Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix in kube-proxy for sctp ipset entries #81477
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Does this PR introduce a user-facing change?:
Hi @paulsubrata55. Thanks for your PR.
I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with
Once the patch is verified, the new status will be reflected by the
I understand the commands that are listed here.
Kube-proxy will add ipset entries for all node ips for an SCTP nodeport service. This will solve the problem 'SCTP nodeport service is not working for all IPs present in the node when ipvs is enabled. It is working only for node's InternalIP.'
Yes I have done the end-to-end test with this specific scenario and it works perfectly and after that only I created the PR.
The end-to-end test I meant was more of a manual testing. It was done with 2 nodes with a sample sctp server running as deployment with 3 replicas and trying to connect with an sctp client via a nodeport service. I provided all the nodeIPs to the sctp client as server ips, then connected to the server one by one and sent some data. Then I monitored the traffic using tcpdump tool and analyzed that the DNAT and SNAT are working and also verified using ipvsadm command hitting the real-servers. Thats how I tested.
Given the lack of E2E tests for SCTP, I think this would be enough validation for now. We should have e2es for this eventually though.
The test setup is like below: It's a 2 nodes cluster:
Cluster is up and running.
Below is SCTP server deployment:
And a nodeport service for the above:
IPVS output on kmaster
The same on knode1:
ipset output for nodeport on kmaster:
And the same on knode1:
Now tried establishing connection toward the sctp nodeport service from the extra demo system. Here I tried using all the ips from the kubernetes cluster which are accessible from outside cluster.
Tcpdump on kmaster:
Tcpdump on knode1:
[APPROVALNOTIFIER] This PR is APPROVED
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing