github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #71911 from Nordix/issue-70113-2 

Only handle addresses of the own ip family
pull/564/head
Kubernetes Prow Robot 2018-12-10 23:02:33 -08:00 committed by GitHub
parent 3ed107ff0e 39dc41d411
commit 9d80e7522a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 123 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/proxy/ipvs/proxier.go
View File

@ -1679,7 +1679,12 @@ func (proxier *Proxier) cleanLegacyService(activeServices map[string]bool, curre
func (proxier *Proxier) getLegacyBindAddr(activeBindAddrs map[string]bool, currentBindAddrs []string) map[string]bool { func (proxier *Proxier) getLegacyBindAddr(activeBindAddrs map[string]bool, currentBindAddrs []string) map[string]bool {
legacyAddrs := make(map[string]bool) legacyAddrs := make(map[string]bool)
isIpv6 := utilnet.IsIPv6(proxier.nodeIP)
for _, addr := range currentBindAddrs { for _, addr := range currentBindAddrs {
addrIsIpv6 := utilnet.IsIPv6(net.ParseIP(addr))
if addrIsIpv6 && !isIpv6 || !addrIsIpv6 && isIpv6 {
continue
}
if _, ok := activeBindAddrs[addr]; !ok { if _, ok := activeBindAddrs[addr]; !ok {
legacyAddrs[addr] = true legacyAddrs[addr] = true
} }

125
pkg/proxy/ipvs/proxier_test.go
View File

@ -2869,7 +2869,8 @@ func TestCleanLegacyService(t *testing.T) {
fp.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) fp.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice)
activeBindAddrs := map[string]bool{"1.1.1.1": true, "2.2.2.2": true, "3.3.3.3": true, "4.4.4.4": true} activeBindAddrs := map[string]bool{"1.1.1.1": true, "2.2.2.2": true, "3.3.3.3": true, "4.4.4.4": true}
currentBindAddrs := []string{"1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4", "5.5.5.5", "6.6.6.6"} // This is ipv4-only so ipv6 addresses should be ignored
currentBindAddrs := []string{"1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4", "5.5.5.5", "6.6.6.6", "fd80::1:2:3", "fd80::1:2:4"}
for i := range currentBindAddrs { for i := range currentBindAddrs {
fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], DefaultDummyDevice) fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], DefaultDummyDevice)
} }
@ -2890,15 +2891,125 @@ func TestCleanLegacyService(t *testing.T) {
} }
} }
// Addresses 5.5.5.5 and 6.6.6.6 should not be bound any more // Addresses 5.5.5.5 and 6.6.6.6 should not be bound any more, but the ipv6 addresses should remain
remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(DefaultDummyDevice) remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(DefaultDummyDevice)
if len(remainingAddrs) != 4 { if len(remainingAddrs) != 6 {
t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 4, len(remainingAddrs)) t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 6, len(remainingAddrs))
} }
// check that address "1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4" are still bound // check that address "1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4" are bound, ignore ipv6 addresses
remainingAddrsMap := make(map[string]bool) remainingAddrsMap := make(map[string]bool)
for i := range remainingAddrs { for _, a := range remainingAddrs {
remainingAddrsMap[remainingAddrs[i]] = true if net.ParseIP(a).To4() == nil {
continue
}
remainingAddrsMap[a] = true
}
if !reflect.DeepEqual(activeBindAddrs, remainingAddrsMap) {
t.Errorf("Expected remainingAddrsMap %v, got %v", activeBindAddrs, remainingAddrsMap)
}
}
func TestCleanLegacyService6(t *testing.T) {
ipt := iptablestest.NewFake()
ipvs := ipvstest.NewFake()
ipset := ipsettest.NewFake(testIPSetVersion)
fp := NewFakeProxier(ipt, ipvs, ipset, nil, []string{"3000::/64", "4000::/64"})
fp.nodeIP = net.ParseIP("::1")
// All ipvs services that were processed in the latest sync loop.
activeServices := map[string]bool{"ipvs0": true, "ipvs1": true}
// All ipvs services in the system.
currentServices := map[string]*utilipvs.VirtualServer{
// Created by kube-proxy.
"ipvs0": {
Address: net.ParseIP("1000::1"),
Protocol: string(v1.ProtocolUDP),
Port: 53,
Scheduler: "rr",
Flags: utilipvs.FlagHashed,
},
// Created by kube-proxy.
"ipvs1": {
Address: net.ParseIP("1000::2"),
Protocol: string(v1.ProtocolUDP),
Port: 54,
Scheduler: "rr",
Flags: utilipvs.FlagHashed,
},
// Created by an external party.
"ipvs2": {
Address: net.ParseIP("3000::1"),
Protocol: string(v1.ProtocolUDP),
Port: 55,
Scheduler: "rr",
Flags: utilipvs.FlagHashed,
},
// Created by an external party.
"ipvs3": {
Address: net.ParseIP("4000::1"),
Protocol: string(v1.ProtocolUDP),
Port: 56,
Scheduler: "rr",
Flags: utilipvs.FlagHashed,
},
// Created by an external party.
"ipvs4": {
Address: net.ParseIP("5000::1"),
Protocol: string(v1.ProtocolUDP),
Port: 57,
Scheduler: "rr",
Flags: utilipvs.FlagHashed,
},
// Created by kube-proxy, but now stale.
"ipvs5": {
Address: net.ParseIP("1000::6"),
Protocol: string(v1.ProtocolUDP),
Port: 58,
Scheduler: "rr",
Flags: utilipvs.FlagHashed,
},
}
for v := range currentServices {
fp.ipvs.AddVirtualServer(currentServices[v])
}
fp.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice)
activeBindAddrs := map[string]bool{"1000::1": true, "1000::2": true, "3000::1": true, "4000::1": true}
// This is ipv6-only so ipv4 addresses should be ignored
currentBindAddrs := []string{"1000::1", "1000::2", "3000::1", "4000::1", "5000::1", "1000::6", "1.1.1.1", "2.2.2.2"}
for i := range currentBindAddrs {
fp.netlinkHandle.EnsureAddressBind(currentBindAddrs[i], DefaultDummyDevice)
}
fp.cleanLegacyService(activeServices, currentServices, map[string]bool{"5000::1": true, "1000::6": true})
// ipvs4 and ipvs5 should have been cleaned.
remainingVirtualServers, _ := fp.ipvs.GetVirtualServers()
if len(remainingVirtualServers) != 4 {
t.Errorf("Expected number of remaining IPVS services after cleanup to be %v. Got %v", 4, len(remainingVirtualServers))
}
for _, vs := range remainingVirtualServers {
// Checking that ipvs4 and ipvs5 were removed.
if vs.Port == 57 {
t.Errorf("Expected ipvs4 to be removed after cleanup. It still remains")
}
if vs.Port == 58 {
t.Errorf("Expected ipvs5 to be removed after cleanup. It still remains")
}
}
// Addresses 5000::1 and 1000::6 should not be bound any more, but the ipv4 addresses should remain
remainingAddrs, _ := fp.netlinkHandle.ListBindAddress(DefaultDummyDevice)
if len(remainingAddrs) != 6 {
t.Errorf("Expected number of remaining bound addrs after cleanup to be %v. Got %v", 6, len(remainingAddrs))
}
// check that address "1000::1", "1000::2", "3000::1", "4000::1" are still bound, ignore ipv4 addresses
remainingAddrsMap := make(map[string]bool)
for _, a := range remainingAddrs {
if net.ParseIP(a).To4() != nil {
continue
}
remainingAddrsMap[a] = true
} }
if !reflect.DeepEqual(activeBindAddrs, remainingAddrsMap) { if !reflect.DeepEqual(activeBindAddrs, remainingAddrsMap) {
t.Errorf("Expected remainingAddrsMap %v, got %v", activeBindAddrs, remainingAddrsMap) t.Errorf("Expected remainingAddrsMap %v, got %v", activeBindAddrs, remainingAddrsMap)