kube-proxy: remove iptables-to-userspace fallback

Back when iptables was first made the default, there were
theoretically some users who wouldn't have been able to support it due
to having an old /sbin/iptables. But kube-proxy no longer does the
things that didn't work with old iptables, and we removed that check a
long time ago. There is also a check for a new-enough kernel version,
but it's checking for a feature which was added in kernel 3.6, and no
one could possibly be running Kubernetes with a kernel that old. So
the fallback code now never actually falls back, so it should just be
removed.

cmd/kube-proxy/app/server_others.go

@@ -43,7 +43,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientset "k8s.io/client-go/kubernetes"
 	toolswatch "k8s.io/client-go/tools/watch"
 	"k8s.io/component-base/configz"
@@ -146,7 +145,7 @@ func newProxyServer(
 	var proxier proxy.Provider
 	var detectLocalMode proxyconfigapi.LocalMode
 
-	proxyMode := getProxyMode(string(config.Mode), canUseIPVS, iptables.LinuxKernelCompatTester{})
+	proxyMode := getProxyMode(string(config.Mode), canUseIPVS)
 	detectLocalMode, err = getDetectLocalMode(config)
 	if err != nil {
 		return nil, fmt.Errorf("cannot determine detect-local-mode: %v", err)
@@ -556,42 +555,26 @@ func cidrTuple(cidrList string) [2]string {
 	return cidrs
 }
 
-func getProxyMode(proxyMode string, canUseIPVS bool, kcompat iptables.KernelCompatTester) string {
+func getProxyMode(proxyMode string, canUseIPVS bool) string {
 	switch proxyMode {
 	case proxyModeUserspace:
 		return proxyModeUserspace
 	case proxyModeIPTables:
-		return tryIPTablesProxy(kcompat)
+		return proxyModeIPTables
 	case proxyModeIPVS:
-		return tryIPVSProxy(canUseIPVS, kcompat)
+		return tryIPVSProxy(canUseIPVS)
 	}
 	klog.InfoS("Unknown proxy mode, assuming iptables proxy", "proxyMode", proxyMode)
-	return tryIPTablesProxy(kcompat)
+	return proxyModeIPTables
 }
 
-func tryIPVSProxy(canUseIPVS bool, kcompat iptables.KernelCompatTester) string {
+func tryIPVSProxy(canUseIPVS bool) string {
 	if canUseIPVS {
 		return proxyModeIPVS
 	}
 
-	// Try to fallback to iptables before falling back to userspace
 	klog.V(1).InfoS("Can't use ipvs proxier, trying iptables proxier")
-	return tryIPTablesProxy(kcompat)
-}
-
-func tryIPTablesProxy(kcompat iptables.KernelCompatTester) string {
-	// guaranteed false on error, error only necessary for debugging
-	useIPTablesProxy, err := iptables.CanUseIPTablesProxier(kcompat)
-	if err != nil {
-		utilruntime.HandleError(fmt.Errorf("can't determine whether to use iptables proxy, using userspace proxier: %v", err))
-		return proxyModeUserspace
-	}
-	if useIPTablesProxy {
-		return proxyModeIPTables
-	}
-	// Fallback.
-	klog.V(1).InfoS("Can't use iptables proxy, using userspace proxier")
-	return proxyModeUserspace
+	return proxyModeIPTables
 }
 
 // cleanupAndExit remove iptables rules and ipset/ipvs rules

pkg/proxy/iptables/proxier.go

@@ -85,34 +85,6 @@ const (
 	largeClusterEndpointsThreshold = 1000
 )
 
-// KernelCompatTester tests whether the required kernel capabilities are
-// present to run the iptables proxier.
-type KernelCompatTester interface {
-	IsCompatible() error
-}
-
-// CanUseIPTablesProxier returns true if we should use the iptables Proxier
-// instead of the "classic" userspace Proxier.
-func CanUseIPTablesProxier(kcompat KernelCompatTester) (bool, error) {
-	if err := kcompat.IsCompatible(); err != nil {
-		return false, err
-	}
-	return true, nil
-}
-
-var _ KernelCompatTester = LinuxKernelCompatTester{}
-
-// LinuxKernelCompatTester is the Linux implementation of KernelCompatTester
-type LinuxKernelCompatTester struct{}
-
-// IsCompatible checks for the required sysctls.  We don't care about the value, just
-// that it exists.  If this Proxier is chosen, we'll initialize it as we
-// need.
-func (lkct LinuxKernelCompatTester) IsCompatible() error {
-	_, err := utilsysctl.New().GetSysctl(sysctlRouteLocalnet)
-	return err
-}
-
 const sysctlRouteLocalnet = "net/ipv4/conf/all/route_localnet"
 const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables"