github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Clean up kubelet iptables setup a bit

Browse Source 
Remove some unnecessary code that distinguishes "IPv4-primary" vs
"IPv6-primary" despite it not having any effect.
This commit is contained in:
Dan Winship 2022-02-18 12:51:14 -05:00
parent e092b6d27b
commit b7e977d497
1 changed files with 5 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/kubelet/kubelet_network_linux.go
View File

@ -27,7 +27,6 @@ import (
"k8s.io/klog/v2" "k8s.io/klog/v2"
utiliptables "k8s.io/kubernetes/pkg/util/iptables" utiliptables "k8s.io/kubernetes/pkg/util/iptables"
utilexec "k8s.io/utils/exec" utilexec "k8s.io/utils/exec"
utilnet "k8s.io/utils/net"
) )
const ( const (
@ -51,29 +50,15 @@ const (
func (kl *Kubelet) initNetworkUtil() { func (kl *Kubelet) initNetworkUtil() {
exec := utilexec.New() exec := utilexec.New()
// TODO: @khenidak review when there is no IPv6 iptables exec what should happen here (note: no error returned from this func) iptClients := []utiliptables.Interface{
ipv6Primary := kl.nodeIPs != nil && utilnet.IsIPv6(kl.nodeIPs[0]) utiliptables.New(exec, utiliptables.ProtocolIPv4),
utiliptables.New(exec, utiliptables.ProtocolIPv6),
var iptClients []utiliptables.Interface
var protocols []utiliptables.Protocol
// assume 4,6
protocols = append(protocols, utiliptables.ProtocolIPv4)
iptClients = append(iptClients, utiliptables.New(exec, utiliptables.ProtocolIPv4))
protocols = append(protocols, utiliptables.ProtocolIPv6)
iptClients = append(iptClients, utiliptables.New(exec, utiliptables.ProtocolIPv6))
// and if they are not
if ipv6Primary {
protocols[0], protocols[1] = protocols[1], protocols[0]
iptClients[0], iptClients[1] = iptClients[1], iptClients[0]
} }
for i := range iptClients { for i := range iptClients {
iptClient := iptClients[i] iptClient := iptClients[i]
if kl.syncNetworkUtil(iptClient) { if kl.syncNetworkUtil(iptClient) {
klog.InfoS("Initialized protocol iptables rules.", "protocol", protocols[i]) klog.InfoS("Initialized protocol iptables rules.", "protocol", iptClient.Protocol())
go iptClient.Monitor( go iptClient.Monitor(
utiliptables.Chain("KUBE-KUBELET-CANARY"), utiliptables.Chain("KUBE-KUBELET-CANARY"),
[]utiliptables.Table{utiliptables.TableMangle, utiliptables.TableNAT, utiliptables.TableFilter}, []utiliptables.Table{utiliptables.TableMangle, utiliptables.TableNAT, utiliptables.TableFilter},
@ -81,7 +66,7 @@ func (kl *Kubelet) initNetworkUtil() {
1*time.Minute, wait.NeverStop, 1*time.Minute, wait.NeverStop,
) )
} else { } else {
klog.InfoS("Failed to initialize protocol iptables rules; some functionality may be missing.", "protocol", protocols[i]) klog.InfoS("Failed to initialize protocol iptables rules; some functionality may be missing.", "protocol", iptClient.Protocol())
} }
} }
} }