mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-02-19 02:38:07 -05:00
fix(kube-proxy) avoid add zero-masked loadBalancerSourceRanges to ipset
Signed-off-by: roc <roc@imroc.cc>
This commit is contained in:
roc
parent
033ffc73d6
commit
bfa33b18a0
4 changed files with 15 additions and 7 deletions
|
|
@ -19,6 +19,7 @@ package proxy
|
|||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"slices"
|
||||
"strings"
|
||||
|
||||
v1 "k8s.io/api/core/v1"
|
||||
|
|
@ -205,7 +206,12 @@ func newBaseServiceInfo(service *v1.Service, ipFamily v1.IPFamily, port *v1.Serv
|
|||
}
|
||||
|
||||
cidrFamilyMap := proxyutil.MapCIDRsByIPFamily(loadBalancerSourceRanges)
|
||||
info.loadBalancerSourceRanges = cidrFamilyMap[ipFamily]
|
||||
cidrs := cidrFamilyMap[ipFamily]
|
||||
// zero-masked cidr means "allow any", which same as the empty loadBalancerSourceRanges.
|
||||
if slices.ContainsFunc(cidrs, proxyutil.IsZeroCIDR) {
|
||||
cidrs = []*net.IPNet{}
|
||||
}
|
||||
info.loadBalancerSourceRanges = cidrs
|
||||
|
||||
// Filter Load Balancer Ingress IPs to correct IP family. While proxying load
|
||||
// balancers might choose to proxy connections from an LB IP of one family to a
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ func NewNodePortAddresses(family v1.IPFamily, cidrStrings []string) *NodePortAdd
|
|||
}
|
||||
}
|
||||
|
||||
if IsZeroCIDR(str) {
|
||||
if IsZeroCIDR(cidr) {
|
||||
// Ignore everything else
|
||||
npa.cidrs = []*net.IPNet{cidr}
|
||||
npa.matchAll = true
|
||||
|
|
|
|||
|
|
@ -45,11 +45,12 @@ const (
|
|||
|
||||
// IsZeroCIDR checks whether the input CIDR string is either
|
||||
// the IPv4 or IPv6 zero CIDR
|
||||
func IsZeroCIDR(cidr string) bool {
|
||||
if cidr == IPv4ZeroCIDR || cidr == IPv6ZeroCIDR {
|
||||
return true
|
||||
func IsZeroCIDR(cidr *net.IPNet) bool {
|
||||
if cidr == nil {
|
||||
return false
|
||||
}
|
||||
return false
|
||||
prefixLen, _ := cidr.Mask.Size()
|
||||
return prefixLen == 0
|
||||
}
|
||||
|
||||
// ShouldSkipService checks if a given service should skip proxying
|
||||
|
|
|
|||
|
|
@ -682,7 +682,8 @@ func TestIsZeroCIDR(t *testing.T) {
|
|||
}
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if got := IsZeroCIDR(tc.input); tc.expected != got {
|
||||
_, cidr, _ := netutils.ParseCIDRSloppy(tc.input)
|
||||
if got := IsZeroCIDR(cidr); tc.expected != got {
|
||||
t.Errorf("IsZeroCIDR() = %t, want %t", got, tc.expected)
|
||||
}
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in a new issue