Merge pull request #110540 from danwinship/minor-ipvs-fixes

minor ipvs fixes
2025-07-21 19:01:49 +00:00 · 2022-06-13 09:14:22 -07:00 · 2022-06-13 09:14:22 -07:00 · a8fa4ab788
commit a8fa4ab788
parent 90834e0a11 400d474bac
3 changed files with 13 additions and 13 deletions
--- a/pkg/proxy/ipvs/ipset.go
+++ b/pkg/proxy/ipvs/ipset.go
@ -49,8 +49,8 @@ const (
 	kubeLoadBalancerLocalSetComment = "Kubernetes service load balancer ip + port with externalTrafficPolicy=local"
 	kubeLoadBalancerLocalSet        = "KUBE-LOAD-BALANCER-LOCAL"

-	kubeLoadbalancerFWSetComment = "Kubernetes service load balancer ip + port for load balancer with sourceRange"
-	kubeLoadbalancerFWSet        = "KUBE-LOAD-BALANCER-FW"
+	kubeLoadBalancerFWSetComment = "Kubernetes service load balancer ip + port for load balancer with sourceRange"
+	kubeLoadBalancerFWSet        = "KUBE-LOAD-BALANCER-FW"

 	kubeLoadBalancerSourceIPSetComment = "Kubernetes service load balancer ip + port + source IP for packet filter purpose"
 	kubeLoadBalancerSourceIPSet        = "KUBE-LOAD-BALANCER-SOURCE-IP"
--- a/pkg/proxy/ipvs/proxier.go
+++ b/pkg/proxy/ipvs/proxier.go
@ -63,7 +63,7 @@ const (
 	// kubeServicesChain is the services portal chain
 	kubeServicesChain utiliptables.Chain = "KUBE-SERVICES"

-	// KubeFireWallChain is the kubernetes firewall chain.
+	// kubeFirewallChain is the kubernetes firewall chain.
 	kubeFirewallChain utiliptables.Chain = "KUBE-FIREWALL"

 	// kubePostroutingChain is the kubernetes postrouting chain
@ -157,7 +157,7 @@ var ipsetInfo = []struct {
 	{kubeExternalIPSet, utilipset.HashIPPort, kubeExternalIPSetComment},
 	{kubeExternalIPLocalSet, utilipset.HashIPPort, kubeExternalIPLocalSetComment},
 	{kubeLoadBalancerSet, utilipset.HashIPPort, kubeLoadBalancerSetComment},
-	{kubeLoadbalancerFWSet, utilipset.HashIPPort, kubeLoadbalancerFWSetComment},
+	{kubeLoadBalancerFWSet, utilipset.HashIPPort, kubeLoadBalancerFWSetComment},
 	{kubeLoadBalancerLocalSet, utilipset.HashIPPort, kubeLoadBalancerLocalSetComment},
 	{kubeLoadBalancerSourceIPSet, utilipset.HashIPPortIP, kubeLoadBalancerSourceIPSetComment},
 	{kubeLoadBalancerSourceCIDRSet, utilipset.HashIPPortNet, kubeLoadBalancerSourceCIDRSetComment},
@ -184,7 +184,7 @@ var ipsetWithIptablesChain = []struct {
 }{
 	{kubeLoopBackIPSet, string(kubePostroutingChain), "MASQUERADE", "dst,dst,src", ""},
 	{kubeLoadBalancerSet, string(kubeServicesChain), string(kubeLoadBalancerChain), "dst,dst", ""},
-	{kubeLoadbalancerFWSet, string(kubeLoadBalancerChain), string(kubeFirewallChain), "dst,dst", ""},
+	{kubeLoadBalancerFWSet, string(kubeLoadBalancerChain), string(kubeFirewallChain), "dst,dst", ""},
 	{kubeLoadBalancerSourceCIDRSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
 	{kubeLoadBalancerSourceIPSet, string(kubeFirewallChain), "RETURN", "dst,dst,src", ""},
 	{kubeLoadBalancerLocalSet, string(kubeLoadBalancerChain), "RETURN", "dst,dst", ""},
@ -1307,11 +1307,11 @@ func (proxier *Proxier) syncProxyRules() {
 				// The service firewall rules are created based on ServiceSpec.loadBalancerSourceRanges field.
 				// This currently works for loadbalancers that preserves source ips.
 				// For loadbalancers which direct traffic to service NodePort, the firewall rules will not apply.
-				if valid := proxier.ipsetList[kubeLoadbalancerFWSet].validateEntry(entry); !valid {
-					klog.ErrorS(nil, "Error adding entry to ipset", "entry", entry, "ipset", proxier.ipsetList[kubeLoadbalancerFWSet].Name)
+				if valid := proxier.ipsetList[kubeLoadBalancerFWSet].validateEntry(entry); !valid {
+					klog.ErrorS(nil, "Error adding entry to ipset", "entry", entry, "ipset", proxier.ipsetList[kubeLoadBalancerFWSet].Name)
 					continue
 				}
-				proxier.ipsetList[kubeLoadbalancerFWSet].activeEntries.Insert(entry.String())
+				proxier.ipsetList[kubeLoadBalancerFWSet].activeEntries.Insert(entry.String())
 				allowFromNode := false
 				for _, src := range svcInfo.LoadBalancerSourceRanges() {
 					// ipset call
@ -1731,13 +1731,13 @@ func (proxier *Proxier) writeIptablesRules() {
 	)
 	proxier.natRules.Write(args, "-j", string(kubeNodePortChain))

-	// mark drop for KUBE-LOAD-BALANCER
+	// mark for masquerading for KUBE-LOAD-BALANCER
 	proxier.natRules.Write(
 		"-A", string(kubeLoadBalancerChain),
 		"-j", string(kubeMarkMasqChain),
 	)

-	// mark drop for KUBE-FIRE-WALL
+	// mark drop for KUBE-FIREWALL
 	proxier.natRules.Write(
 		"-A", string(kubeFirewallChain),
 		"-j", string(kubeMarkDropChain),
--- a/pkg/proxy/ipvs/proxier_test.go
+++ b/pkg/proxy/ipvs/proxier_test.go
@ -2151,7 +2151,7 @@ func TestHealthCheckNodePort(t *testing.T) {
 	checkIptables(t, ipt, epIpt)
 }

-func TestLoadBalanceSourceRanges(t *testing.T) {
+func TestLoadBalancerSourceRanges(t *testing.T) {
 	ipt, fp := buildFakeProxier()

 	svcIP := "10.20.30.41"
@ -2214,7 +2214,7 @@ func TestLoadBalanceSourceRanges(t *testing.T) {
 			Protocol: strings.ToLower(string(v1.ProtocolTCP)),
 			SetType:  utilipset.HashIPPort,
 		}},
-		kubeLoadbalancerFWSet: {{
+		kubeLoadBalancerFWSet: {{
 			IP:       svcLBIP,
 			Port:     svcPort,
 			Protocol: strings.ToLower(string(v1.ProtocolTCP)),
@ -2244,7 +2244,7 @@ func TestLoadBalanceSourceRanges(t *testing.T) {
 			JumpChain: "ACCEPT", MatchSet: kubeLoadBalancerSet,
 		}},
 		string(kubeLoadBalancerChain): {{
-			JumpChain: string(kubeFirewallChain), MatchSet: kubeLoadbalancerFWSet,
+			JumpChain: string(kubeFirewallChain), MatchSet: kubeLoadBalancerFWSet,
 		}, {
 			JumpChain: string(kubeMarkMasqChain), MatchSet: "",
 		}},