From b69510b0690073510fdb787f34687c4d0a40e358 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Mon, 18 Dec 2023 19:58:47 -0500 Subject: [PATCH] Remove an unnecessary abstraction safeIpset was a wrapper for thread-safely sharing an ipset.IPSet, but this was unnecessary because ipset.IPSet is just a wrapper around exec anyway and doesn't need any locking. --- pkg/proxy/ipvs/proxier.go | 6 +- pkg/proxy/ipvs/safe_ipset.go | 104 ----------------------------------- 2 files changed, 2 insertions(+), 108 deletions(-) delete mode 100644 pkg/proxy/ipvs/safe_ipset.go diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index d1594707f35..05afd762045 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -489,10 +489,8 @@ func NewDualStackProxier( initOnly bool, ) (proxy.Provider, error) { - safeIpset := newSafeIpset(ipset) - // Create an ipv4 instance of the single-stack proxier - ipv4Proxier, err := NewProxier(v1.IPv4Protocol, ipt[0], ipvs, safeIpset, sysctl, + ipv4Proxier, err := NewProxier(v1.IPv4Protocol, ipt[0], ipvs, ipset, sysctl, exec, syncPeriod, minSyncPeriod, filterCIDRs(false, excludeCIDRs), strictARP, tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit, localDetectors[0], hostname, nodeIPs[v1.IPv4Protocol], recorder, @@ -501,7 +499,7 @@ func NewDualStackProxier( return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err) } - ipv6Proxier, err := NewProxier(v1.IPv6Protocol, ipt[1], ipvs, safeIpset, sysctl, + ipv6Proxier, err := NewProxier(v1.IPv6Protocol, ipt[1], ipvs, ipset, sysctl, exec, syncPeriod, minSyncPeriod, filterCIDRs(true, excludeCIDRs), strictARP, tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit, localDetectors[1], hostname, nodeIPs[v1.IPv6Protocol], recorder, diff --git a/pkg/proxy/ipvs/safe_ipset.go b/pkg/proxy/ipvs/safe_ipset.go deleted file mode 100644 index 1dbad0eb5cd..00000000000 --- a/pkg/proxy/ipvs/safe_ipset.go +++ /dev/null @@ -1,104 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ipvs - -import ( - "sync" - - "k8s.io/kubernetes/pkg/proxy/ipvs/ipset" -) - -type safeIpset struct { - ipset ipset.Interface - mu sync.Mutex -} - -func newSafeIpset(ipset ipset.Interface) ipset.Interface { - return &safeIpset{ - ipset: ipset, - } -} - -// FlushSet deletes all entries from a named set. -func (s *safeIpset) FlushSet(set string) error { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.FlushSet(set) -} - -// DestroySet deletes a named set. -func (s *safeIpset) DestroySet(set string) error { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.DestroySet(set) -} - -// DestroyAllSets deletes all sets. -func (s *safeIpset) DestroyAllSets() error { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.DestroyAllSets() -} - -// CreateSet creates a new set. It will ignore error when the set already exists if ignoreExistErr=true. -func (s *safeIpset) CreateSet(set *ipset.IPSet, ignoreExistErr bool) error { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.CreateSet(set, ignoreExistErr) -} - -// AddEntry adds a new entry to the named set. It will ignore error when the entry already exists if ignoreExistErr=true. -func (s *safeIpset) AddEntry(entry string, set *ipset.IPSet, ignoreExistErr bool) error { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.AddEntry(entry, set, ignoreExistErr) -} - -// DelEntry deletes one entry from the named set -func (s *safeIpset) DelEntry(entry string, set string) error { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.DelEntry(entry, set) -} - -// Test test if an entry exists in the named set -func (s *safeIpset) TestEntry(entry string, set string) (bool, error) { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.TestEntry(entry, set) -} - -// ListEntries lists all the entries from a named set -func (s *safeIpset) ListEntries(set string) ([]string, error) { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.ListEntries(set) -} - -// ListSets list all set names from kernel -func (s *safeIpset) ListSets() ([]string, error) { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.ListSets() -} - -// GetVersion returns the "X.Y" version string for ipset. -func (s *safeIpset) GetVersion() (string, error) { - s.mu.Lock() - defer s.mu.Unlock() - return s.ipset.GetVersion() -}