kubernetesk8s.io/kubernetes/pkg/proxy/util Index | Files | Directories

package util

import "k8s.io/kubernetes/pkg/proxy/util"

Index

Constants 

const (
	// IPv4ZeroCIDR is the CIDR block for the whole IPv4 address space
	IPv4ZeroCIDR = "0.0.0.0/0"

	// IPv6ZeroCIDR is the CIDR block for the whole IPv6 address space
	IPv6ZeroCIDR = "::/0"

	// FullSyncPeriod is iptables and nftables proxier full sync period
	FullSyncPeriod = 1 * time.Hour
)

Variables 

var MaxAttemptsEINTR = wait.Backoff{Steps: 5}
var ShouldRetryOnEINTR = func(err error) bool { return errors.Is(err, unix.EINTR) }

Functions

func AddressSet 

func AddressSet(isValid func(ip net.IP) bool, addrs []net.Addr) sets.Set[string]

AddressSet validates the addresses in the slice using the "isValid" function. Addresses that pass the validation are returned as a string Set.

func AppendPortIfNeeded 

func AppendPortIfNeeded(addr string, port int32) string

AppendPortIfNeeded appends the given port to IP address unless it is already in "ipv4:port" or "[ipv6]:port" format.

func EnsureSysctl 

func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error

EnsureSysctl sets a kernel sysctl to a given numeric value.

func GetClusterIPByFamily 

func GetClusterIPByFamily(ipFamily v1.IPFamily, service *v1.Service) string

GetClusterIPByFamily returns a service clusterip by family

func GetIPFamilyFromIP 

func GetIPFamilyFromIP(ip net.IP) v1.IPFamily

GetIPFamilyFromIP Returns the IP family of ipStr, or IPFamilyUnknown if ipStr can't be parsed as an IP

func IPPart 

func IPPart(s string) string

IPPart returns just the IP part of an IP or IP:port or endpoint string. If the IP part is an IPv6 address enclosed in brackets (e.g. "[fd00:1::5]:9999"), then the brackets are stripped as well.

func IsVIPMode 

func IsVIPMode(ing v1.LoadBalancerIngress) bool

func IsZeroCIDR 

func IsZeroCIDR(cidr string) bool

IsZeroCIDR checks whether the input CIDR string is either the IPv4 or IPv6 zero CIDR

func MapCIDRsByIPFamily 

func MapCIDRsByIPFamily(cidrsStrings []string) map[v1.IPFamily][]*net.IPNet

MapCIDRsByIPFamily maps a slice of CIDRs to their respective IP families (v4 or v6)

func MapIPsByIPFamily 

func MapIPsByIPFamily(ipStrings []string) map[v1.IPFamily][]net.IP

MapIPsByIPFamily maps a slice of IPs to their respective IP families (v4 or v6)

func OtherIPFamily 

func OtherIPFamily(ipFamily v1.IPFamily) v1.IPFamily

OtherIPFamily returns the other ip family

func ShouldSkipService 

func ShouldSkipService(service *v1.Service) bool

ShouldSkipService checks if a given service should skip proxying

Types

type LineBuffer 

type LineBuffer interface {
	// Write takes a list of arguments, each a string or []string, joins all the
	// individual strings with spaces, terminates with newline, and writes them to the
	// buffer. Any other argument type will panic.
	Write(args ...interface{})

	// WriteBytes writes bytes to the buffer, and terminates with newline.
	WriteBytes(bytes []byte)

	// Reset clears the buffer
	Reset()

	// Bytes returns the contents of the buffer as a []byte
	Bytes() []byte

	// String returns the contents of the buffer as a string
	String() string

	// Lines returns the number of lines in the buffer. Note that more precisely, this
	// returns the number of times Write() or WriteBytes() was called; it assumes that
	// you never wrote any newlines to the buffer yourself.
	Lines() int
}

LineBuffer is an interface for writing lines of input to a bytes.Buffer

func NewDiscardLineBuffer 

func NewDiscardLineBuffer() LineBuffer

NewDiscardLineBuffer returns a dummy LineBuffer that counts the number of writes but throws away the data. (This is used for iptables proxy partial syncs, to keep track of how many rules we managed to avoid having to sync.)

func NewLineBuffer 

func NewLineBuffer() LineBuffer

NewLineBuffer returns a new "real" LineBuffer

type LocalTrafficDetector 

type LocalTrafficDetector interface {
	// IsImplemented returns true if the implementation does something, false
	// otherwise. You should not call the other methods if IsImplemented() returns
	// false.
	IsImplemented() bool

	// IfLocal returns iptables arguments that will match traffic from a local pod.
	IfLocal() []string

	// IfNotLocal returns iptables arguments that will match traffic that is not from
	// a local pod.
	IfNotLocal() []string

	// IfLocalNFT returns nftables arguments that will match traffic from a local pod.
	IfLocalNFT() []string

	// IfNotLocalNFT returns nftables arguments that will match traffic that is not
	// from a local pod.
	IfNotLocalNFT() []string
}

LocalTrafficDetector generates iptables or nftables rules to detect traffic from local pods.

func NewDetectLocalByBridgeInterface 

func NewDetectLocalByBridgeInterface(interfaceName string) LocalTrafficDetector

NewDetectLocalByBridgeInterface returns a LocalTrafficDetector that considers traffic from interfaceName to be from a local pod, and traffic from other interfaces to be non-local.

func NewDetectLocalByCIDR 

func NewDetectLocalByCIDR(cidr string) LocalTrafficDetector

NewDetectLocalByCIDR returns a LocalTrafficDetector that considers traffic from the provided cidr to be from a local pod, and other traffic to be non-local. cidr is assumed to be valid.

func NewDetectLocalByInterfaceNamePrefix 

func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) LocalTrafficDetector

NewDetectLocalByInterfaceNamePrefix returns a LocalTrafficDetector that considers traffic from interfaces starting with interfacePrefix to be from a local pod, and traffic from other interfaces to be non-local.

func NewNoOpLocalDetector 

func NewNoOpLocalDetector() LocalTrafficDetector

NewNoOpLocalDetector returns a no-op implementation of LocalTrafficDetector.

type NetworkInterfacer 

type NetworkInterfacer interface {
	InterfaceAddrs() ([]net.Addr, error)
}

NetworkInterfacer defines an interface for several net library functions. Production code will forward to net library functions, and unit tests will override the methods for testing purposes.

type NodePortAddresses 

type NodePortAddresses struct {
	// contains filtered or unexported fields
}

NodePortAddresses is used to handle the --nodeport-addresses flag

func NewNodePortAddresses 

func NewNodePortAddresses(family v1.IPFamily, cidrStrings []string) *NodePortAddresses

NewNodePortAddresses takes an IP family and the `--nodeport-addresses` value (which is assumed to contain only valid CIDRs, potentially of both IP families) and returns a NodePortAddresses object for the given family. If there are no CIDRs of the given family then the CIDR "0.0.0.0/0" or "::/0" will be added (even if there are CIDRs of the other family).

func (*NodePortAddresses) ContainsIPv4Loopback 

func (npa *NodePortAddresses) ContainsIPv4Loopback() bool

ContainsIPv4Loopback returns true if npa's CIDRs contain an IPv4 loopback address.

func (*NodePortAddresses) GetNodeIPs 

func (npa *NodePortAddresses) GetNodeIPs(nw NetworkInterfacer) ([]net.IP, error)

GetNodeIPs return all matched node IP addresses for npa's CIDRs. If no matching IPs are found, it returns an empty list. NetworkInterfacer is injected for test purpose.

func (*NodePortAddresses) MatchAll 

func (npa *NodePortAddresses) MatchAll() bool

MatchAll returns true if npa matches all node IPs (of npa's given family)

func (*NodePortAddresses) String 

func (npa *NodePortAddresses) String() string

type RealNetwork 

type RealNetwork struct{}

RealNetwork implements the NetworkInterfacer interface for production code, just wrapping the underlying net library function calls.

func (RealNetwork) InterfaceAddrs 

func (RealNetwork) InterfaceAddrs() ([]net.Addr, error)

InterfaceAddrs wraps net.InterfaceAddrs(), it's a part of NetworkInterfacer interface.

Source Files

endpoints.go linebuffer.go localdetector.go network.go nodeport_addresses.go utils.go utils_linux.go

Directories

PathSynopsis
pkg/proxy/util/nfacct
pkg/proxy/util/testing
Version
v1.33.0 (latest)
Published
Apr 23, 2025
Platform
linux/amd64
Imports
17 packages
Last checked
3 hours ago

Tools for package owners.