New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes NodePort in ipv6 with proxy-mode=ipvs #71035
Conversation
Use ipv6 addresses for NodePort with proxy-mode=ipvs in a ipv6-only cluster.
@uablrek: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi @uablrek. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/sig network |
/ok-to-test |
/retest |
pkg/proxy/ipvs/proxier.go
Outdated
@@ -382,14 +382,14 @@ func NewProxier(ipt utiliptables.Interface, | |||
healthzServer: healthzServer, | |||
ipvs: ipvs, | |||
ipvsScheduler: scheduler, | |||
ipGetter: &realIPGetter{nl: NewNetLinkHandle()}, | |||
ipGetter: &realIPGetter{nl: NewNetLinkHandle(nodeIP.To4() == nil)}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use the var isIPv6
instead of nodeIP.To4() == nil
pkg/proxy/ipvs/proxier.go
Outdated
iptablesData: bytes.NewBuffer(nil), | ||
filterChainsData: bytes.NewBuffer(nil), | ||
natChains: bytes.NewBuffer(nil), | ||
natRules: bytes.NewBuffer(nil), | ||
filterChains: bytes.NewBuffer(nil), | ||
filterRules: bytes.NewBuffer(nil), | ||
netlinkHandle: NewNetLinkHandle(), | ||
netlinkHandle: NewNetLinkHandle(nodeIP.To4() == nil), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above
@Lion-Wei God point. I will update |
I will also rename the parameter to NewNetLinkHandle ipv6 -> isIPv6 to have consitent naming |
/test pull-kubernetes-verify |
/release-note-none |
xref: #71202 |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: m1093782566, uablrek The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
I think this bug fix should be in v1.13. /milestone v1.13 |
Adding label as it may break an IPV6 cluster. |
/hold |
@uablrek @m1093782566 was this PR meant for 1.13? we no longer accept merges into 1.13 branch and only extremely critical urgent fixes can to be CP'ed if needed. |
I think at the time of creation the version was still "1.13...something" so it should work if the patch can be applied. Note that this is a problem only for ipv6-only in combination with proxy-mode=ipvs. The most common is still proxy-mode=iptables which seem to work. So maybe this can slide to 1.14 but if it is possible to document that ipv6+proxy-mode=ipvs is not supported <1.14 it may save some time for new ipv6 users. |
@nikopen Not much have happened in the code as far as I know, and the base was 1.13... so I am pretty sure it can be cherry-picked. |
Thanks all /hold cancel |
/release-note-none Putting this PR into merge pool... |
/milestone clear |
/retest Review the full test history for this PR. Silence the bot with an |
1 similar comment
/retest Review the full test history for this PR. Silence the bot with an |
Use ipv6 addresses for NodePort with proxy-mode=ipvs in a ipv6-only cluster.
What type of PR is this?
/kind bug
What this PR does / why we need it:
This affects ipv6-only cluster with proxy-mode=ipvs only.
In an ipv6-only cluster the address scanning function used for setting up NodePort rules in ipvs ipvs return ipv4 addresses.
This PR ensures that ipv6 addresses are returned by the scanning function in an ipv6-only cluster. This makes NodePort work in an ipv6-only cluster with proxy-mode=ipvs.
Which issue(s) this PR fixes
Fixes #68437
Special notes for your reviewer:
I added a
ipv6
flag in thenetlinkHandle
struct rather than return both ipv4 and ipv6 addresses. The main reason for this is that IHO it reduces the risk for breaking the existing ipv4 function.I am unsure how this will affect future dual-stack work, but the again I guess nobody knows and maybe it even simplifies.
Only manual testing that NodePort works in ipv6-only/ipvs is performed.
Does this PR introduce a user-facing change?:
NONE