support ipv6 in bind address

[LexCC]

What type of PR is this?

/kind bug

What this PR does / why we need it:
validateHostPort return error(must be IP:port) when using IPv6 addressing for HealthzBindAddress and MetricsBindAddress.

Which issue(s) this PR fixes:

Fixes #76289

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

kube-proxy: HealthzBindAddress and MetricsBindAddress support ipv6 address.

[k8s-ci-robot]

Hi @jiejhih. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[neolit123]

this change needs unit tests.
also please add a release note (user facing change) as per the PR template.

/sig network
/ok-to-test
/priority backlog
/kind cleanup

[MrHohn]

/assign

[MrHohn]

Thanks for starting the fix. This is known to contain bugs and we wanted to improve it.

[MrHohn]

While you are here, do you mind somehow refactoring this out and reuse it on SetDefaults as well?

kubernetes/pkg/proxy/apis/config/v1alpha1/defaults.go

Lines 36 to 49 in 37e6266

	func SetDefaults_KubeProxyConfiguration(obj *kubeproxyconfigv1alpha1.KubeProxyConfiguration) {
	if len(obj.BindAddress) == 0 {
	obj.BindAddress = "0.0.0.0"
	}
	if obj.HealthzBindAddress == "" {
	obj.HealthzBindAddress = fmt.Sprintf("0.0.0.0:%v", ports.ProxyHealthzPort)
	} else if !strings.Contains(obj.HealthzBindAddress, ":") {
	obj.HealthzBindAddress += fmt.Sprintf(":%v", ports.ProxyHealthzPort)
	}
	if obj.MetricsBindAddress == "" {
	obj.MetricsBindAddress = fmt.Sprintf("127.0.0.1:%v", ports.ProxyStatusPort)
	} else if !strings.Contains(obj.MetricsBindAddress, ":") {
	obj.MetricsBindAddress += fmt.Sprintf(":%v", ports.ProxyStatusPort)
	}

You change current only has impact on flags, which are deprecated.

[LexCC]

Good. I'm going to refactor this.
Thanks

[LexCC]

@MrHohn I have a question , GetBindAddressHostPort method now I write under both pkg/proxy/apis/config/v1alpha1 and cmd/kube-proxy/app package. Cause I'm new here, I'm still researching all the struct. I wanna write this method for KubeProxyConfiguration struct. Although it seems that two packages both have KubeProxyConfiguration struct, but they are in a different namespace? so they can't share a GetBindAddressHostPort func

[LexCC]

Needs default value

[LexCC]

@MrHohn What's the default value should I set.

[MrHohn]

For IPv4 it is 0.0.0.0, we should use the equivalent :: then?

[LexCC]

Updated.
Thanks

[LexCC]

@MrHohn What's the default value should I set.

[MrHohn]

For IPv4 it is 127.0.0.1, we should use the equivalent ::1 then?

[LexCC]

/retest

[MrHohn]

Need a comment for exported function - what is the purpose and what it returns?

[LexCC]

It will return host、port、tag(ipv4 or ipv6)、error
The param bindPortis used to set a default value or the port you really want to bind when the address does not contain the port.
https://github.com/kubernetes/kubernetes/pull/76320/files#diff-48f6b24dd0fd4d66bfb6caa7523e11ebR220

[MrHohn]

Using switch might make this cleaner.

[MrHohn]

Would be great to dedup applyDeprecatedMetricsPortToConfig() and applyDeprecatedHealthzPortToConfig() --- they look almost the same :)

[LexCC]

It can use o.applyDeprecatedBindAddressPortToConfig("healthz", "metrics") to handle both method now.
https://github.com/kubernetes/kubernetes/pull/76320/files#diff-cf93bbed37202b7d58b5841f07ddd89fR412

[MrHohn]

Humm..The ipv6 and ipv4 block looks fairly complicated. It also seems like we are duplicating the logic to handle HealthzBindAddress and MetricsBindAddress. We should extract out the common part and reuse if possible.

Putting such logic into a func would also help unit testing.

[LexCC]

It just considers ipv4 format originally.
Now we have ipv6 format have to check.
As the following link that can make sure BindAddress HealthzBindAddress MetricsBindAddress format are ipv4 or ipv6.
But there are some unit tests failed, I'm not sure is that some test cases I haven't thought
https://github.com/kubernetes/kubernetes/pull/76320/files#diff-f1bfd0a64c0e2e6163dfbf23b47abe93R44

[MrHohn]

I haven't looked closely, just adding a quick note that some tests are failing because the bazel file is not updated (https://prow.k8s.io/view/gcs/kubernetes-jenkins/pr-logs/pull/76320/pull-kubernetes-verify/1116634758399397889). You might need to run ./hack/update-bazel.sh.

[LexCC]

Good. It fixes almost.
Now only pull-kubernetes-e2e-gce is left.
Thanks for the help.
https://prow.k8s.io/view/gcs/kubernetes-jenkins/pr-logs/pull/76320/pull-kubernetes-e2e-gce/1116758947001274377/

[MrHohn]

Took another look, it still seems to me this is more complicated than it needs to be. I gave it a try on MrHohn@d576643. Do you mind taking a look if that works for you? Thanks.

[LexCC]

LGTM
Thanks

[LexCC]

I make a little change. It should give ipv6 format when bindAddress is ipv6, that is one thing the PR have to refactor.

[MrHohn]

Although it seems that two packages both have KubeProxyConfiguration struct, but they are in a different namespace? so they can't share a GetBindAddressHostPort func

@jiejhih I would recommend putting the func you wanted to share into a util package, and import it in both pkg/proxy/apis/config/v1alpha1 and cmd/kube-proxy/app. Maybe https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/util/utils.go?

[MrHohn]

Would be more clear to make ipv4 and ipv6 a type.

type AddressType string

const (
    AddressTypeIPv4 = "ipv4"
    AddressTypeIPv6 = "ipv6"
)

[MrHohn]

Read better if we return earlier in the error case:

host, port, err := net.SplitHostPort(address)
if err != nil {
    return "", "", tag, err 
}

...

[MrHohn]

You are still duplicating above logic in two places :)

[MrHohn]

Took another look, it still seems to me this is more complicated than it needs to be. I gave it a try on MrHohn@d576643. Do you mind taking a look if that works for you? Thanks.

[MrHohn]

It might be unnecessary to add this map complication.

[LexCC]

@MrHohn PTAL.
Is the code looks good now?
Thanks.

[MrHohn]

Thanks for the works and sorry for adding a couple more comments. Since this is API related, I wanted to keep the codes as readable and maintainable as possible.

[MrHohn]

Would be great to preserve some of the original comments:

// addressFromDeprecatedFlags returns server address from flags
// passed on the command line based on the following rules:
// ...

[LexCC]

Updated.
Thanks

[MrHohn]

How is this ipvs mode configured? I only saw it in test name?

[MrHohn]

Humm.. It feels a bit odd to have such logic in test. Can we simply hardcode the expected result instead of adding these validation logic, which seems irrelevant to what we are testing?

[MrHohn]

This test is identical to the above test case --- I think having one TestApplyDeprecatedPortToConfig would be sufficient.

[MrHohn]

I don't see value from deprecated flags get passed in? How is that evaluated?

[MrHohn]

To ensure test coverage but make this simple, maybe simply calling addressFromDeprecatedFlags() in test and make sure it does what we want?

[LexCC]

I use Complete() func originally, now I write TestAddressFromDeprecatedFlags that simply calling addressFromDeprecatedFlags().

[LexCC]

Also I remove TestApplyDeprecatedMetricsPortToConfig and TestApplyDeprecatedHealthzPortToConfig change into TestAddressFromDeprecatedFlags.

[MrHohn]

Would be great to have a unit test for this helper func :)

[LexCC]

Done.
Thanks

[MrHohn]

Since now all the logic seems to be self-contained in this file, we could avoid adding a new type (sorry for being back and forth on this). What about:

...
	defaultHealthzAddress, defaultMetricsAddress := getDefaultAddresses(obj.BindAddress)
	if obj.HealthzBindAddress == "" {
		obj.HealthzBindAddress = fmt.Sprintf("%s:%d", defaultHealthzAddress, ports.ProxyHealthzPort)
	} else {
		obj.HealthzBindAddress = proxyutil.AppendPortIfNeeded(obj.HealthzBindAddress, ports.ProxyHealthzPort)
	}
	if obj.MetricsBindAddress == "" {
		obj.MetricsBindAddress = fmt.Sprintf("%s:%d", defaultMetricsAddress, ports.ProxyStatusPort)
	} else {
		obj.MetricsBindAddress = proxyutil.AppendPortIfNeeded(obj.MetricsBindAddress, ports.ProxyStatusPort)
	}
...
// getDefaultAddresses returns default address of healthz and metrics server
// based on the given bind address. IPv6 addresses are enclosed in square
// brackets for appending port.
func getDefaultAddresses(bindAddress string) (defaultHealthzAddress, defaultMetricsAddress string) {
	if net.ParseIP(bindAddress).To4() != nil {
		return "0.0.0.0", "127.0.0.1"
	}
	return "[::]", "[::1]"
}

[LexCC]

Updated.
Thanks

[MrHohn]

Thanks! LGTM with one comment. Please squash the commits.

[MrHohn]

Please remove the unused codes.

[LexCC]

Updated.
Thanks

[LexCC]

@MrHohn Squashed and pushed, thanks for your review.

[dcbw]

/retest

[MrHohn]

Thanks!
/lgtm

/assign @thockin
for approval.

[dims]

/assign @thockin

@thockin this looks ready and has lgtm(s), can you please look?

[dims]

/milestone v1.15

[thockin]

Thanks!

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JieJhih, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/OWNERS [thockin]
• pkg/proxy/OWNERS [thockin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[thockin]

@MrHohn This should not need my approval - if you are not in OWNERS you probably should be?

[MrHohn]

@MrHohn This should not need my approval - if you are not in OWNERS you probably should be?

Will send a PR for the cmd/kube-proxy part :)