Merge pull request #56529 from gkudra-msft/master

Automatic merge from submit-queue (batch tested with PRs 56529, 57054). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Updates Kubeproxy validators to allow Windows 'kernelspace' mode. **What this PR does / why we need it**: Allows necessary `--proxy-mode` parameter in Kubeproxy, so that it can proceed as usual on Windows. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #56522 ```release-note NONE ```
2025-07-29 06:27:05 +00:00 · 2017-12-12 14:04:11 -08:00 · 2017-12-12 14:04:11 -08:00 · a54c5fdb14
commit a54c5fdb14
parent 7335c41ebe e48b6f3d15
3 changed files with 45 additions and 13 deletions
--- a/pkg/proxy/apis/kubeproxyconfig/types.go
+++ b/pkg/proxy/apis/kubeproxyconfig/types.go
@ -152,17 +152,20 @@ type KubeProxyConfiguration struct {
 	ConfigSyncPeriod metav1.Duration
 }

-// Currently two modes of proxying are available: 'userspace' (older, stable) or 'iptables'
-// (newer, faster). If blank, use the best-available proxy (currently iptables, but may
-// change in future versions).  If the iptables proxy is selected, regardless of how, but
-// the system's kernel or iptables versions are insufficient, this always falls back to the
-// userspace proxy.
+// Currently, four modes of proxying are available total: 'userspace' (older, stable), 'iptables'
+// (newer, faster), 'ipvs', and 'kernelspace' (Windows only, newer).
+//
+// If blank, use the best-available proxy (currently iptables, but may change in
+// future versions). If the iptables proxy is selected, regardless of how, but
+// the system's kernel or iptables versions are insufficient, this always falls
+// back to the userspace proxy.
 type ProxyMode string

 const (
-	ProxyModeUserspace ProxyMode = "userspace"
-	ProxyModeIPTables  ProxyMode = "iptables"
-	ProxyModeIPVS      ProxyMode = "ipvs"
+	ProxyModeUserspace   ProxyMode = "userspace"
+	ProxyModeIPTables    ProxyMode = "iptables"
+	ProxyModeIPVS        ProxyMode = "ipvs"
+	ProxyModeKernelspace ProxyMode = "kernelspace"
 )

 // IPVSSchedulerMethod is the algorithm for allocating TCP connections and
--- a/pkg/proxy/apis/kubeproxyconfig/validation/validation.go
+++ b/pkg/proxy/apis/kubeproxyconfig/validation/validation.go
@ -19,6 +19,7 @@ package validation
 import (
 	"fmt"
 	"net"
+	"runtime"
 	"strconv"
 	"strings"

@ -141,7 +142,16 @@ func validateKubeProxyConntrackConfiguration(config kubeproxyconfig.KubeProxyCon
 }

 func validateProxyMode(mode kubeproxyconfig.ProxyMode, fldPath *field.Path) field.ErrorList {
+	if runtime.GOOS == "windows" {
+		return validateProxyModeWindows(mode, fldPath)
+	}
+
+	return validateProxyModeLinux(mode, fldPath)
+}
+
+func validateProxyModeLinux(mode kubeproxyconfig.ProxyMode, fldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
+
 	switch mode {
 	case kubeproxyconfig.ProxyModeUserspace:
 	case kubeproxyconfig.ProxyModeIPTables:
@ -149,7 +159,21 @@ func validateProxyMode(mode kubeproxyconfig.ProxyMode, fldPath *field.Path) fiel
 	case "":
 	default:
 		modes := []string{string(kubeproxyconfig.ProxyModeUserspace), string(kubeproxyconfig.ProxyModeIPTables), string(kubeproxyconfig.ProxyModeIPVS)}
-		errMsg := fmt.Sprintf("must be %s or blank (blank means the best-available proxy (currently iptables)", strings.Join(modes, ","))
+		errMsg := fmt.Sprintf("must be %s or blank (blank means the best-available proxy [currently iptables])", strings.Join(modes, ","))
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("ProxyMode"), string(mode), errMsg))
+	}
+	return allErrs
+}
+
+func validateProxyModeWindows(mode kubeproxyconfig.ProxyMode, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+
+	switch mode {
+	case kubeproxyconfig.ProxyModeUserspace:
+	case kubeproxyconfig.ProxyModeKernelspace:
+	default:
+		modes := []string{string(kubeproxyconfig.ProxyModeUserspace), string(kubeproxyconfig.ProxyModeKernelspace)}
+		errMsg := fmt.Sprintf("must be %s or blank (blank means the most-available proxy [currently userspace])", strings.Join(modes, ","))
 		allErrs = append(allErrs, field.Invalid(fldPath.Child("ProxyMode"), string(mode), errMsg))
 	}
 	return allErrs
--- a/pkg/proxy/apis/kubeproxyconfig/validation/validation_test.go
+++ b/pkg/proxy/apis/kubeproxyconfig/validation/validation_test.go
@ -18,6 +18,7 @@ package validation

 import (
 	"fmt"
+	"runtime"
 	"strings"
 	"testing"
 	"time"
@ -488,11 +489,15 @@ func TestValidateProxyMode(t *testing.T) {
 	newPath := field.NewPath("KubeProxyConfiguration")
 	successCases := []kubeproxyconfig.ProxyMode{
 		kubeproxyconfig.ProxyModeUserspace,
-		kubeproxyconfig.ProxyModeIPTables,
-		kubeproxyconfig.ProxyModeIPVS,
 		kubeproxyconfig.ProxyMode(""),
 	}

+	if runtime.GOOS == "windows" {
+		successCases = append(successCases, kubeproxyconfig.ProxyModeKernelspace)
+	} else {
+		successCases = append(successCases, kubeproxyconfig.ProxyModeIPTables, kubeproxyconfig.ProxyModeIPVS)
+	}
+
 	for _, successCase := range successCases {
 		if errs := validateProxyMode(successCase, newPath.Child("ProxyMode")); len(errs) != 0 {
 			t.Errorf("expected success: %v", errs)
@ -505,13 +510,13 @@ func TestValidateProxyMode(t *testing.T) {
 	}{
 		{
 			mode: kubeproxyconfig.ProxyMode("non-existing"),
-			msg:  "or blank (blank means the best-available proxy (currently iptables)",
+			msg:  "or blank (blank means the",
 		},
 	}

 	for _, errorCase := range errorCases {
 		if errs := validateProxyMode(errorCase.mode, newPath.Child("ProxyMode")); len(errs) == 0 {
-			t.Errorf("expected failure for %s", errorCase.msg)
+			t.Errorf("expected failure %s for %v", errorCase.msg, errorCase.mode)
 		} else if !strings.Contains(errs[0].Error(), errorCase.msg) {
 			t.Errorf("unexpected error: %v, expected: %s", errs[0], errorCase.msg)
 		}