For kube-proxy, node addition and node update is semantically
considered as similar event, we have exactly same handler
logic for these two events resulting in duplicate code and
unit tests.
This merges the `NodeHandler` interface methods OnNodeAdd and
OnNodeUpdate into OnNodeChange along with the implementation
of the interface.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
This simplifies how the proxier receives update for change in node
labels. Instead of passing the complete Node object we just pass
the proxy relevant topology labels extracted from the complete list
of labels, and the downstream event handlers will only be notified
when there are changes in topology labels.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
For kube-proxy, node addition and node update is semantically
considered as similar event, we have exactly same handler
logic for these two events resulting in duplicate code and
unit tests.
This merges the `NodeHandler` interface methods OnNodeAdd and
OnNodeUpdate into OnNodeChange along with the implementation
of the interface.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
This simplifies how the proxier receives update for change in node
labels. Instead of passing the complete Node object we just pass
the proxy relevant topology labels extracted from the complete list
of labels, and the downstream event handlers will only be notified
when there are changes in topology labels.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:
- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.
This commit was generated with
sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')
Everything was included, except for
package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".
Ensure kube-proxy waits for the services/endpointslices informer
caches to be synced *and* all pre-sync events delivered before
setting isInitialized=true. Otherwise, in clusters with many services,
some services may be missing from svcPortMap when kube-proxy starts
(e.g. during daemonset rollout). This can cause kube-proxy to temporarily
remove service DNAT rules and then skip cleanup of UDP conntrack entries
to a service VIP.
Resolves: https://github.com/kubernetes/kubernetes/issues/126468
NFTables proxy will now drop traffic directed towards unallocated
ClusterIPs and reject traffic directed towards invalid ports of
Cluster IPs.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
* Use k8s.io/utils/ptr in pkg/proxy
* Replace pointer.String(), pointer.StringPtr(), and pointer.Bool() with ptr.To()
* Replace pointer.Int32(constexpr) with ptr.To[int32](constexpr)
* Replace pointer.Int32(int32(var)) with ptr.To(int32(var))
* Replace remaining pointer.Int32() cases with ptr.To
* Replace 'tcpProtocol := v1.ProtocolTCP; ... &tcpProtocol', etc with ptr.To(v1.ProtocolTCP)
* Replace 'nodeName = testHostname; ... &nodeName' with ptr.To(testHostname)
* Use ptr.To for SessionAffinityConfig.ClientIP.TimeoutSeconds
* Use ptr.To for InternalTrafficPolicy
* Use ptr.To for LoadBalancer.Ingress.IPMode
Because the proxy.Provider interface included
proxyconfig.EndpointsHandler, all the backends needed to
implement its methods. But iptables, ipvs, and winkernel implemented
them as no-ops, and metaproxier had an implementation that wouldn't
actually work (because it couldn't handle Services with no active
Endpoints).
Since Endpoints processing in kube-proxy is deprecated (and can't be
re-enabled unless you're using a backend that doesn't support
EndpointSlice), remove proxyconfig.EndpointsHandler from the
definition of proxy.Provider and drop all the useless implementations.
