From c3c7152c55f04ab846f2c5b0f8f0e2b8f7fd5fa7 Mon Sep 17 00:00:00 2001 From: Lars Ekman Date: Fri, 30 Nov 2018 18:42:22 +0100 Subject: [PATCH 1/3] Corrected condition. Fix for #71596 --- pkg/proxy/ipvs/proxier.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 20fd8acca5e..9cb5910b44f 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -1009,7 +1009,7 @@ func (proxier *Proxier) syncProxyRules() { } if err := proxier.syncService(svcNameString, serv, true); err == nil { // check if service need skip endpoints that not in same host as kube-proxy - onlyLocal := svcInfo.SessionAffinityType == v1.ServiceAffinityClientIP && svcInfo.OnlyNodeLocalEndpoints + onlyLocal := svcInfo.SessionAffinityType == v1.ServiceAffinityClientIP || svcInfo.OnlyNodeLocalEndpoints activeIPVSServices[serv.String()] = true activeBindAddrs[serv.Address.String()] = true if err := proxier.syncEndpoint(svcName, onlyLocal, serv); err != nil { From 227893dc3d900bde6fd2ee31eba4269902dc4b6c Mon Sep 17 00:00:00 2001 From: Lars Ekman Date: Tue, 11 Dec 2018 10:07:04 +0100 Subject: [PATCH 2/3] Corrected test TestOnlyLocalLoadBalancing --- pkg/proxy/ipvs/proxier_test.go | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/pkg/proxy/ipvs/proxier_test.go b/pkg/proxy/ipvs/proxier_test.go index 921ff01f0d1..1bfc547f367 100644 --- a/pkg/proxy/ipvs/proxier_test.go +++ b/pkg/proxy/ipvs/proxier_test.go @@ -1267,18 +1267,32 @@ func TestOnlyLocalLoadBalancing(t *testing.T) { ) epIP := "10.180.0.1" + epIP1 := "10.180.1.1" + thisHostname := testHostname + otherHostname := "other-hostname" + makeEndpointsMap(fp, makeTestEndpoints(svcPortName.Namespace, svcPortName.Name, func(ept *v1.Endpoints) { - ept.Subsets = []v1.EndpointSubset{{ - Addresses: []v1.EndpointAddress{{ - IP: epIP, - NodeName: nil, - }}, - Ports: []v1.EndpointPort{{ - Name: svcPortName.Port, - Port: int32(svcPort), - }}, - }} + ept.Subsets = []v1.EndpointSubset{ + { // **local** endpoint address, should be added as RS + Addresses: []v1.EndpointAddress{{ + IP: epIP, + NodeName: &thisHostname, + }}, + Ports: []v1.EndpointPort{{ + Name: svcPortName.Port, + Port: int32(svcPort), + }}}, + { // **remote** endpoint address, should not be added as RS + Addresses: []v1.EndpointAddress{{ + IP: epIP1, + NodeName: &otherHostname, + }}, + Ports: []v1.EndpointPort{{ + Name: svcPortName.Port, + Port: int32(svcPort), + }}, + }} }), ) From 7092e2f9f46a0c3873f29379523103ba31976a44 Mon Sep 17 00:00:00 2001 From: Laurent Bernaille Date: Sat, 29 Dec 2018 13:01:35 +0100 Subject: [PATCH 3/3] [kube-proxy/IPVS] Enforce ExternalTrafficPolicy:local even for services without affinity --- pkg/proxy/ipvs/proxier.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 9cb5910b44f..81b2f92213e 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -1008,11 +1008,9 @@ func (proxier *Proxier) syncProxyRules() { serv.Timeout = uint32(svcInfo.StickyMaxAgeSeconds) } if err := proxier.syncService(svcNameString, serv, true); err == nil { - // check if service need skip endpoints that not in same host as kube-proxy - onlyLocal := svcInfo.SessionAffinityType == v1.ServiceAffinityClientIP || svcInfo.OnlyNodeLocalEndpoints activeIPVSServices[serv.String()] = true activeBindAddrs[serv.Address.String()] = true - if err := proxier.syncEndpoint(svcName, onlyLocal, serv); err != nil { + if err := proxier.syncEndpoint(svcName, svcInfo.OnlyNodeLocalEndpoints, serv); err != nil { klog.Errorf("Failed to sync endpoint for service: %v, err: %v", serv, err) } } else {