add nodeport-addresses flag for kube-proxy

2025-07-21 02:41:25 +00:00 · 2018-01-17 10:15:43 +08:00 · 2018-01-17 10:15:43 +08:00 · bc850adce4
commit bc850adce4
parent 52b7aab09a
7 changed files with 29 additions and 1 deletions
--- a/cmd/kube-proxy/app/server.go
+++ b/cmd/kube-proxy/app/server.go
@ -169,6 +169,8 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
 		"NAT timeout for TCP connections in the CLOSE_WAIT state")
 	fs.BoolVar(&o.config.EnableProfiling, "profiling", o.config.EnableProfiling, "If true enables profiling via web interface on /debug/pprof handler.")
 	fs.StringVar(&o.config.IPVS.Scheduler, "ipvs-scheduler", o.config.IPVS.Scheduler, "The ipvs scheduler type when proxy mode is ipvs")
+	fs.StringSliceVar(&o.config.NodePortAddresses, "nodeport-addresses", o.config.NodePortAddresses,
+		"A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.")
 	fs.Var(flag.NewMapStringBool(&o.config.FeatureGates), "feature-gates", "A set of key=value pairs that describe feature gates for alpha/experimental features. "+
 		"Options are:\n"+strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n"))
 }
--- a/cmd/kube-proxy/app/server_others.go
+++ b/cmd/kube-proxy/app/server_others.go
@ -161,6 +161,7 @@ func newProxyServer(
 			nodeIP,
 			recorder,
 			healthzUpdater,
+			config.NodePortAddresses,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("unable to create proxier: %v", err)
@ -196,6 +197,7 @@ func newProxyServer(
 			recorder,
 			healthzServer,
 			config.IPVS.Scheduler,
+			config.NodePortAddresses,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("unable to create proxier: %v", err)
@ -226,6 +228,7 @@ func newProxyServer(
 			config.IPTables.SyncPeriod.Duration,
 			config.IPTables.MinSyncPeriod.Duration,
 			config.UDPIdleTimeout.Duration,
+			config.NodePortAddresses,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("unable to create proxier: %v", err)
--- a/cmd/kube-proxy/app/server_test.go
+++ b/cmd/kube-proxy/app/server_test.go
@ -433,6 +433,9 @@ oomScoreAdj: 17
 portRange: "2-7"
 resourceContainer: /foo
 udpIdleTimeout: 123ms
+nodePortAddresses:
+  - "10.20.30.40/16"
+  - "fd00:1::0/64"
 `

 	testCases := []struct {
@ -545,6 +548,7 @@ udpIdleTimeout: 123ms
 			PortRange:          "2-7",
 			ResourceContainer:  "/foo",
 			UDPIdleTimeout:     metav1.Duration{Duration: 123 * time.Millisecond},
+			NodePortAddresses:  []string{"10.20.30.40/16", "fd00:1::0/64"},
 		}

 		options := NewOptions()
--- a/pkg/kubemark/hollow_proxy.go
+++ b/pkg/kubemark/hollow_proxy.go
@ -92,6 +92,7 @@ func NewHollowProxyOrDie(
 			getNodeIP(client, nodeName),
 			recorder,
 			nil,
+			[]string{},
 		)
 		if err != nil {
 			return nil, fmt.Errorf("unable to create proxier: %v", err)
--- a/pkg/proxy/apis/kubeproxyconfig/fuzzer/fuzzer.go
+++ b/pkg/proxy/apis/kubeproxyconfig/fuzzer/fuzzer.go
@ -44,7 +44,9 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
 			obj.IPTables.MasqueradeBit = utilpointer.Int32Ptr(c.Int31())
 			obj.MetricsBindAddress = fmt.Sprintf("%d.%d.%d.%d:%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(65536))
 			obj.OOMScoreAdj = utilpointer.Int32Ptr(c.Int31())
-			obj.ResourceContainer = c.RandString()
+			obj.ResourceContainer = "foo"
+			obj.ClientConnection.ContentType = "bar"
+			obj.NodePortAddresses = []string{"1.2.3.0/24"}
 		},
 	}
 }
--- a/pkg/proxy/apis/kubeproxyconfig/types.go
+++ b/pkg/proxy/apis/kubeproxyconfig/types.go
@ -144,6 +144,14 @@ type KubeProxyConfiguration struct {
 	// configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
 	// than 0.
 	ConfigSyncPeriod metav1.Duration
+	// nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid
+	// IP blocks. These values are as a parameter to select the interfaces where nodeport works.
+	// In case someone would like to expose a service on localhost for local visit and some other interfaces for
+	// particular purpose, a list of IP blocks would do that.
+	// If set it to "127.0.0.0/8", kube-proxy will only select the loopback interface for NodePort.
+	// If set it to a non-zero IP block, kube-proxy will filter that down to just the IPs that applied to the node.
+	// An empty string slice is meant to select all network interfaces.
+	NodePortAddresses []string
 }

 // Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables'
--- a/pkg/proxy/apis/kubeproxyconfig/v1alpha1/types.go
+++ b/pkg/proxy/apis/kubeproxyconfig/v1alpha1/types.go
@ -140,6 +140,14 @@ type KubeProxyConfiguration struct {
 	// configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
 	// than 0.
 	ConfigSyncPeriod metav1.Duration `json:"configSyncPeriod"`
+	// nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid
+	// IP blocks. These values are as a parameter to select the interfaces where nodeport works.
+	// In case someone would like to expose a service on localhost for local visit and some other interfaces for
+	// particular purpose, a list of IP blocks would do that.
+	// If set it to "127.0.0.0/8", kube-proxy will only select the loopback interface for NodePort.
+	// If set it to a non-zero IP block, kube-proxy will filter that down to just the IPs that applied to the node.
+	// An empty string slice is meant to select all network interfaces.
+	NodePortAddresses []string `json:"nodePortAddresses"`
 }

 // Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables'