466 remove setupebtables option

Author: Luigi Bitonti

Dockerfile.node-cache

@@ -13,7 +13,6 @@
 # limitations under the License.
 
 FROM ARG_FROM_IPT
-RUN update-alternatives --set ebtables /usr/sbin/ebtables-legacy
 ADD bin/ARG_ARCH/ARG_BIN /ARG_BIN
 EXPOSE 53 53/udp
 EXPOSE 53 53/tcp

cmd/node-cache/app/cache_app.go

@@ -16,7 +16,6 @@ import (
 	utiliptables "k8s.io/kubernetes/pkg/util/iptables"
 	utilexec "k8s.io/utils/exec"
 	utilnet "k8s.io/utils/net"
-	utilebtables "k8s.io/utils/net/ebtables"
 )
 
 // ConfigParams lists the configuration options that can be provided to node-cache
@@ -35,7 +34,6 @@ type ConfigParams struct {
 	UpstreamSvcName      string        // Name of the service whose clusterIP is the upstream for node-cache for cluster domain
 	HealthPort           string        // port for the healthcheck
 	SetupIptables        bool
-	SetupEbtables        bool
 	SkipTeardown         bool // Indicates whether the iptables rules and interface should be torn down
 }
 
@@ -45,18 +43,10 @@ type iptablesRule struct {
 	args  []string
 }
 
-type ebtablesRule struct {
-	table utilebtables.Table
-	chain utilebtables.Chain
-	args  []string
-}
-
 // CacheApp contains all the config required to run node-cache.
 type CacheApp struct {
 	iptables      utiliptables.Interface
 	iptablesRules []iptablesRule
-	ebtables      utilebtables.Interface
-	ebtablesRules []ebtablesRule
 	params        *ConfigParams
 	netifHandle   *netif.NetifManager
 	kubednsConfig *options.KubeDNSConfig
@@ -76,9 +66,6 @@ func (c *CacheApp) Init() {
 	if c.params.SetupIptables {
 		c.initIptables()
 	}
-	if c.params.SetupEbtables {
-		c.initEbtables()
-	}
 	initMetrics(c.params.MetricsListenAddress)
 	// Write the config file from template.
 	// this is required in case there is no or erroneous kube-dns configpath specified.
@@ -153,27 +140,6 @@ func newIPTables(isIPv6 bool) utiliptables.Interface {
 	return utiliptables.New(execer, dbus, protocol)
 }
 
-func (c *CacheApp) initEbtables() {
-	protocol := "IPv4"
-	if c.isIPv6() {
-		protocol = "IPv6"
-	}
-	// using the localIPStr param since we need ip strings here
-	for _, localIP := range strings.Split(c.params.LocalIPStr, ",") {
-		c.ebtablesRules = append(c.ebtablesRules, []ebtablesRule{
-			// Match traffic destined for localIp and use the MAC address of the bridge port as destination address
-			{utilebtables.TableBroute, utilebtables.ChainBrouting, []string{"-p", protocol, "--ip-dst", localIP,
-				"-j", "redirect"}},
-		}...)
-	}
-	c.ebtables = newEBTables()
-}
-
-func newEBTables() utilebtables.Interface {
-	execer := utilexec.New()
-	return utilebtables.New(execer)
-}
-
 // TeardownNetworking removes all custom iptables rules and network interface added by node-cache
 func (c *CacheApp) TeardownNetworking() error {
 	clog.Infof("Tearing down")
@@ -196,17 +162,6 @@ func (c *CacheApp) TeardownNetworking() error {
 			// Delete the rule one last time since EnsureRule creates the rule if it doesn't exist
 			c.iptables.DeleteRule(rule.table, rule.chain, rule.args...)
 		}
-		if c.params.SetupEbtables {
-			for _, rule := range c.ebtablesRules {
-				exists := true
-				for exists == true {
-					c.ebtables.DeleteRule(rule.table, rule.chain, rule.args...)
-					exists, _ = c.ebtables.EnsureRule(utilebtables.Append, rule.table, rule.chain, rule.args...)
-				}
-				// Delete the rule one last time since EnsureRule creates the rule if it doesn't exist
-				c.ebtables.DeleteRule(rule.table, rule.chain, rule.args...)
-			}
-		}
 	}
 	return err
 }
@@ -234,25 +189,6 @@ func (c *CacheApp) setupNetworking() {
 		}
 	}
 
-	if c.params.SetupEbtables {
-		for _, rule := range c.ebtablesRules {
-			exists, err := c.ebtables.EnsureRule(utilebtables.Append, rule.table, rule.chain, rule.args...)
-			switch {
-			case exists:
-				// debug messages can be printed by including "debug" plugin in coreFile.
-				clog.Debugf("ebtables rule %v for nodelocaldns already exists", rule)
-				continue
-			case err == nil:
-				clog.Infof("Added back ebtables rule - %v", rule)
-				continue
-				// if we got here, either ebtables check failed or adding rule back failed.
-			default:
-				clog.Errorf("Error adding ebtables rule %v - %s", rule, err)
-				setupErrCount.WithLabelValues("ebtables").Inc()
-			}
-		}
-	}
-
 	if c.params.SetupInterface {
 		exists, err := c.netifHandle.EnsureDummyDevice(c.params.InterfaceName)
 		if !exists {

cmd/node-cache/main.go

@@ -69,7 +69,6 @@ func parseAndValidateFlags() (*app.ConfigParams, error) {
 	flag.DurationVar(&params.Interval, "syncinterval", 60, "interval(in seconds) to check for iptables rules")
 	flag.StringVar(&params.MetricsListenAddress, "metrics-listen-address", "0.0.0.0:9353", "address to serve metrics on")
 	flag.BoolVar(&params.SetupIptables, "setupiptables", true, "indicates whether iptables rules should be setup")
-	flag.BoolVar(&params.SetupEbtables, "setupebtables", false, "indicates whether ebtables rules should be setup")
 	flag.StringVar(&params.BaseCoreFile, "basecorefile", "/etc/coredns/Corefile.base", "Path to the template Corefile for node-cache")
 	flag.StringVar(&params.CoreFile, "corefile", "/etc/Corefile", "Path to the Corefile to be used by node-cache")
 	flag.StringVar(&params.KubednsCMPath, "kubednscm", "", "Path where the kube-dns configmap will be mounted")