From a27d660a241616c7aa28c5d06ce76a1e67a0eee7 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 21 Nov 2023 00:27:29 +0000 Subject: [PATCH] Add ServiceLB support for PodHostIPs FeatureGate If the feature-gate is enabled, use status.hostIPs for dual-stack externalTrafficPolicy=Local support Signed-off-by: Brad Davidson --- pkg/cloudprovider/servicelb.go | 25 ++++++++++++++++++++----- scripts/airgap/image-list.txt | 2 +- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/pkg/cloudprovider/servicelb.go b/pkg/cloudprovider/servicelb.go index 8d1cea0739..66b7d39428 100644 --- a/pkg/cloudprovider/servicelb.go +++ b/pkg/cloudprovider/servicelb.go @@ -24,9 +24,11 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" + utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/client-go/util/retry" ccmapp "k8s.io/cloud-provider/app" servicehelper "k8s.io/cloud-provider/service/helpers" + "k8s.io/kubernetes/pkg/features" utilsnet "k8s.io/utils/net" utilpointer "k8s.io/utils/pointer" ) @@ -47,7 +49,7 @@ const ( ) var ( - DefaultLBImage = "rancher/klipper-lb:v0.4.4" + DefaultLBImage = "rancher/klipper-lb:v0.4.5" ) func (k *k3s) Register(ctx context.Context, @@ -435,10 +437,11 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) { name := generateName(svc) oneInt := intstr.FromInt(1) localTraffic := servicehelper.RequestsOnlyLocalTraffic(svc) - sourceRanges, err := servicehelper.GetLoadBalancerSourceRanges(svc) + sourceRangesSet, err := servicehelper.GetLoadBalancerSourceRanges(svc) if err != nil { return nil, err } + sourceRanges := strings.Join(sourceRangesSet.StringSlice(), ",") var sysctls []core.Sysctl for _, ipFamily := range svc.Spec.IPFamilies { @@ -447,6 +450,11 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) { sysctls = append(sysctls, core.Sysctl{Name: "net.ipv4.ip_forward", Value: "1"}) case core.IPv6Protocol: sysctls = append(sysctls, core.Sysctl{Name: "net.ipv6.conf.all.forwarding", Value: "1"}) + // The upstream default load-balancer source range only includes IPv4, even if the service is IPv6-only or dual-stack. + // If using the default range, and IPv6 is enabled, also allow IPv6. + if sourceRanges == "0.0.0.0/0" { + sourceRanges += ",::/0" + } } } @@ -532,7 +540,7 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) { }, { Name: "SRC_RANGES", - Value: strings.Join(sourceRanges.StringSlice(), " "), + Value: sourceRanges, }, { Name: "DEST_PROTO", @@ -558,7 +566,7 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) { Name: "DEST_IPS", ValueFrom: &core.EnvVarSource{ FieldRef: &core.ObjectFieldSelector{ - FieldPath: "status.hostIP", + FieldPath: getHostIPsFieldPath(), }, }, }, @@ -571,7 +579,7 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) { }, core.EnvVar{ Name: "DEST_IPS", - Value: strings.Join(svc.Spec.ClusterIPs, " "), + Value: strings.Join(svc.Spec.ClusterIPs, ","), }, ) } @@ -703,3 +711,10 @@ func ingressToString(ingresses []core.LoadBalancerIngress) []string { } return parts } + +func getHostIPsFieldPath() string { + if utilfeature.DefaultFeatureGate.Enabled(features.PodHostIPs) { + return "status.hostIPs" + } + return "status.hostIP" +} diff --git a/scripts/airgap/image-list.txt b/scripts/airgap/image-list.txt index 2c97f06eb0..dbec92e1e9 100644 --- a/scripts/airgap/image-list.txt +++ b/scripts/airgap/image-list.txt @@ -1,5 +1,5 @@ docker.io/rancher/klipper-helm:v0.8.2-build20230815 -docker.io/rancher/klipper-lb:v0.4.4 +docker.io/rancher/klipper-lb:v0.4.5 docker.io/rancher/local-path-provisioner:v0.0.24 docker.io/rancher/mirrored-coredns-coredns:1.10.1 docker.io/rancher/mirrored-library-busybox:1.36.1