github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 11:21:47 +00:00
Code Issues Projects Releases Wiki Activity

add nodeport-addresses flag for kube-proxy

Browse Source
This commit is contained in:
m1093782566 2018-01-17 10:15:43 +08:00
parent 52b7aab09a
commit bc850adce4
7 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kube-proxy/app/server.go
View File

@ -169,6 +169,8 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
"NAT timeout for TCP connections in the CLOSE_WAIT state") "NAT timeout for TCP connections in the CLOSE_WAIT state")
fs.BoolVar(&o.config.EnableProfiling, "profiling", o.config.EnableProfiling, "If true enables profiling via web interface on /debug/pprof handler.") fs.BoolVar(&o.config.EnableProfiling, "profiling", o.config.EnableProfiling, "If true enables profiling via web interface on /debug/pprof handler.")
fs.StringVar(&o.config.IPVS.Scheduler, "ipvs-scheduler", o.config.IPVS.Scheduler, "The ipvs scheduler type when proxy mode is ipvs") fs.StringVar(&o.config.IPVS.Scheduler, "ipvs-scheduler", o.config.IPVS.Scheduler, "The ipvs scheduler type when proxy mode is ipvs")
fs.StringSliceVar(&o.config.NodePortAddresses, "nodeport-addresses", o.config.NodePortAddresses,
"A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.")
fs.Var(flag.NewMapStringBool(&o.config.FeatureGates), "feature-gates", "A set of key=value pairs that describe feature gates for alpha/experimental features. "+ fs.Var(flag.NewMapStringBool(&o.config.FeatureGates), "feature-gates", "A set of key=value pairs that describe feature gates for alpha/experimental features. "+
"Options are:\n"+strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n")) "Options are:\n"+strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n"))
} }

3
cmd/kube-proxy/app/server_others.go
View File

@ -161,6 +161,7 @@ func newProxyServer(
nodeIP, nodeIP,
recorder, recorder,
healthzUpdater, healthzUpdater,
config.NodePortAddresses,
) )
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)
@ -196,6 +197,7 @@ func newProxyServer(
recorder, recorder,
healthzServer, healthzServer,
config.IPVS.Scheduler, config.IPVS.Scheduler,
config.NodePortAddresses,
) )
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)
@ -226,6 +228,7 @@ func newProxyServer(
config.IPTables.SyncPeriod.Duration, config.IPTables.SyncPeriod.Duration,
config.IPTables.MinSyncPeriod.Duration, config.IPTables.MinSyncPeriod.Duration,
config.UDPIdleTimeout.Duration, config.UDPIdleTimeout.Duration,
config.NodePortAddresses,
) )
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)

4
cmd/kube-proxy/app/server_test.go
View File

@ -433,6 +433,9 @@ oomScoreAdj: 17
portRange: "2-7" portRange: "2-7"
resourceContainer: /foo resourceContainer: /foo
udpIdleTimeout: 123ms udpIdleTimeout: 123ms
nodePortAddresses:
- "10.20.30.40/16"
- "fd00:1::0/64"
` `
testCases := []struct { testCases := []struct {
@ -545,6 +548,7 @@ udpIdleTimeout: 123ms
PortRange: "2-7", PortRange: "2-7",
ResourceContainer: "/foo", ResourceContainer: "/foo",
UDPIdleTimeout: metav1.Duration{Duration: 123 * time.Millisecond}, UDPIdleTimeout: metav1.Duration{Duration: 123 * time.Millisecond},
NodePortAddresses: []string{"10.20.30.40/16", "fd00:1::0/64"},
} }
options := NewOptions() options := NewOptions()

1
pkg/kubemark/hollow_proxy.go
View File

@ -92,6 +92,7 @@ func NewHollowProxyOrDie(
getNodeIP(client, nodeName), getNodeIP(client, nodeName),
recorder, recorder,
nil, nil,
[]string{},
) )
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)

4
pkg/proxy/apis/kubeproxyconfig/fuzzer/fuzzer.go
View File

@ -44,7 +44,9 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
obj.IPTables.MasqueradeBit = utilpointer.Int32Ptr(c.Int31()) obj.IPTables.MasqueradeBit = utilpointer.Int32Ptr(c.Int31())
obj.MetricsBindAddress = fmt.Sprintf("%d.%d.%d.%d:%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(65536)) obj.MetricsBindAddress = fmt.Sprintf("%d.%d.%d.%d:%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(65536))
obj.OOMScoreAdj = utilpointer.Int32Ptr(c.Int31()) obj.OOMScoreAdj = utilpointer.Int32Ptr(c.Int31())
obj.ResourceContainer = c.RandString() obj.ResourceContainer = "foo"
obj.ClientConnection.ContentType = "bar"
obj.NodePortAddresses = []string{"1.2.3.0/24"}
}, },
} }
} }

8
pkg/proxy/apis/kubeproxyconfig/types.go
View File

@ -144,6 +144,14 @@ type KubeProxyConfiguration struct {
// configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater // configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
// than 0. // than 0.
ConfigSyncPeriod metav1.Duration ConfigSyncPeriod metav1.Duration
// nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid
// IP blocks. These values are as a parameter to select the interfaces where nodeport works.
// In case someone would like to expose a service on localhost for local visit and some other interfaces for
// particular purpose, a list of IP blocks would do that.
// If set it to "127.0.0.0/8", kube-proxy will only select the loopback interface for NodePort.
// If set it to a non-zero IP block, kube-proxy will filter that down to just the IPs that applied to the node.
// An empty string slice is meant to select all network interfaces.
NodePortAddresses []string
} }
// Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables' // Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables'

8
pkg/proxy/apis/kubeproxyconfig/v1alpha1/types.go
View File

@ -140,6 +140,14 @@ type KubeProxyConfiguration struct {
// configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater // configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
// than 0. // than 0.
ConfigSyncPeriod metav1.Duration `json:"configSyncPeriod"` ConfigSyncPeriod metav1.Duration `json:"configSyncPeriod"`
// nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid
// IP blocks. These values are as a parameter to select the interfaces where nodeport works.
// In case someone would like to expose a service on localhost for local visit and some other interfaces for
// particular purpose, a list of IP blocks would do that.
// If set it to "127.0.0.0/8", kube-proxy will only select the loopback interface for NodePort.
// If set it to a non-zero IP block, kube-proxy will filter that down to just the IPs that applied to the node.
// An empty string slice is meant to select all network interfaces.
NodePortAddresses []string `json:"nodePortAddresses"`
} }
// Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables' // Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables'