kube-proxy: internal config: add Linux section

Introduce Linux section for internal configuration of kube-proxy
adhering to the v1alpha2 version specifications as detailed in
https://kep.k8s.io/784.

Signed-off-by: Daman Arora <[email protected]>

Author: aroradaman

cmd/kube-proxy/app/options.go

@@ -118,7 +118,7 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
 		"This parameter is ignored if a config file is specified by --config.")
 
 	fs.Int32Var(o.config.IPTables.MasqueradeBit, "iptables-masquerade-bit", ptr.Deref(o.config.IPTables.MasqueradeBit, 14), "If using the iptables or ipvs proxy mode, the bit of the fwmark space to mark packets requiring SNAT with.  Must be within the range [0, 31].")
-	fs.BoolVar(&o.config.IPTables.MasqueradeAll, "masquerade-all", o.config.IPTables.MasqueradeAll, "If using the iptables or ipvs proxy mode, SNAT all traffic sent via Service cluster IPs. This may be required with some CNI plugins.")
+	fs.BoolVar(&o.config.Linux.MasqueradeAll, "masquerade-all", o.config.Linux.MasqueradeAll, "SNAT all traffic sent via Service cluster IPs. This may be required with some CNI plugins. Only supported on Linux.")
 	fs.BoolVar(o.config.IPTables.LocalhostNodePorts, "iptables-localhost-nodeports", ptr.Deref(o.config.IPTables.LocalhostNodePorts, true), "If false, kube-proxy will disable the legacy behavior of allowing NodePort services to be accessed via localhost. (Applies only to iptables mode and IPv4; localhost NodePorts are never allowed with other proxy modes or with IPv6.)")
 	fs.DurationVar(&o.config.IPTables.SyncPeriod.Duration, "iptables-sync-period", o.config.IPTables.SyncPeriod.Duration, "An interval (e.g. '5s', '1m', '2h22m') indicating how frequently various re-synchronizing and cleanup operations are performed. Must be greater than 0.")
 	fs.DurationVar(&o.config.IPTables.MinSyncPeriod.Duration, "iptables-min-sync-period", o.config.IPTables.MinSyncPeriod.Duration, "The minimum period between iptables rule resyncs (e.g. '5s', '1m', '2h22m'). A value of 0 means every Service or EndpointSlice change will result in an immediate iptables resync.")
@@ -141,21 +141,20 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
 	fs.StringSliceVar(&o.config.NodePortAddresses, "nodeport-addresses", o.config.NodePortAddresses,
 		"A list of CIDR ranges that contain valid node IPs, or alternatively, the single string 'primary'. If set to a list of CIDRs, connections to NodePort services will only be accepted on node IPs in one of the indicated ranges. If set to 'primary', NodePort services will only be accepted on the node's primary IP(s) according to the Node object. If unset, NodePort connections will be accepted on all local IPs. This parameter is ignored if a config file is specified by --config.")
 
-	fs.Int32Var(o.config.OOMScoreAdj, "oom-score-adj", ptr.Deref(o.config.OOMScoreAdj, int32(qos.KubeProxyOOMScoreAdj)), "The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]. This parameter is ignored if a config file is specified by --config.")
-	fs.Int32Var(o.config.Conntrack.MaxPerCore, "conntrack-max-per-core", *o.config.Conntrack.MaxPerCore,
+	fs.Int32Var(o.config.Linux.OOMScoreAdj, "oom-score-adj", ptr.Deref(o.config.Linux.OOMScoreAdj, int32(qos.KubeProxyOOMScoreAdj)), "The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]. This parameter is ignored if a config file is specified by --config.")
+	fs.Int32Var(o.config.Linux.Conntrack.MaxPerCore, "conntrack-max-per-core", *o.config.Linux.Conntrack.MaxPerCore,
 		"Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min).")
-	fs.Int32Var(o.config.Conntrack.Min, "conntrack-min", *o.config.Conntrack.Min,
+	fs.Int32Var(o.config.Linux.Conntrack.Min, "conntrack-min", *o.config.Linux.Conntrack.Min,
 		"Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is).")
 
-	fs.DurationVar(&o.config.Conntrack.TCPEstablishedTimeout.Duration, "conntrack-tcp-timeout-established", o.config.Conntrack.TCPEstablishedTimeout.Duration, "Idle timeout for established TCP connections (0 to leave as-is)")
+	fs.DurationVar(&o.config.Linux.Conntrack.TCPEstablishedTimeout.Duration, "conntrack-tcp-timeout-established", o.config.Linux.Conntrack.TCPEstablishedTimeout.Duration, "Idle timeout for established TCP connections (0 to leave as-is)")
 	fs.DurationVar(
-		&o.config.Conntrack.TCPCloseWaitTimeout.Duration, "conntrack-tcp-timeout-close-wait",
-		o.config.Conntrack.TCPCloseWaitTimeout.Duration,
+		&o.config.Linux.Conntrack.TCPCloseWaitTimeout.Duration, "conntrack-tcp-timeout-close-wait",
+		o.config.Linux.Conntrack.TCPCloseWaitTimeout.Duration,
 		"NAT timeout for TCP connections in the CLOSE_WAIT state")
-	fs.BoolVar(&o.config.Conntrack.TCPBeLiberal, "conntrack-tcp-be-liberal", o.config.Conntrack.TCPBeLiberal, "Enable liberal mode for tracking TCP packets by setting nf_conntrack_tcp_be_liberal to 1")
-	fs.DurationVar(&o.config.Conntrack.UDPTimeout.Duration, "conntrack-udp-timeout", o.config.Conntrack.UDPTimeout.Duration, "Idle timeout for UNREPLIED UDP connections (0 to leave as-is)")
-	fs.DurationVar(&o.config.Conntrack.UDPStreamTimeout.Duration, "conntrack-udp-timeout-stream", o.config.Conntrack.UDPStreamTimeout.Duration, "Idle timeout for ASSURED UDP connections (0 to leave as-is)")
-
+	fs.BoolVar(&o.config.Linux.Conntrack.TCPBeLiberal, "conntrack-tcp-be-liberal", o.config.Linux.Conntrack.TCPBeLiberal, "Enable liberal mode for tracking TCP packets by setting nf_conntrack_tcp_be_liberal to 1")
+	fs.DurationVar(&o.config.Linux.Conntrack.UDPTimeout.Duration, "conntrack-udp-timeout", o.config.Linux.Conntrack.UDPTimeout.Duration, "Idle timeout for UNREPLIED UDP connections (0 to leave as-is)")
+	fs.DurationVar(&o.config.Linux.Conntrack.UDPStreamTimeout.Duration, "conntrack-udp-timeout-stream", o.config.Linux.Conntrack.UDPStreamTimeout.Duration, "Idle timeout for ASSURED UDP connections (0 to leave as-is)")
 	fs.DurationVar(&o.config.ConfigSyncPeriod.Duration, "config-sync-period", o.config.ConfigSyncPeriod.Duration, "How often configuration from the apiserver is refreshed.  Must be greater than 0.")
 
 	fs.Int32Var(&o.healthzPort, "healthz-port", o.healthzPort, "The port to bind the health check server. Use 0 to disable.")

cmd/kube-proxy/app/options_test.go

@@ -196,17 +196,20 @@ nodePortAddresses:
 				},
 				ClusterCIDR:      tc.clusterCIDR,
 				ConfigSyncPeriod: metav1.Duration{Duration: 15 * time.Second},
-				Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
-					MaxPerCore:            ptr.To[int32](2),
-					Min:                   ptr.To[int32](1),
-					TCPCloseWaitTimeout:   &metav1.Duration{Duration: 10 * time.Second},
-					TCPEstablishedTimeout: &metav1.Duration{Duration: 20 * time.Second},
+				Linux: kubeproxyconfig.KubeProxyLinuxConfiguration{
+					Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
+						MaxPerCore:            ptr.To[int32](2),
+						Min:                   ptr.To[int32](1),
+						TCPCloseWaitTimeout:   &metav1.Duration{Duration: 10 * time.Second},
+						TCPEstablishedTimeout: &metav1.Duration{Duration: 20 * time.Second},
+					},
+					MasqueradeAll: true,
+					OOMScoreAdj:   ptr.To[int32](17),
 				},
 				FeatureGates:       map[string]bool{},
 				HealthzBindAddress: tc.healthzBindAddress,
 				HostnameOverride:   "foo",
 				IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
-					MasqueradeAll:      true,
 					MasqueradeBit:      ptr.To[int32](17),
 					LocalhostNodePorts: ptr.To(true),
 					MinSyncPeriod:      metav1.Duration{Duration: 10 * time.Second},
@@ -218,14 +221,12 @@ nodePortAddresses:
 					ExcludeCIDRs:  []string{"10.20.30.40/16", "fd00:1::0/64"},
 				},
 				NFTables: kubeproxyconfig.KubeProxyNFTablesConfiguration{
-					MasqueradeAll: true,
 					MasqueradeBit: ptr.To[int32](18),
 					MinSyncPeriod: metav1.Duration{Duration: 10 * time.Second},
 					SyncPeriod:    metav1.Duration{Duration: 60 * time.Second},
 				},
 				MetricsBindAddress: tc.metricsBindAddress,
 				Mode:               kubeproxyconfig.ProxyMode(tc.mode),
-				OOMScoreAdj:        ptr.To[int32](17),
 				PortRange:          "2-7",
 				NodePortAddresses:  []string{"10.20.30.40/16", "fd00:1::0/64"},
 				DetectLocalMode:    kubeproxyconfig.LocalModeClusterCIDR,

cmd/kube-proxy/app/server.go

@@ -493,9 +493,9 @@ func (s *ProxyServer) Run(ctx context.Context) error {
 
 	// TODO(vmarmol): Use container config for this.
 	var oomAdjuster *oom.OOMAdjuster
-	if s.Config.OOMScoreAdj != nil {
+	if s.Config.Linux.OOMScoreAdj != nil {
 		oomAdjuster = oom.NewOOMAdjuster()
-		if err := oomAdjuster.ApplyOOMScoreAdj(0, int(*s.Config.OOMScoreAdj)); err != nil {
+		if err := oomAdjuster.ApplyOOMScoreAdj(0, int(*s.Config.Linux.OOMScoreAdj)); err != nil {
 			logger.V(2).Info("Failed to apply OOMScore", "err", err)
 		}
 	}

cmd/kube-proxy/app/server_linux.go

@@ -180,7 +180,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				exec.New(),
 				config.IPTables.SyncPeriod.Duration,
 				config.IPTables.MinSyncPeriod.Duration,
-				config.IPTables.MasqueradeAll,
+				config.Linux.MasqueradeAll,
 				*config.IPTables.LocalhostNodePorts,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors,
@@ -204,7 +204,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				exec.New(),
 				config.IPTables.SyncPeriod.Duration,
 				config.IPTables.MinSyncPeriod.Duration,
-				config.IPTables.MasqueradeAll,
+				config.Linux.MasqueradeAll,
 				*config.IPTables.LocalhostNodePorts,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors[s.PrimaryIPFamily],
@@ -245,7 +245,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				config.IPVS.TCPTimeout.Duration,
 				config.IPVS.TCPFinTimeout.Duration,
 				config.IPVS.UDPTimeout.Duration,
-				config.IPTables.MasqueradeAll,
+				config.Linux.MasqueradeAll,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors,
 				s.Hostname,
@@ -273,7 +273,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				config.IPVS.TCPTimeout.Duration,
 				config.IPVS.TCPFinTimeout.Duration,
 				config.IPVS.UDPTimeout.Duration,
-				config.IPTables.MasqueradeAll,
+				config.Linux.MasqueradeAll,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors[s.PrimaryIPFamily],
 				s.Hostname,
@@ -297,7 +297,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				ctx,
 				config.NFTables.SyncPeriod.Duration,
 				config.NFTables.MinSyncPeriod.Duration,
-				config.NFTables.MasqueradeAll,
+				config.Linux.MasqueradeAll,
 				int(*config.NFTables.MasqueradeBit),
 				localDetectors,
 				s.Hostname,
@@ -315,7 +315,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				s.PrimaryIPFamily,
 				config.NFTables.SyncPeriod.Duration,
 				config.NFTables.MinSyncPeriod.Duration,
-				config.NFTables.MasqueradeAll,
+				config.Linux.MasqueradeAll,
 				int(*config.NFTables.MasqueradeBit),
 				localDetectors[s.PrimaryIPFamily],
 				s.Hostname,
@@ -338,7 +338,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 func (s *ProxyServer) setupConntrack(ctx context.Context) error {
 	ct := &realConntracker{}
 
-	max, err := getConntrackMax(ctx, s.Config.Conntrack)
+	max, err := getConntrackMax(ctx, s.Config.Linux.Conntrack)
 	if err != nil {
 		return err
 	}
@@ -361,35 +361,35 @@ func (s *ProxyServer) setupConntrack(ctx context.Context) error {
 		}
 	}
 
-	if s.Config.Conntrack.TCPEstablishedTimeout != nil && s.Config.Conntrack.TCPEstablishedTimeout.Duration > 0 {
-		timeout := int(s.Config.Conntrack.TCPEstablishedTimeout.Duration / time.Second)
+	if s.Config.Linux.Conntrack.TCPEstablishedTimeout != nil && s.Config.Linux.Conntrack.TCPEstablishedTimeout.Duration > 0 {
+		timeout := int(s.Config.Linux.Conntrack.TCPEstablishedTimeout.Duration / time.Second)
 		if err := ct.SetTCPEstablishedTimeout(ctx, timeout); err != nil {
 			return err
 		}
 	}
 
-	if s.Config.Conntrack.TCPCloseWaitTimeout != nil && s.Config.Conntrack.TCPCloseWaitTimeout.Duration > 0 {
-		timeout := int(s.Config.Conntrack.TCPCloseWaitTimeout.Duration / time.Second)
+	if s.Config.Linux.Conntrack.TCPCloseWaitTimeout != nil && s.Config.Linux.Conntrack.TCPCloseWaitTimeout.Duration > 0 {
+		timeout := int(s.Config.Linux.Conntrack.TCPCloseWaitTimeout.Duration / time.Second)
 		if err := ct.SetTCPCloseWaitTimeout(ctx, timeout); err != nil {
 			return err
 		}
 	}
 
-	if s.Config.Conntrack.TCPBeLiberal {
+	if s.Config.Linux.Conntrack.TCPBeLiberal {
 		if err := ct.SetTCPBeLiberal(ctx, 1); err != nil {
 			return err
 		}
 	}
 
-	if s.Config.Conntrack.UDPTimeout.Duration > 0 {
-		timeout := int(s.Config.Conntrack.UDPTimeout.Duration / time.Second)
+	if s.Config.Linux.Conntrack.UDPTimeout.Duration > 0 {
+		timeout := int(s.Config.Linux.Conntrack.UDPTimeout.Duration / time.Second)
 		if err := ct.SetUDPTimeout(ctx, timeout); err != nil {
 			return err
 		}
 	}
 
-	if s.Config.Conntrack.UDPStreamTimeout.Duration > 0 {
-		timeout := int(s.Config.Conntrack.UDPStreamTimeout.Duration / time.Second)
+	if s.Config.Linux.Conntrack.UDPStreamTimeout.Duration > 0 {
+		timeout := int(s.Config.Linux.Conntrack.UDPStreamTimeout.Duration / time.Second)
 		if err := ct.SetUDPStreamTimeout(ctx, timeout); err != nil {
 			return err
 		}

pkg/proxy/apis/config/fuzzer/fuzzer.go

@@ -35,17 +35,17 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
 			c.FuzzNoCustom(obj)
 			obj.BindAddress = fmt.Sprintf("%d.%d.%d.%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256))
 			obj.ClientConnection.ContentType = c.RandString()
-			obj.Conntrack.MaxPerCore = ptr.To(c.Int31())
-			obj.Conntrack.Min = ptr.To(c.Int31())
-			obj.Conntrack.TCPCloseWaitTimeout = &metav1.Duration{Duration: time.Duration(c.Int63()) * time.Hour}
-			obj.Conntrack.TCPEstablishedTimeout = &metav1.Duration{Duration: time.Duration(c.Int63()) * time.Hour}
+			obj.Linux.Conntrack.MaxPerCore = ptr.To(c.Int31())
+			obj.Linux.Conntrack.Min = ptr.To(c.Int31())
+			obj.Linux.Conntrack.TCPCloseWaitTimeout = &metav1.Duration{Duration: time.Duration(c.Int63()) * time.Hour}
+			obj.Linux.Conntrack.TCPEstablishedTimeout = &metav1.Duration{Duration: time.Duration(c.Int63()) * time.Hour}
 			obj.FeatureGates = map[string]bool{c.RandString(): true}
 			obj.HealthzBindAddress = fmt.Sprintf("%d.%d.%d.%d:%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(65536))
 			obj.IPTables.MasqueradeBit = ptr.To(c.Int31())
 			obj.IPTables.LocalhostNodePorts = ptr.To(c.RandBool())
 			obj.NFTables.MasqueradeBit = ptr.To(c.Int31())
 			obj.MetricsBindAddress = fmt.Sprintf("%d.%d.%d.%d:%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(65536))
-			obj.OOMScoreAdj = ptr.To(c.Int31())
+			obj.Linux.OOMScoreAdj = ptr.To(c.Int31())
 			obj.ClientConnection.ContentType = "bar"
 			obj.NodePortAddresses = []string{"1.2.3.0/24"}
 			if obj.Logging.Format == "" {

pkg/proxy/apis/config/types.go

@@ -22,6 +22,19 @@ import (
 	logsapi "k8s.io/component-base/logs/api/v1"
 )
 
+// KubeProxyLinuxConfiguration contains Linux platform related configuration details for the
+// Kubernetes proxy server that aren't specific to a particular backend.
+type KubeProxyLinuxConfiguration struct {
+	// conntrack contains conntrack-related configuration options.
+	Conntrack KubeProxyConntrackConfiguration
+	// masqueradeAll tells kube-proxy to SNAT all traffic sent to Service cluster IPs. This may
+	// be required with some CNI plugins.
+	MasqueradeAll bool
+	// oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within
+	// the range [-1000, 1000]
+	OOMScoreAdj *int32
+}
+
 // KubeProxyWindowsConfiguration contains Windows platform related configuration details for the
 // Kubernetes proxy server that aren't specific to a particular backend
 type KubeProxyWindowsConfiguration struct {
@@ -35,10 +48,6 @@ type KubeProxyIPTablesConfiguration struct {
 	// masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using
 	// the iptables or ipvs proxy mode. Values must be within the range [0, 31].
 	MasqueradeBit *int32
-	// masqueradeAll tells kube-proxy to SNAT all traffic sent to Service cluster IPs,
-	// when using the iptables or ipvs proxy mode. This may be required with some CNI
-	// plugins.
-	MasqueradeAll bool
 	// localhostNodePorts, if false, tells kube-proxy to disable the legacy behavior
 	// of allowing NodePort services to be accessed via localhost. (Applies only to
 	// iptables mode and IPv4; localhost NodePorts are never allowed with other proxy
@@ -90,9 +99,6 @@ type KubeProxyNFTablesConfiguration struct {
 	// masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using
 	// the nftables proxy mode. Values must be within the range [0, 31].
 	MasqueradeBit *int32
-	// masqueradeAll tells kube-proxy to SNAT all traffic sent to Service cluster IPs,
-	// when using the nftables mode. This may be required with some CNI plugins.
-	MasqueradeAll bool
 	// syncPeriod is an interval (e.g. '5s', '1m', '2h22m') indicating how frequently
 	// various re-synchronizing and cleanup operations are performed. Must be greater
 	// than 0.
@@ -172,6 +178,9 @@ type DetectLocalConfiguration struct {
 type KubeProxyConfiguration struct {
 	metav1.TypeMeta
 
+	// linux contains Linux-related configuration options.
+	Linux KubeProxyLinuxConfiguration
+
 	// windows contains Windows-related configuration options.
 	Windows KubeProxyWindowsConfiguration
 
@@ -242,11 +251,6 @@ type KubeProxyConfiguration struct {
 	// object. If unset, NodePort connections will be accepted on all local IPs.
 	NodePortAddresses []string
 
-	// oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within
-	// the range [-1000, 1000]
-	OOMScoreAdj *int32
-	// conntrack contains conntrack-related configuration options.
-	Conntrack KubeProxyConntrackConfiguration
 	// configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
 	// than 0.
 	ConfigSyncPeriod metav1.Duration

pkg/proxy/apis/config/v1alpha1/conversion.go

@@ -28,6 +28,14 @@ func Convert_config_KubeProxyConfiguration_To_v1alpha1_KubeProxyConfiguration(in
 		return err
 	}
 	out.WindowsRunAsService = in.Windows.RunAsService
+	out.Conntrack = v1alpha1.KubeProxyConntrackConfiguration(in.Linux.Conntrack)
+	out.OOMScoreAdj = in.Linux.OOMScoreAdj
+	switch in.Mode {
+	case config.ProxyModeNFTables:
+		out.NFTables.MasqueradeAll = in.Linux.MasqueradeAll
+	default:
+		out.IPTables.MasqueradeAll = in.Linux.MasqueradeAll
+	}
 	return nil
 }
 
@@ -37,5 +45,23 @@ func Convert_v1alpha1_KubeProxyConfiguration_To_config_KubeProxyConfiguration(in
 		return err
 	}
 	out.Windows.RunAsService = in.WindowsRunAsService
+	out.Linux.Conntrack = config.KubeProxyConntrackConfiguration(in.Conntrack)
+	out.Linux.OOMScoreAdj = in.OOMScoreAdj
+	switch config.ProxyMode(in.Mode) {
+	case config.ProxyModeNFTables:
+		out.Linux.MasqueradeAll = in.NFTables.MasqueradeAll
+	default:
+		out.Linux.MasqueradeAll = in.IPTables.MasqueradeAll
+	}
 	return nil
 }
+
+// Convert_v1alpha1_KubeProxyIPTablesConfiguration_To_config_KubeProxyIPTablesConfiguration is defined here, because public conversion is not auto-generated due to existing warnings.
+func Convert_v1alpha1_KubeProxyIPTablesConfiguration_To_config_KubeProxyIPTablesConfiguration(in *v1alpha1.KubeProxyIPTablesConfiguration, out *config.KubeProxyIPTablesConfiguration, scope conversion.Scope) error {
+	return autoConvert_v1alpha1_KubeProxyIPTablesConfiguration_To_config_KubeProxyIPTablesConfiguration(in, out, scope)
+}
+
+// Convert_v1alpha1_KubeProxyNFTablesConfiguration_To_config_KubeProxyNFTablesConfiguration is defined here, because public conversion is not auto-generated due to existing warnings.
+func Convert_v1alpha1_KubeProxyNFTablesConfiguration_To_config_KubeProxyNFTablesConfiguration(in *v1alpha1.KubeProxyNFTablesConfiguration, out *config.KubeProxyNFTablesConfiguration, scope conversion.Scope) error {
+	return autoConvert_v1alpha1_KubeProxyNFTablesConfiguration_To_config_KubeProxyNFTablesConfiguration(in, out, scope)
+}