github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

delete stale UDP conntrack entries for loadbalancer IPs

Browse Source
This commit is contained in:
Antonio Ojea 2021-07-29 17:35:07 +02:00
parent fffaadc013
commit a2a22903bc
2 changed files with 40 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/proxy/iptables/proxier.go
View File

@ -831,6 +831,9 @@ func (proxier *Proxier) syncProxyRules() {
for _, extIP := range svcInfo.ExternalIPStrings() { for _, extIP := range svcInfo.ExternalIPStrings() {
conntrackCleanupServiceIPs.Insert(extIP) conntrackCleanupServiceIPs.Insert(extIP)
} }
for _, lbIP := range svcInfo.LoadBalancerIPStrings() {
conntrackCleanupServiceIPs.Insert(lbIP)
}
nodePort := svcInfo.NodePort() nodePort := svcInfo.NodePort()
if svcInfo.Protocol() == v1.ProtocolUDP && nodePort != 0 { if svcInfo.Protocol() == v1.ProtocolUDP && nodePort != 0 {
klog.V(2).Infof("Stale %s service NodePort %v -> %d", strings.ToLower(string(svcInfo.Protocol())), svcPortName, nodePort) klog.V(2).Infof("Stale %s service NodePort %v -> %d", strings.ToLower(string(svcInfo.Protocol())), svcPortName, nodePort)

49
pkg/proxy/iptables/proxier_test.go
View File

@ -3178,6 +3178,12 @@ func TestProxierDeleteNodePortStaleUDP(t *testing.T) {
// Delete ClusterIP entries // Delete ClusterIP entries
fcmd.CombinedOutputScript = append(fcmd.CombinedOutputScript, cmdFunc) fcmd.CombinedOutputScript = append(fcmd.CombinedOutputScript, cmdFunc)
fexec.CommandScript = append(fexec.CommandScript, execFunc) fexec.CommandScript = append(fexec.CommandScript, execFunc)
// Delete ExternalIP entries
fcmd.CombinedOutputScript = append(fcmd.CombinedOutputScript, cmdFunc)
fexec.CommandScript = append(fexec.CommandScript, execFunc)
// Delete LoadBalancerIP entries
fcmd.CombinedOutputScript = append(fcmd.CombinedOutputScript, cmdFunc)
fexec.CommandScript = append(fexec.CommandScript, execFunc)
// Delete NodePort entries // Delete NodePort entries
fcmd.CombinedOutputScript = append(fcmd.CombinedOutputScript, cmdFunc) fcmd.CombinedOutputScript = append(fcmd.CombinedOutputScript, cmdFunc)
fexec.CommandScript = append(fexec.CommandScript, execFunc) fexec.CommandScript = append(fexec.CommandScript, execFunc)
@ -3187,6 +3193,8 @@ func TestProxierDeleteNodePortStaleUDP(t *testing.T) {
fp.exec = &fexec fp.exec = &fexec
svcIP := "10.20.30.41" svcIP := "10.20.30.41"
extIP := "1.1.1.1"
lbIngressIP := "2.2.2.2"
svcPort := 80 svcPort := 80
nodePort := 31201 nodePort := 31201
svcPortName := proxy.ServicePortName{ svcPortName := proxy.ServicePortName{
@ -3198,12 +3206,17 @@ func TestProxierDeleteNodePortStaleUDP(t *testing.T) {
makeServiceMap(fp, makeServiceMap(fp,
makeTestService(svcPortName.Namespace, svcPortName.Name, func(svc *v1.Service) { makeTestService(svcPortName.Namespace, svcPortName.Name, func(svc *v1.Service) {
svc.Spec.ClusterIP = svcIP svc.Spec.ClusterIP = svcIP
svc.Spec.ExternalIPs = []string{extIP}
svc.Spec.Type = "LoadBalancer"
svc.Spec.Ports = []v1.ServicePort{{ svc.Spec.Ports = []v1.ServicePort{{
Name: svcPortName.Port, Name: svcPortName.Port,
Port: int32(svcPort), Port: int32(svcPort),
Protocol: v1.ProtocolUDP, Protocol: v1.ProtocolUDP,
NodePort: int32(nodePort), NodePort: int32(nodePort),
}} }}
svc.Status.LoadBalancer.Ingress = []v1.LoadBalancerIngress{{
IP: lbIngressIP,
}}
}), }),
) )
@ -3229,21 +3242,33 @@ func TestProxierDeleteNodePortStaleUDP(t *testing.T) {
) )
fp.syncProxyRules() fp.syncProxyRules()
if fexec.CommandCalls != 2 {
t.Fatalf("Updated UDP service with new endpoints must clear UDP entries") if fexec.CommandCalls != 4 {
t.Fatalf("Updated UDP service with new endpoints must clear UDP entries 4 times: ClusterIP, NodePort, ExternalIP and LB")
} }
// Delete ClusterIP Conntrack entries // the order is not guaranteed so we have to compare the strings in any order
expectCommand := fmt.Sprintf("conntrack -D --orig-dst %s -p %s", svcIP, strings.ToLower(string((v1.ProtocolUDP)))) expectedCommands := []string{
actualCommand := strings.Join(fcmd.CombinedOutputLog[0], " ") // Delete ClusterIP Conntrack entries
if actualCommand != expectCommand { fmt.Sprintf("conntrack -D --orig-dst %s -p %s", svcIP, strings.ToLower(string((v1.ProtocolUDP)))),
t.Errorf("Expected command: %s, but executed %s", expectCommand, actualCommand) // Delete ExternalIP Conntrack entries
fmt.Sprintf("conntrack -D --orig-dst %s -p %s", extIP, strings.ToLower(string((v1.ProtocolUDP)))),
// Delete LoadBalancerIP Conntrack entries
fmt.Sprintf("conntrack -D --orig-dst %s -p %s", lbIngressIP, strings.ToLower(string((v1.ProtocolUDP)))),
// Delete NodePort Conntrack entrie
fmt.Sprintf("conntrack -D -p %s --dport %d", strings.ToLower(string((v1.ProtocolUDP))), nodePort),
} }
// Delete NodePort Conntrack entrie actualCommands := []string{
expectCommand = fmt.Sprintf("conntrack -D -p %s --dport %d", strings.ToLower(string((v1.ProtocolUDP))), nodePort) strings.Join(fcmd.CombinedOutputLog[0], " "),
actualCommand = strings.Join(fcmd.CombinedOutputLog[1], " ") strings.Join(fcmd.CombinedOutputLog[1], " "),
if actualCommand != expectCommand { strings.Join(fcmd.CombinedOutputLog[2], " "),
t.Errorf("Expected command: %s, but executed %s", expectCommand, actualCommand) strings.Join(fcmd.CombinedOutputLog[3], " "),
}
sort.Strings(expectedCommands)
sort.Strings(actualCommands)
if !reflect.DeepEqual(expectedCommands, actualCommands) {
t.Errorf("Expected commands: %v, but executed %v", expectedCommands, actualCommands)
} }
} }