Move conntrack sysctl setup from cmd/kube-proxy/ to pkg/proxy/conntrack/

Eventually this code will be called from the backends themselves.
2026-06-11 01:41:54 -04:00 · 2025-09-15 12:52:53 -04:00 · 2025-09-15 12:52:53 -04:00 · fe84ab85f1
commit fe84ab85f1
parent d8a481a696
3 changed files with 11 additions and 8 deletions
--- a/cmd/kube-proxy/app/server_linux.go
+++ b/cmd/kube-proxy/app/server_linux.go
@ -32,6 +32,7 @@ import (
 	"k8s.io/klog/v2"
 	"k8s.io/kubernetes/pkg/proxy"
 	proxyconfigapi "k8s.io/kubernetes/pkg/proxy/apis/config"
+	"k8s.io/kubernetes/pkg/proxy/conntrack"
 	"k8s.io/kubernetes/pkg/proxy/iptables"
 	"k8s.io/kubernetes/pkg/proxy/ipvs"
 	utilipset "k8s.io/kubernetes/pkg/proxy/ipvs/ipset"
@ -64,10 +65,8 @@ func (o *Options) platformApplyDefaults(config *proxyconfigapi.KubeProxyConfigur
 // Proxier. It should fill in any platform-specific fields and perform other
 // platform-specific setup.
 func (s *ProxyServer) platformSetup(ctx context.Context) error {
-	ct := &realConntrackConfigurer{}
-	err := setupConntrack(ctx, ct, &s.Config.Linux.Conntrack)
-	if err != nil {
-		return err
+	if err := conntrack.SetSysctls(ctx, &s.Config.Linux.Conntrack); err != nil {
+		return fmt.Errorf("could not set conntrack parameters from kube-proxy configuration: %w", err)
 	}

 	return nil
--- a/cmd/kube-proxy/app/conntrack.go
+++ b/cmd/kube-proxy/app/conntrack.go
@ -17,7 +17,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package app
+package conntrack

 import (
 	"context"
@ -35,6 +35,10 @@ import (
 	proxyconfigapi "k8s.io/kubernetes/pkg/proxy/apis/config"
 )

+func SetSysctls(ctx context.Context, config *proxyconfigapi.KubeProxyConntrackConfiguration) error {
+	return setSysctls(ctx, realConntrackConfigurer{}, config)
+}
+
 // conntrackConfigurer is a mockable interface for setting conntrack sysctls.
 //
 // Descriptions of the various sysctl fields can be found here:
@ -54,7 +58,7 @@ type conntrackConfigurer interface {
 	SetUDPStreamTimeout(ctx context.Context, seconds int) error
 }

-func setupConntrack(ctx context.Context, ct conntrackConfigurer, config *proxyconfigapi.KubeProxyConntrackConfiguration) error {
+func setSysctls(ctx context.Context, ct conntrackConfigurer, config *proxyconfigapi.KubeProxyConntrackConfiguration) error {
 	max, err := getConntrackMax(ctx, config)
 	if err != nil {
 		return err
--- a/cmd/kube-proxy/app/conntrack_test.go
+++ b/cmd/kube-proxy/app/conntrack_test.go
@ -17,7 +17,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package app
+package conntrack

 import (
 	"context"
@ -226,7 +226,7 @@ func TestSetupConntrack(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			fc := &fakeConntracker{err: test.conntrackErr}
-			err := setupConntrack(ctx, fc, &test.config)
+			err := setSysctls(ctx, fc, &test.config)
 			if test.wantErr && err == nil {
 				t.Errorf("Test %q: Expected error, got nil", test.name)
 			}