scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 11:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

kube-proxy: LoadBalancerSourceRanges as *net.IPNet

Browse Source
This commit is contained in:
Lars Ekman
2024-01-09 09:08:30 +01:00
parent 9eac24c656
commit 50b3ffc71f
8 changed files with 60 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/proxy/iptables/proxier.go
View File

@@ -54,7 +54,6 @@ import (
"k8s.io/kubernetes/pkg/util/async"
utiliptables "k8s.io/kubernetes/pkg/util/iptables"
utilexec "k8s.io/utils/exec"
netutils "k8s.io/utils/net"
)
const (
@@ -1294,12 +1293,9 @@ func (proxier *Proxier) syncProxyRules() {
// firewall filter based on each source range
allowFromNode := false
for _, src := range svcInfo.LoadBalancerSourceRanges() {
natRules.Write(args, "-s", src, "-j", string(externalTrafficChain))
_, cidr, err := netutils.ParseCIDRSloppy(src)
if err != nil {
klog.ErrorS(err, "Error parsing CIDR in LoadBalancerSourceRanges, dropping it", "cidr", cidr)
} else if cidr.Contains(proxier.nodeIP) {
for _, cidr := range svcInfo.LoadBalancerSourceRanges() {
natRules.Write(args, "-s", cidr.String(), "-j", string(externalTrafficChain))
if cidr.Contains(proxier.nodeIP) {
allowFromNode = true
}
}