KubeProxy and DockerShim changes for Ipv6 dual stack support on Windows

Signed-off-by: Vinod K L Swamy <vinodko@microsoft.com>
2025-09-26 04:36:00 +00:00 · 2020-03-18 12:52:10 -07:00
parent 875f31e988
commit ac3f87346f
6 changed files with 130 additions and 25 deletions
--- a/pkg/proxy/winkernel/BUILD
+++ b/pkg/proxy/winkernel/BUILD
@@ -21,6 +21,7 @@ go_library(
            "//pkg/proxy/apis/config:go_default_library",
            "//pkg/proxy/config:go_default_library",
            "//pkg/proxy/healthcheck:go_default_library",
+            "//pkg/proxy/metaproxier:go_default_library",
            "//pkg/proxy/metrics:go_default_library",
            "//pkg/util/async:go_default_library",
            "//staging/src/k8s.io/api/core/v1:go_default_library",
@@ -35,6 +36,7 @@ go_library(
            "//vendor/github.com/Microsoft/hcsshim/hcn:go_default_library",
            "//vendor/github.com/davecgh/go-spew/spew:go_default_library",
            "//vendor/k8s.io/klog/v2:go_default_library",
+            "//vendor/k8s.io/utils/net:go_default_library",
        ],
        "//conditions:default": [],
    }),
--- a/pkg/proxy/winkernel/hnsV2.go
+++ b/pkg/proxy/winkernel/hnsV2.go
@@ -30,6 +30,11 @@ import (

 type hnsV2 struct{}

+var (
+	// LoadBalancerFlagsIPv6 enables IPV6.
+	LoadBalancerFlagsIPv6 hcn.LoadBalancerFlags = 2
+)
+
 func (hns hnsV2) getNetworkByName(name string) (*hnsNetworkInfo, error) {
 	hnsnetwork, err := hcn.GetNetworkByName(name)
 	if err != nil {
@@ -90,10 +95,14 @@ func (hns hnsV2) getEndpointByIpAddress(ip string, networkName string) (*endpoin
 		equal := false
 		if endpoint.IpConfigurations != nil && len(endpoint.IpConfigurations) > 0 {
 			equal = endpoint.IpConfigurations[0].IpAddress == ip
+
+			if !equal && len(endpoint.IpConfigurations) > 1 {
+				equal = endpoint.IpConfigurations[1].IpAddress == ip
+			}
 		}
 		if equal && strings.EqualFold(endpoint.HostComputeNetwork, hnsnetwork.Id) {
 			return &endpointsInfo{
-				ip:         endpoint.IpConfigurations[0].IpAddress,
+				ip:         ip,
 				isLocal:    uint32(endpoint.Flags&hcn.EndpointFlagsRemoteEndpoint) == 0, //TODO: Change isLocal to isRemote
 				macAddress: endpoint.MacAddress,
 				hnsID:      endpoint.Id,
@@ -232,6 +241,10 @@ func (hns hnsV2) getLoadBalancer(endpoints []endpointsInfo, flags loadBalancerFl
 		lbFlags |= hcn.LoadBalancerFlagsDSR
 	}

+	if flags.isIPv6 {
+		lbFlags |= LoadBalancerFlagsIPv6
+	}
+
 	lbDistributionType := hcn.LoadBalancerDistributionNone

 	if flags.sessionAffinity {
--- a/pkg/proxy/winkernel/proxier.go
+++ b/pkg/proxy/winkernel/proxier.go
@@ -48,8 +48,10 @@ import (
 	"k8s.io/kubernetes/pkg/proxy/apis/config"
 	proxyconfig "k8s.io/kubernetes/pkg/proxy/config"
 	"k8s.io/kubernetes/pkg/proxy/healthcheck"
+	"k8s.io/kubernetes/pkg/proxy/metaproxier"
 	"k8s.io/kubernetes/pkg/proxy/metrics"
 	"k8s.io/kubernetes/pkg/util/async"
+	utilnet "k8s.io/utils/net"
 )

 // KernelCompatTester tests whether the required kernel capabilities are
@@ -101,6 +103,7 @@ type loadBalancerFlags struct {
 	useMUX          bool
 	preserveDIP     bool
 	sessionAffinity bool
+	isIPv6          bool
 }

 // internal struct for string service information
@@ -163,13 +166,17 @@ type endpointsInfo struct {
 	hns             HostNetworkService
 }

-//Uses mac prefix and IPv4 address to return a mac address
+//Uses mac prefix and IP address to return a mac address
 //This ensures mac addresses are unique for proper load balancing
-//Does not support IPv6 and returns a dummy mac
+//There is a possibility of MAC collisions but this Mac address is used for remote endpoints only
+//and not sent on the wire.
 func conjureMac(macPrefix string, ip net.IP) string {
 	if ip4 := ip.To4(); ip4 != nil {
 		a, b, c, d := ip4[0], ip4[1], ip4[2], ip4[3]
 		return fmt.Sprintf("%v-%02x-%02x-%02x-%02x", macPrefix, a, b, c, d)
+	} else if ip6 := ip.To16(); ip6 != nil {
+		a, b, c, d := ip6[15], ip6[14], ip6[13], ip6[12]
+		return fmt.Sprintf("%v-%02x-%02x-%02x-%02x", macPrefix, a, b, c, d)
 	}
 	return "02-11-22-33-44-55"
 }
@@ -502,6 +509,7 @@ type Proxier struct {
 	// with some partial data after kube-proxy restart.
 	endpointsSynced bool
 	servicesSynced  bool
+	isIPv6Mode      bool
 	initialized     int32
 	syncRunner      *async.BoundedFrequencyRunner // governs calls to syncProxyRules

@@ -664,6 +672,8 @@ func NewProxier(
 		}
 	}

+	isIPv6 := utilnet.IsIPv6(nodeIP)
+
 	proxier := &Proxier{
 		portsMap:            make(map[localPort]closeable),
 		serviceMap:          make(proxyServiceMap),
@@ -685,6 +695,7 @@ func NewProxier(
 		hostMac:             hostMac,
 		isDSR:               isDSR,
 		supportedFeatures:   supportedFeatures,
+		isIPv6Mode:          isIPv6,
 	}

 	burstSyncs := 2
@@ -694,6 +705,38 @@ func NewProxier(

 }

+func NewDualStackProxier(
+	syncPeriod time.Duration,
+	minSyncPeriod time.Duration,
+	masqueradeAll bool,
+	masqueradeBit int,
+	clusterCIDR string,
+	hostname string,
+	nodeIP [2]net.IP,
+	recorder record.EventRecorder,
+	healthzServer healthcheck.ProxierHealthUpdater,
+	config config.KubeProxyWinkernelConfiguration,
+) (proxy.Provider, error) {
+
+	// Create an ipv4 instance of the single-stack proxier
+	ipv4Proxier, err := NewProxier(syncPeriod, minSyncPeriod, masqueradeAll, masqueradeBit,
+		clusterCIDR, hostname, nodeIP[0], recorder, healthzServer, config)
+
+	if err != nil {
+		return nil, fmt.Errorf("unable to create ipv4 proxier: %v, hostname: %s, clusterCIDR : %s, nodeIP:%v", err, hostname, clusterCIDR, nodeIP[0])
+	}
+
+	ipv6Proxier, err := NewProxier(syncPeriod, minSyncPeriod, masqueradeAll, masqueradeBit,
+		clusterCIDR, hostname, nodeIP[1], recorder, healthzServer, config)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create ipv6 proxier: %v, hostname: %s, clusterCIDR : %s, nodeIP:%v", err, hostname, clusterCIDR, nodeIP[1])
+	}
+
+	// Return a meta-proxier that dispatch calls between the two
+	// single-stack proxier instances
+	return metaproxier.NewMetaProxier(ipv4Proxier, ipv6Proxier), nil
+}
+
 // CleanupLeftovers removes all hns rules created by the Proxier
 // It returns true if an error was encountered. Errors are logged.
 func CleanupLeftovers() (encounteredError bool) {
@@ -1275,7 +1318,7 @@ func (proxier *Proxier) syncProxyRules() {

 		hnsLoadBalancer, err := hns.getLoadBalancer(
 			hnsEndpoints,
-			loadBalancerFlags{isDSR: proxier.isDSR, sessionAffinity: sessionAffinityClientIP},
+			loadBalancerFlags{isDSR: proxier.isDSR, isIPv6: proxier.isIPv6Mode, sessionAffinity: sessionAffinityClientIP},
 			sourceVip,
 			svcInfo.clusterIP.String(),
 			Enum(svcInfo.protocol),
@@ -1300,7 +1343,7 @@ func (proxier *Proxier) syncProxyRules() {
 			}
 			hnsLoadBalancer, err := hns.getLoadBalancer(
 				nodePortEndpoints,
-				loadBalancerFlags{localRoutedVIP: true, sessionAffinity: sessionAffinityClientIP},
+				loadBalancerFlags{localRoutedVIP: true, sessionAffinity: sessionAffinityClientIP, isIPv6: proxier.isIPv6Mode},
 				sourceVip,
 				"",
 				Enum(svcInfo.protocol),
@@ -1321,7 +1364,7 @@ func (proxier *Proxier) syncProxyRules() {
 			// Try loading existing policies, if already available
 			hnsLoadBalancer, err = hns.getLoadBalancer(
 				hnsEndpoints,
-				loadBalancerFlags{sessionAffinity: sessionAffinityClientIP},
+				loadBalancerFlags{sessionAffinity: sessionAffinityClientIP, isIPv6: proxier.isIPv6Mode},
 				sourceVip,
 				externalIP.ip,
 				Enum(svcInfo.protocol),
@@ -1344,7 +1387,7 @@ func (proxier *Proxier) syncProxyRules() {
 			}
 			hnsLoadBalancer, err := hns.getLoadBalancer(
 				lbIngressEndpoints,
-				loadBalancerFlags{isDSR: svcInfo.preserveDIP || proxier.isDSR, useMUX: svcInfo.preserveDIP, preserveDIP: svcInfo.preserveDIP, sessionAffinity: sessionAffinityClientIP},
+				loadBalancerFlags{isDSR: svcInfo.preserveDIP || proxier.isDSR, useMUX: svcInfo.preserveDIP, preserveDIP: svcInfo.preserveDIP, sessionAffinity: sessionAffinityClientIP, isIPv6: proxier.isIPv6Mode},
 				sourceVip,
 				lbIngressIP.ip,
 				Enum(svcInfo.protocol),