xujieasd
commented
6 years ago 676d414 just copy nodeport fix from kube-proxy
however, there still is a problem. because Local IP could be changed.
Since iptables can use 'ADDRTYPE matches dst-type LOCAL', so iptables do not need to know what Exactly ip is. But ipvs need to find out ips and make rules based on these ips.
So, when Local IP changes, proxy do not know Immediately, it will keep the old rules until a syncProxyRules is called
e.g we have a mechine A local ip is
10.19.140.10 dev eth0 scope host src 10.19.140.10
127.0.0.1 dev lo scope host src 127.0.0.1
10.19.140.200 dev virtual scope host src 10.19.140.200
...mechine B local ip is
10.19.140.11 dev eth0 scope host src 10.19.140.11
127.0.0.1 dev lo scope host src 127.0.0.1
...mechine A,B watch each other, when A is down, B local ip will change to
10.19.140.11 dev eth0 scope host src 10.19.140.11
127.0.0.1 dev lo scope host src 127.0.0.1
10.19.140.200 dev virtual scope host src 10.19.140.200
...B need to create ipvs rules based on 10.19.140.200, but proxy do not know this.
so, proxy need to watch Local IP ?
kube-enn-proxy search network interface start with "enp" or "eth", and find ips as nodeport ip. It does not make sense, because interface name can be changed, should consider some other ips as "local ip". iptables use 'ADDRTYPE matches dst-type LOCAL' to handle nodeport access. But ipvs has to make rules for every local ip. so we first need to know which ip is "LOCAL"
kube-proxy 1.9 has a fix for nodeport access, will see how kube-proxy 1.9 handle this.