testing.T) { } // Addresses 5000::1 and 1000::6 should not be bound any more, but the ipv4 addresses should remain - remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) + remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(defaultDummyDevice) if len(remainingAddrs) != 6 { t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 6, len(remainingAddrs)) } @@ -4297,7 +4297,7 @@ func TestMultiPortServiceBindAddr(t *testing.T) { // first, add multi-port service1 fp.OnServiceAdd(service1) fp.syncProxyRules() - remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) + remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(defaultDummyDevice) // should only remain address "172.16.55.4" if len(remainingAddrs) != 1 { t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 1, len(remainingAddrs)) @@ -4309,7 +4309,7 @@ func TestMultiPortServiceBindAddr(t *testing.T) { // update multi-port service1 to single-port service2 fp.OnServiceUpdate(service1, service2) fp.syncProxyRules() - remainingAddrs, _ = fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) + remainingAddrs, _ = fp.netlinkHandle.ListBindAddress(defaultDummyDevice) // should still only remain address "172.16.55.4" if len(remainingAddrs) != 1 { t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 1, len(remainingAddrs)) @@ -4320,7 +4320,7 @@ func TestMultiPortServiceBindAddr(t *testing.T) { // update single-port service2 to multi-port service3 fp.OnServiceUpdate(service2, service3) fp.syncProxyRules() - remainingAddrs, _ = fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) + remainingAddrs, _ = fp.netlinkHandle.ListBindAddress(defaultDummyDevice) // should still only remain address "172.16.55.4" if len(remainingAddrs) != 1 { t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 1, len(remainingAddrs)) @@ -4331,7 +4331,7 @@ func TestMultiPortServiceBindAddr(t *testing.T) { // delete multi-port service3 fp.OnServiceDelete(service3) fp.syncProxyRules() - remainingAddrs, _ = fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) + remainingAddrs, _ = fp.netlinkHandle.ListBindAddress(defaultDummyDevice) // all addresses should be unbound if len(remainingAddrs) != 0 { t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 0, len(remainingAddrs))