github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 05:57:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #52614 from leblancd/v6_proxy_bind_address

Browse Source 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add check for IPv6 '::' when calculating kube-proxy's node IP

kube-proxy currently checks for a bind address of 0.0.0.0 (IPv4 all-zeros)
when calculating kube-proxy's node IP, but it does not check for
an address of '::' (IPv6 all-zeros). For either of those all-zeros
addresses, the node IP should be determined based on the hostname,
rather than using the address directly.

Also added a helpful log message when the kube-proxy protocol is
determined to be IPv6.

fixes #52613



**What this PR does / why we need it**:
This PR adds a check for a bind address of IPv6 '::' (all zeros) when kube-proxy is calculating its node IP,
similar to what is done for a bind address of IPv4 0.0.0.0. For either of these all-zeros addresses,
kube-proxy should derive the node IP based on the hostname, rather than use the bind address
directly.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #52613

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2017-10-04 19:55:04 -07:00 committed by GitHub
commit daa0d81703
3 changed files with 59 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/kube-proxy/app/server_others.go
View File

@ -65,6 +65,7 @@ func NewProxyServer(config *componentconfig.KubeProxyConfiguration, cleanupAndEx
protocol := utiliptables.ProtocolIpv4 protocol := utiliptables.ProtocolIpv4
if net.ParseIP(config.BindAddress).To4() == nil { if net.ParseIP(config.BindAddress).To4() == nil {
glog.V(0).Infof("IPv6 bind address (%s), assume IPv6 operation", config.BindAddress)
protocol = utiliptables.ProtocolIpv6 protocol = utiliptables.ProtocolIpv6
} }
@ -115,10 +116,8 @@ func NewProxyServer(config *componentconfig.KubeProxyConfiguration, cleanupAndEx
proxyMode := getProxyMode(string(config.Mode), iptInterface, iptables.LinuxKernelCompatTester{}) proxyMode := getProxyMode(string(config.Mode), iptInterface, iptables.LinuxKernelCompatTester{})
if proxyMode == proxyModeIPTables { if proxyMode == proxyModeIPTables {
glog.V(0).Info("Using iptables Proxier.") glog.V(0).Info("Using iptables Proxier.")
var nodeIP net.IP nodeIP := net.ParseIP(config.BindAddress)
if config.BindAddress != "0.0.0.0" { if nodeIP.Equal(net.IPv4zero) || nodeIP.Equal(net.IPv6zero) {
nodeIP = net.ParseIP(config.BindAddress)
} else {
nodeIP = getNodeIP(client, hostname) nodeIP = getNodeIP(client, hostname)
} }
if config.IPTables.MasqueradeBit == nil { if config.IPTables.MasqueradeBit == nil {

59
cmd/kube-proxy/app/server_test.go
View File

@ -177,7 +177,7 @@ func TestProxyServerWithCleanupAndExit(t *testing.T) {
// Each bind address below is a separate test case // Each bind address below is a separate test case
bindAddresses := []string{ bindAddresses := []string{
"0.0.0.0", "0.0.0.0",
"2001:db8::1", "::",
} }
for _, addr := range bindAddresses { for _, addr := range bindAddresses {
options, err := NewOptions() options, err := NewOptions()
@ -308,13 +308,54 @@ udpTimeoutMilliseconds: 123ms
metricsBindAddress string metricsBindAddress string
}{ }{
{ {
name: "iptables mode, IPv4 config", name: "iptables mode, IPv4 all-zeros bind address",
mode: "iptables",
bindAddress: "0.0.0.0",
clusterCIDR: "1.2.3.0/24",
healthzBindAddress: "1.2.3.4:12345",
metricsBindAddress: "2.3.4.5:23456",
},
{
name: "iptables mode, non-zeros IPv4 config",
mode: "iptables", mode: "iptables",
bindAddress: "9.8.7.6", bindAddress: "9.8.7.6",
clusterCIDR: "1.2.3.0/24", clusterCIDR: "1.2.3.0/24",
healthzBindAddress: "1.2.3.4:12345", healthzBindAddress: "1.2.3.4:12345",
metricsBindAddress: "2.3.4.5:23456", metricsBindAddress: "2.3.4.5:23456",
}, },
{
// Test for 'bindAddress: "::"' (IPv6 all-zeros) in kube-proxy
// config file. The user will need to put quotes around '::' since
// 'bindAddress: ::' is invalid yaml syntax.
name: "iptables mode, IPv6 \"::\" bind address",
mode: "iptables",
bindAddress: "\"::\"",
clusterCIDR: "fd00:1::0/64",
healthzBindAddress: "[fd00:1::5]:12345",
metricsBindAddress: "[fd00:2::5]:23456",
},
{
// Test for 'bindAddress: "[::]"' (IPv6 all-zeros in brackets)
// in kube-proxy config file. The user will need to use
// surrounding quotes here since 'bindAddress: [::]' is invalid
// yaml syntax.
name: "iptables mode, IPv6 \"[::]\" bind address",
mode: "iptables",
bindAddress: "\"[::]\"",
clusterCIDR: "fd00:1::0/64",
healthzBindAddress: "[fd00:1::5]:12345",
metricsBindAddress: "[fd00:2::5]:23456",
},
{
// Test for 'bindAddress: ::0' (another form of IPv6 all-zeros).
// No surrounding quotes are required around '::0'.
name: "iptables mode, IPv6 ::0 bind address",
mode: "iptables",
bindAddress: "::0",
clusterCIDR: "fd00:1::0/64",
healthzBindAddress: "[fd00:1::5]:12345",
metricsBindAddress: "[fd00:2::5]:23456",
},
{ {
name: "ipvs mode, IPv6 config", name: "ipvs mode, IPv6 config",
mode: "ipvs", mode: "ipvs",
@ -326,8 +367,13 @@ udpTimeoutMilliseconds: 123ms
} }
for _, tc := range testCases { for _, tc := range testCases {
expBindAddr := tc.bindAddress
if tc.bindAddress[0] == '"' {
// Surrounding double quotes will get stripped by the yaml parser.
expBindAddr = expBindAddr[1 : len(tc.bindAddress)-1]
}
expected := &componentconfig.KubeProxyConfiguration{ expected := &componentconfig.KubeProxyConfiguration{
BindAddress: tc.bindAddress, BindAddress: expBindAddr,
ClientConnection: componentconfig.ClientConnectionConfiguration{ ClientConnection: componentconfig.ClientConnectionConfiguration{
AcceptContentTypes: "abc", AcceptContentTypes: "abc",
Burst: 100, Burst: 100,
@ -374,7 +420,7 @@ udpTimeoutMilliseconds: 123ms
config, err := options.loadConfig([]byte(yaml)) config, err := options.loadConfig([]byte(yaml))
assert.NoError(t, err, "unexpected error for %s: %v", tc.name, err) assert.NoError(t, err, "unexpected error for %s: %v", tc.name, err)
if !reflect.DeepEqual(expected, config) { if !reflect.DeepEqual(expected, config) {
t.Fatalf("unexpected config for %s test, diff = %s", tc.name, diff.ObjectDiff(config, expected)) t.Fatalf("unexpected config for %s, diff = %s", tc.name, diff.ObjectDiff(config, expected))
} }
} }
} }
@ -396,6 +442,11 @@ func TestLoadConfigFailures(t *testing.T) {
config: "kind: KubeSchedulerConfiguration", config: "kind: KubeSchedulerConfiguration",
expErr: "unexpected config type", expErr: "unexpected config type",
}, },
{
name: "Missing quotes around :: bindAddress",
config: "bindAddress: ::",
expErr: "mapping values are not allowed in this context",
},
} }
version := "apiVersion: componentconfig/v1alpha1" version := "apiVersion: componentconfig/v1alpha1"
for _, tc := range testCases { for _, tc := range testCases {

2
pkg/proxy/userspace/proxier.go
View File

@ -942,7 +942,7 @@ func iptablesFlush(ipt iptables.Interface) error {
var zeroIPv4 = net.ParseIP("0.0.0.0") var zeroIPv4 = net.ParseIP("0.0.0.0")
var localhostIPv4 = net.ParseIP("127.0.0.1") var localhostIPv4 = net.ParseIP("127.0.0.1")
var zeroIPv6 = net.ParseIP("::0") var zeroIPv6 = net.ParseIP("::")
var localhostIPv6 = net.ParseIP("::1") var localhostIPv6 = net.ParseIP("::1")
// Build a slice of iptables args that are common to from-container and from-host portal rules. // Build a slice of iptables args that are common to from-container and from-host portal rules.