kube-proxy: store LoadBalancerVIPs as net.IP

They were stored as strings which could be non-canonical and cause problems
2026-01-05 07:27:21 +00:00 · 2024-01-07 08:33:30 +01:00
parent 564b80b1e1
commit d2294007b0
8 changed files with 67 additions and 58 deletions
--- a/pkg/proxy/ipvs/proxier.go
+++ b/pkg/proxy/ipvs/proxier.go
@@ -1152,10 +1152,10 @@ func (proxier *Proxier) syncProxyRules() {
 		}

 		// Capture load-balancer ingress.
-		for _, ingress := range svcInfo.LoadBalancerVIPStrings() {
+		for _, ingress := range svcInfo.LoadBalancerVIPs() {
 			// ipset call
 			entry = &utilipset.Entry{
-				IP:       ingress,
+				IP:       ingress.String(),
 				Port:     svcInfo.Port(),
 				Protocol: protocol,
 				SetType:  utilipset.HashIPPort,
@@ -1190,7 +1190,7 @@ func (proxier *Proxier) syncProxyRules() {
 				for _, src := range svcInfo.LoadBalancerSourceRanges() {
 					// ipset call
 					entry = &utilipset.Entry{
-						IP:       ingress,
+						IP:       ingress.String(),
 						Port:     svcInfo.Port(),
 						Protocol: protocol,
 						Net:      src,
@@ -1214,10 +1214,10 @@ func (proxier *Proxier) syncProxyRules() {
 				// Need to add the following rule to allow request on host.
 				if allowFromNode {
 					entry = &utilipset.Entry{
-						IP:       ingress,
+						IP:       ingress.String(),
 						Port:     svcInfo.Port(),
 						Protocol: protocol,
-						IP2:      ingress,
+						IP2:      ingress.String(),
 						SetType:  utilipset.HashIPPortIP,
 					}
 					// enumerate all white list source ip
@@ -1234,7 +1234,7 @@ func (proxier *Proxier) syncProxyRules() {
 			}
 			// ipvs call
 			serv := &utilipvs.VirtualServer{
-				Address:   netutils.ParseIPSloppy(ingress),
+				Address:   ingress,
 				Port:      uint16(svcInfo.Port()),
 				Protocol:  string(svcInfo.Protocol()),
 				Scheduler: proxier.ipvsScheduler,