-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support ipv6 in bind address #76320
support ipv6 in bind address #76320
Conversation
Hi @jiejhih. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this change needs unit tests.
also please add a release note (user facing change) as per the PR template.
/sig network
/ok-to-test
/priority backlog
/kind cleanup
/assign |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for starting the fix. This is known to contain bugs and we wanted to improve it.
cmd/kube-proxy/app/server.go
Outdated
@@ -369,6 +370,14 @@ func (o *Options) applyDeprecatedHealthzPortToConfig() { | |||
return | |||
} | |||
|
|||
// check ipv6 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While you are here, do you mind somehow refactoring this out and reuse it on SetDefaults
as well?
kubernetes/pkg/proxy/apis/config/v1alpha1/defaults.go
Lines 36 to 49 in 37e6266
func SetDefaults_KubeProxyConfiguration(obj *kubeproxyconfigv1alpha1.KubeProxyConfiguration) { | |
if len(obj.BindAddress) == 0 { | |
obj.BindAddress = "0.0.0.0" | |
} | |
if obj.HealthzBindAddress == "" { | |
obj.HealthzBindAddress = fmt.Sprintf("0.0.0.0:%v", ports.ProxyHealthzPort) | |
} else if !strings.Contains(obj.HealthzBindAddress, ":") { | |
obj.HealthzBindAddress += fmt.Sprintf(":%v", ports.ProxyHealthzPort) | |
} | |
if obj.MetricsBindAddress == "" { | |
obj.MetricsBindAddress = fmt.Sprintf("127.0.0.1:%v", ports.ProxyStatusPort) | |
} else if !strings.Contains(obj.MetricsBindAddress, ":") { | |
obj.MetricsBindAddress += fmt.Sprintf(":%v", ports.ProxyStatusPort) | |
} |
You change current only has impact on flags, which are deprecated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good. I'm going to refactor this.
Thanks
@MrHohn I have a question , GetBindAddressHostPort method now I write under both |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs default value
if obj.HealthzBindAddress != "" { | ||
|
||
if healthzHost == "" { | ||
obj.HealthzBindAddress = fmt.Sprintf("[::0]:%v", ports.ProxyHealthzPort) // set ipv6 default value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MrHohn What's the default value should I set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For IPv4 it is 0.0.0.0
, we should use the equivalent ::
then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
Thanks
if obj.MetricsBindAddress != "" { | ||
|
||
if metricsHost == "" { | ||
obj.MetricsBindAddress = fmt.Sprintf("[::0]:%v", ports.ProxyStatusPort) // set ipv6 default value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MrHohn What's the default value should I set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For IPv4 it is 127.0.0.1
, we should use the equivalent ::1
then?
/retest |
42fc00d
to
81fb347
Compare
cmd/kube-proxy/app/server.go
Outdated
@@ -357,6 +358,31 @@ func (o *Options) writeConfigFile() error { | |||
return nil | |||
} | |||
|
|||
func GetBindAddressHostPort(address string, bindPort int) (string, string, string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need a comment for exported function - what is the purpose and what it returns?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will return host、port、tag(ipv4 or ipv6)、error
The param bindPort
is used to set a default value or the port you really want to bind when the address does not contain the port.
https://github.com/kubernetes/kubernetes/pull/76320/files#diff-48f6b24dd0fd4d66bfb6caa7523e11ebR220
cmd/kube-proxy/app/server.go
Outdated
bindAddress = fmt.Sprintf("%s:%d", host, o.metricsPort) | ||
} | ||
|
||
if tag == "ipv6" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using switch
might make this cleaner.
cmd/kube-proxy/app/server.go
Outdated
bindAddress = fmt.Sprintf("[%s]:%d", host, o.healthzPort) | ||
} | ||
|
||
o.config.HealthzBindAddress = bindAddress | ||
} | ||
|
||
func (o *Options) applyDeprecatedMetricsPortToConfig() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be great to dedup applyDeprecatedMetricsPortToConfig()
and applyDeprecatedHealthzPortToConfig()
--- they look almost the same :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It can use o.applyDeprecatedBindAddressPortToConfig("healthz", "metrics")
to handle both method now.
https://github.com/kubernetes/kubernetes/pull/76320/files#diff-cf93bbed37202b7d58b5841f07ddd89fR412
obj.HealthzBindAddress = fmt.Sprintf("0.0.0.0:%v", ports.ProxyHealthzPort) | ||
} else if !strings.Contains(obj.HealthzBindAddress, ":") { | ||
obj.HealthzBindAddress += fmt.Sprintf(":%v", ports.ProxyHealthzPort) | ||
// ipv6 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Humm..The ipv6 and ipv4 block looks fairly complicated. It also seems like we are duplicating the logic to handle HealthzBindAddress
and MetricsBindAddress
. We should extract out the common part and reuse if possible.
Putting such logic into a func would also help unit testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It just considers ipv4 format originally.
Now we have ipv6 format have to check.
As the following link that can make sure BindAddress
HealthzBindAddress
MetricsBindAddress
format are ipv4 or ipv6.
But there are some unit tests failed, I'm not sure is that some test cases I haven't thought
https://github.com/kubernetes/kubernetes/pull/76320/files#diff-f1bfd0a64c0e2e6163dfbf23b47abe93R44
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't looked closely, just adding a quick note that some tests are failing because the bazel file is not updated (https://prow.k8s.io/view/gcs/kubernetes-jenkins/pr-logs/pull/76320/pull-kubernetes-verify/1116634758399397889). You might need to run ./hack/update-bazel.sh
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good. It fixes almost.
Now only pull-kubernetes-e2e-gce
is left.
Thanks for the help.
https://prow.k8s.io/view/gcs/kubernetes-jenkins/pr-logs/pull/76320/pull-kubernetes-e2e-gce/1116758947001274377/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Took another look, it still seems to me this is more complicated than it needs to be. I gave it a try on MrHohn@d576643. Do you mind taking a look if that works for you? Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I make a little change. It should give ipv6 format when bindAddress is ipv6, that is one thing the PR have to refactor.
@jiejhih I would recommend putting the func you wanted to share into a util package, and import it in both |
pkg/proxy/util/utils.go
Outdated
@@ -214,3 +215,29 @@ func filterWithCondition(strs []string, expectedCondition bool, conditionFunc fu | |||
} | |||
return corrects, incorrects | |||
} | |||
|
|||
// GetBindAddressHostPort parse IP to host, port, tag=ipv4 or ipv6 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be more clear to make ipv4
and ipv6
a type.
type AddressType string
const (
AddressTypeIPv4 = "ipv4"
AddressTypeIPv6 = "ipv6"
)
pkg/proxy/util/utils.go
Outdated
} | ||
|
||
host, port, err := net.SplitHostPort(address) | ||
if err == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Read better if we return earlier in the error case:
host, port, err := net.SplitHostPort(address)
if err != nil {
return "", "", tag, err
}
...
cmd/kube-proxy/app/server.go
Outdated
case "ipv4": | ||
bindAddress = fmt.Sprintf("%s:%d", host, o.healthzPort) | ||
case "ipv6": | ||
bindAddress = fmt.Sprintf("[%s]:%d", host, o.healthzPort) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are still duplicating above logic in two places :)
obj.HealthzBindAddress = fmt.Sprintf("0.0.0.0:%v", ports.ProxyHealthzPort) | ||
} else if !strings.Contains(obj.HealthzBindAddress, ":") { | ||
obj.HealthzBindAddress += fmt.Sprintf(":%v", ports.ProxyHealthzPort) | ||
// ipv6 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Took another look, it still seems to me this is more complicated than it needs to be. I gave it a try on MrHohn@d576643. Do you mind taking a look if that works for you? Thanks.
cmd/kube-proxy/app/server.go
Outdated
deprecatedMap = map[string]func(){ | ||
"healthz": o.applyDeprecatedHealthzPortToConfig, | ||
"metrics": o.applyDeprecatedMetricsPortToConfig, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be unnecessary to add this map complication.
@MrHohn PTAL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the works and sorry for adding a couple more comments. Since this is API related, I wanted to keep the codes as readable and maintainable as possible.
if o.healthzPort == 0 { | ||
o.config.HealthzBindAddress = "" | ||
return | ||
// 1. If port is 0, disable the server (e.g. set address to empty). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be great to preserve some of the original comments:
// addressFromDeprecatedFlags returns server address from flags
// passed on the command line based on the following rules:
// ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
Thanks
cmd/kube-proxy/app/server_test.go
Outdated
healthzBindAddress: "[fd00:1::5]:12345", | ||
}, | ||
{ | ||
name: "ipvs mode, IPv6 config", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How is this ipvs mode configured? I only saw it in test name?
cmd/kube-proxy/app/server_test.go
Outdated
} | ||
} | ||
|
||
func validateHostPort(input string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Humm.. It feels a bit odd to have such logic in test. Can we simply hardcode the expected result instead of adding these validation logic, which seems irrelevant to what we are testing?
cmd/kube-proxy/app/server_test.go
Outdated
} | ||
} | ||
|
||
func TestApplyDeprecatedMetricsPortToConfig(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test is identical to the above test case --- I think having one TestApplyDeprecatedPortToConfig
would be sufficient.
cmd/kube-proxy/app/server_test.go
Outdated
}, | ||
} | ||
|
||
for _, tc := range testCases { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see value from deprecated flags get passed in? How is that evaluated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To ensure test coverage but make this simple, maybe simply calling addressFromDeprecatedFlags()
in test and make sure it does what we want?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I use Complete()
func originally, now I write TestAddressFromDeprecatedFlags
that simply calling addressFromDeprecatedFlags()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also I remove TestApplyDeprecatedMetricsPortToConfig
and TestApplyDeprecatedHealthzPortToConfig
change into TestAddressFromDeprecatedFlags
.
|
||
// AppendPortIfNeeded appends the given port to IP address unless it is already in | ||
// "ipv4:port" or "[ipv6]:port" format. | ||
func AppendPortIfNeeded(addr string, port int32) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be great to have a unit test for this helper func :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Thanks
@@ -34,19 +38,37 @@ func addDefaultingFuncs(scheme *kruntime.Scheme) error { | |||
} | |||
|
|||
func SetDefaults_KubeProxyConfiguration(obj *kubeproxyconfigv1alpha1.KubeProxyConfiguration) { | |||
var tag proxyutil.AddressType |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since now all the logic seems to be self-contained in this file, we could avoid adding a new type (sorry for being back and forth on this). What about:
...
defaultHealthzAddress, defaultMetricsAddress := getDefaultAddresses(obj.BindAddress)
if obj.HealthzBindAddress == "" {
obj.HealthzBindAddress = fmt.Sprintf("%s:%d", defaultHealthzAddress, ports.ProxyHealthzPort)
} else {
obj.HealthzBindAddress = proxyutil.AppendPortIfNeeded(obj.HealthzBindAddress, ports.ProxyHealthzPort)
}
if obj.MetricsBindAddress == "" {
obj.MetricsBindAddress = fmt.Sprintf("%s:%d", defaultMetricsAddress, ports.ProxyStatusPort)
} else {
obj.MetricsBindAddress = proxyutil.AppendPortIfNeeded(obj.MetricsBindAddress, ports.ProxyStatusPort)
}
...
// getDefaultAddresses returns default address of healthz and metrics server
// based on the given bind address. IPv6 addresses are enclosed in square
// brackets for appending port.
func getDefaultAddresses(bindAddress string) (defaultHealthzAddress, defaultMetricsAddress string) {
if net.ParseIP(bindAddress).To4() != nil {
return "0.0.0.0", "127.0.0.1"
}
return "[::]", "[::1]"
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
Thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! LGTM with one comment. Please squash the commits.
pkg/proxy/util/utils.go
Outdated
@@ -32,6 +32,14 @@ import ( | |||
"k8s.io/klog" | |||
) | |||
|
|||
// AddressType defined IP address ipv4 or ipv6 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove the unused codes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
Thanks
use split host port func instead trim specific character add unit test for metrics and healthz bind address recover import package refactor set default kube proxy configuration fix ipv4 condition fix set default port condition rewrite call function occasion to reduce error set ipv6 default value move get GetBindAddressHostPort to util use one func to handle deprecated series update bazel define address type return earlier in the error case refactor set default kube proxy configuration logic recover import package preserve some of the original comments add get default address func add append port if needed unit test rewrite unit test for deprecated flags remove unused codes
7b37fb6
to
08e320f
Compare
@MrHohn Squashed and pushed, thanks for your review. |
/retest |
Thanks! /assign @thockin |
/milestone v1.15 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JieJhih, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@MrHohn This should not need my approval - if you are not in OWNERS you probably should be? |
Will send a PR for the |
What type of PR is this?
What this PR does / why we need it:
validateHostPort return error(
must be IP:port
) when using IPv6 addressing for HealthzBindAddress and MetricsBindAddress.Which issue(s) this PR fixes:
Fixes #76289
Special notes for your reviewer:
Does this PR introduce a user-facing change?: