mirror of https://github.com/k3s-io/k3s
966c77c83f
Automatic merge from submit-queue (batch tested with PRs 65388, 64995). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Always create kubeClusterIPSet in ipvs proxier **What this PR does / why we need it**: This PR creates the kubeClusterIPSet ipset even if kube-proxy is started without masqueradeAll and clusterCIDR. This is necessary to masquerade traffic sent to a clusterIP from the host network namespace. The code to do so is actually already present here: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/proxier.go#L1220-L1244 However the second else (neither masqueradeAll nor clusterCIDR are set) cannot be used because, before this PR, the initial test `if !proxier.ipsetList[kubeClusterIPSet].isEmpty()` can never return true when masqueradeAll and clusterCIDR are not set because kubeClusterIPSet is empty. **Which issue(s) this PR fixes** Fixes #65158 ```release-note Allow access to ClusterIP from the host network namespace when kube-proxy is started in IPVS mode without either masqueradeAll or clusterCIDR flags ``` **Additional comment** Issue #65158 is closed because ClusterIP access from the host has already fixed in master, except for the case described here (no masquerade flag). More detail in the issue. |
||
|---|---|---|
| .. | ||
| apis/kubeproxyconfig | ||
| config | ||
| healthcheck | ||
| iptables | ||
| ipvs | ||
| metrics | ||
| userspace | ||
| util | ||
| winkernel | ||
| winuserspace | ||
| BUILD | ||
| OWNERS | ||
| doc.go | ||
| endpoints.go | ||
| endpoints_test.go | ||
| service.go | ||
| service_test.go | ||
| types.go | ||