mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
Put all iptables nodeport address handling in one place
For some reason we were calculating the available nodeport IPs at the top of syncProxyRules even though we didn't use them until the end. (Well, the previous code avoided generating KUBE-NODEPORTS chain rules if there were no node IPs available, but that case is considered an error anyway, so there's no need to optimize it.) (Also fix a stale `err` reference exposed by this move.)
This commit is contained in:
parent
7e40d6d04e
commit
d43878f970
@ -988,20 +988,6 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
}
|
||||
proxier.largeClusterMode = (totalEndpoints > largeClusterEndpointsThreshold)
|
||||
|
||||
nodeAddresses, err := utilproxy.GetNodeAddresses(proxier.nodePortAddresses, proxier.networkInterfacer)
|
||||
if err != nil {
|
||||
klog.ErrorS(err, "Failed to get node ip address matching nodeport cidrs, services with nodeport may not work as intended", "CIDRs", proxier.nodePortAddresses)
|
||||
}
|
||||
// nodeAddresses may contain dual-stack zero-CIDRs if proxier.nodePortAddresses is empty.
|
||||
// Ensure nodeAddresses only contains the addresses for this proxier's IP family.
|
||||
for addr := range nodeAddresses {
|
||||
if utilproxy.IsZeroCIDR(addr) && isIPv6 == netutils.IsIPv6CIDRString(addr) {
|
||||
// if any of the addresses is zero cidr of this IP family, non-zero IPs can be excluded.
|
||||
nodeAddresses = sets.NewString(addr)
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// These two variables are used to publish the sync_proxy_rules_no_endpoints_total
|
||||
// metric.
|
||||
serviceNoLocalEndpointsTotalInternal := 0
|
||||
@ -1218,7 +1204,7 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
}
|
||||
|
||||
// Capture nodeports.
|
||||
if svcInfo.NodePort() != 0 && len(nodeAddresses) != 0 {
|
||||
if svcInfo.NodePort() != 0 {
|
||||
if hasEndpoints {
|
||||
// Jump to the external destination chain. For better or for
|
||||
// worse, nodeports are not subect to loadBalancerSourceRanges,
|
||||
@ -1414,7 +1400,7 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
for _, ep := range allLocallyReachableEndpoints {
|
||||
epInfo, ok := ep.(*endpointsInfo)
|
||||
if !ok {
|
||||
klog.ErrorS(err, "Failed to cast endpointsInfo", "endpointsInfo", ep)
|
||||
klog.ErrorS(nil, "Failed to cast endpointsInfo", "endpointsInfo", ep)
|
||||
continue
|
||||
}
|
||||
|
||||
@ -1474,6 +1460,20 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
|
||||
// Finally, tail-call to the nodePorts chain. This needs to be after all
|
||||
// other service portal rules.
|
||||
nodeAddresses, err := utilproxy.GetNodeAddresses(proxier.nodePortAddresses, proxier.networkInterfacer)
|
||||
if err != nil {
|
||||
klog.ErrorS(err, "Failed to get node ip address matching nodeport cidrs, services with nodeport may not work as intended", "CIDRs", proxier.nodePortAddresses)
|
||||
}
|
||||
// nodeAddresses may contain dual-stack zero-CIDRs if proxier.nodePortAddresses is empty.
|
||||
// Ensure nodeAddresses only contains the addresses for this proxier's IP family.
|
||||
for addr := range nodeAddresses {
|
||||
if utilproxy.IsZeroCIDR(addr) && isIPv6 == netutils.IsIPv6CIDRString(addr) {
|
||||
// if any of the addresses is zero cidr of this IP family, non-zero IPs can be excluded.
|
||||
nodeAddresses = sets.NewString(addr)
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
for address := range nodeAddresses {
|
||||
if utilproxy.IsZeroCIDR(address) {
|
||||
destinations := []string{"-m", "addrtype", "--dst-type", "LOCAL"}
|
||||
|
Loading…
Reference in New Issue
Block a user