Clarify hostname vs node name in kube-proxy

Various parts of kube-proxy passed around a "hostname", but it is
actually the name of the *node* kube-proxy is running on, which is not
100% guaranteed to be exactly the same as the hostname. Rename it
everywhere to make it clearer that (a) it is definitely safe to use
that name to refer to the Node, (b) it is not necessarily safe to use
that name with DNS, etc.

Author: danwinship

cmd/kube-proxy/app/server.go

@@ -168,7 +168,7 @@ type ProxyServer struct {
 	Recorder        events.EventRecorder
 	NodeRef         *v1.ObjectReference
 	HealthzServer   *healthcheck.ProxyHealthServer
-	Hostname        string
+	NodeName        string
 	PrimaryIPFamily v1.IPFamily
 	NodeIPs         map[v1.IPFamily]net.IP
 	flagz           flagz.Reader
@@ -197,7 +197,7 @@ func newProxyServer(ctx context.Context, config *kubeproxyconfig.KubeProxyConfig
 		metrics.SetShowHidden()
 	}
 
-	s.Hostname, err = nodeutil.GetHostname(config.HostnameOverride)
+	s.NodeName, err = nodeutil.GetHostname(config.HostnameOverride)
 	if err != nil {
 		return nil, err
 	}
@@ -207,7 +207,7 @@ func newProxyServer(ctx context.Context, config *kubeproxyconfig.KubeProxyConfig
 		return nil, err
 	}
 
-	rawNodeIPs := getNodeIPs(ctx, s.Client, s.Hostname)
+	rawNodeIPs := getNodeIPs(ctx, s.Client, s.NodeName)
 	s.PrimaryIPFamily, s.NodeIPs = detectNodeIPs(ctx, rawNodeIPs, config.BindAddress)
 
 	if len(config.NodePortAddresses) == 1 && config.NodePortAddresses[0] == kubeproxyconfig.NodePortAddressesPrimary {
@@ -226,8 +226,8 @@ func newProxyServer(ctx context.Context, config *kubeproxyconfig.KubeProxyConfig
 
 	s.NodeRef = &v1.ObjectReference{
 		Kind:      "Node",
-		Name:      s.Hostname,
-		UID:       types.UID(s.Hostname),
+		Name:      s.NodeName,
+		UID:       types.UID(s.NodeName),
 		Namespace: "",
 	}
 

cmd/kube-proxy/app/server_linux.go

@@ -81,8 +81,8 @@ func (o *Options) platformApplyDefaults(config *proxyconfigapi.KubeProxyConfigur
 func (s *ProxyServer) platformSetup(ctx context.Context) error {
 	logger := klog.FromContext(ctx)
 	if s.Config.DetectLocalMode == proxyconfigapi.LocalModeNodeCIDR {
-		logger.Info("Watching for node, awaiting podCIDR allocation", "hostname", s.Hostname)
-		node, err := waitForPodCIDR(ctx, s.Client, s.Hostname)
+		logger.Info("Watching for node, awaiting podCIDR allocation", "node", s.NodeName)
+		node, err := waitForPodCIDR(ctx, s.Client, s.NodeName)
 		if err != nil {
 			return err
 		}
@@ -157,7 +157,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				*config.IPTables.LocalhostNodePorts,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors,
-				s.Hostname,
+				s.NodeName,
 				s.NodeIPs,
 				s.Recorder,
 				s.HealthzServer,
@@ -179,7 +179,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				*config.IPTables.LocalhostNodePorts,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors[s.PrimaryIPFamily],
-				s.Hostname,
+				s.NodeName,
 				s.NodeIPs[s.PrimaryIPFamily],
 				s.Recorder,
 				s.HealthzServer,
@@ -217,7 +217,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				config.Linux.MasqueradeAll,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors,
-				s.Hostname,
+				s.NodeName,
 				s.NodeIPs,
 				s.Recorder,
 				s.HealthzServer,
@@ -243,7 +243,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				config.Linux.MasqueradeAll,
 				int(*config.IPTables.MasqueradeBit),
 				localDetectors[s.PrimaryIPFamily],
-				s.Hostname,
+				s.NodeName,
 				s.NodeIPs[s.PrimaryIPFamily],
 				s.Recorder,
 				s.HealthzServer,
@@ -267,7 +267,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				config.Linux.MasqueradeAll,
 				int(*config.NFTables.MasqueradeBit),
 				localDetectors,
-				s.Hostname,
+				s.NodeName,
 				s.NodeIPs,
 				s.Recorder,
 				s.HealthzServer,
@@ -285,7 +285,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 				config.Linux.MasqueradeAll,
 				int(*config.NFTables.MasqueradeBit),
 				localDetectors[s.PrimaryIPFamily],
-				s.Hostname,
+				s.NodeName,
 				s.NodeIPs[s.PrimaryIPFamily],
 				s.Recorder,
 				s.HealthzServer,

cmd/kube-proxy/app/server_linux_test.go

@@ -703,7 +703,7 @@ func TestProxyServer_platformSetup(t *testing.T) {
 			s := &ProxyServer{
 				Config:   tt.config,
 				Client:   client,
-				Hostname: "nodename",
+				NodeName: "nodename",
 				NodeIPs: map[v1.IPFamily]net.IP{
 					v1.IPv4Protocol: netutils.ParseIPSloppy("127.0.0.1"),
 					v1.IPv6Protocol: net.IPv6zero,

cmd/kube-proxy/app/server_windows.go

@@ -93,7 +93,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 		proxier, err = winkernel.NewDualStackProxier(
 			config.SyncPeriod.Duration,
 			config.MinSyncPeriod.Duration,
-			s.Hostname,
+			s.NodeName,
 			s.NodeIPs,
 			s.Recorder,
 			s.HealthzServer,
@@ -105,7 +105,7 @@ func (s *ProxyServer) createProxier(ctx context.Context, config *proxyconfigapi.
 			s.PrimaryIPFamily,
 			config.SyncPeriod.Duration,
 			config.MinSyncPeriod.Duration,
-			s.Hostname,
+			s.NodeName,
 			s.NodeIPs[s.PrimaryIPFamily],
 			s.Recorder,
 			s.HealthzServer,

pkg/proxy/endpointschangetracker.go

@@ -59,7 +59,7 @@ type makeEndpointFunc func(info *BaseEndpointInfo, svcPortName *ServicePortName)
 type processEndpointsMapChangeFunc func(oldEndpointsMap, newEndpointsMap EndpointsMap)
 
 // NewEndpointsChangeTracker initializes an EndpointsChangeTracker
-func NewEndpointsChangeTracker(ipFamily v1.IPFamily, hostname string, makeEndpointInfo makeEndpointFunc, processEndpointsMapChange processEndpointsMapChangeFunc) *EndpointsChangeTracker {
+func NewEndpointsChangeTracker(ipFamily v1.IPFamily, nodeName string, makeEndpointInfo makeEndpointFunc, processEndpointsMapChange processEndpointsMapChangeFunc) *EndpointsChangeTracker {
 	addressType := discovery.AddressTypeIPv4
 	if ipFamily == v1.IPv6Protocol {
 		addressType = discovery.AddressTypeIPv6
@@ -70,7 +70,7 @@ func NewEndpointsChangeTracker(ipFamily v1.IPFamily, hostname string, makeEndpoi
 		lastChangeTriggerTimes:    make(map[types.NamespacedName][]time.Time),
 		trackerStartTime:          time.Now(),
 		processEndpointsMapChange: processEndpointsMapChange,
-		endpointSliceCache:        NewEndpointSliceCache(hostname, makeEndpointInfo),
+		endpointSliceCache:        NewEndpointSliceCache(nodeName, makeEndpointInfo),
 	}
 }
 

pkg/proxy/endpointslicecache.go

@@ -43,7 +43,7 @@ type EndpointSliceCache struct {
 	trackerByServiceMap map[types.NamespacedName]*endpointSliceTracker
 
 	makeEndpointInfo makeEndpointFunc
-	hostname         string
+	nodeName         string
 }
 
 // endpointSliceTracker keeps track of EndpointSlices as they have been applied
@@ -65,13 +65,13 @@ type endpointSliceData struct {
 }
 
 // NewEndpointSliceCache initializes an EndpointSliceCache.
-func NewEndpointSliceCache(hostname string, makeEndpointInfo makeEndpointFunc) *EndpointSliceCache {
+func NewEndpointSliceCache(nodeName string, makeEndpointInfo makeEndpointFunc) *EndpointSliceCache {
 	if makeEndpointInfo == nil {
 		makeEndpointInfo = standardEndpointInfo
 	}
 	return &EndpointSliceCache{
 		trackerByServiceMap: map[types.NamespacedName]*endpointSliceTracker{},
-		hostname:            hostname,
+		nodeName:            nodeName,
 		makeEndpointInfo:    makeEndpointInfo,
 	}
 }
@@ -233,8 +233,8 @@ func (cache *EndpointSliceCache) addEndpoints(svcPortName *ServicePortName, port
 	return endpointSet
 }
 
-func (cache *EndpointSliceCache) isLocal(hostname string) bool {
-	return len(cache.hostname) > 0 && hostname == cache.hostname
+func (cache *EndpointSliceCache) isLocal(nodeName string) bool {
+	return len(cache.nodeName) > 0 && nodeName == cache.nodeName
 }
 
 // esDataChanged returns true if the esData parameter should be set as a new

pkg/proxy/healthcheck/service_health.go

@@ -57,7 +57,7 @@ type proxyHealthChecker interface {
 	Health() ProxyHealth
 }
 
-func newServiceHealthServer(hostname string, recorder events.EventRecorder, listener listener, factory httpServerFactory, nodePortAddresses *proxyutil.NodePortAddresses, healthzServer proxyHealthChecker) ServiceHealthServer {
+func newServiceHealthServer(nodeName string, recorder events.EventRecorder, listener listener, factory httpServerFactory, nodePortAddresses *proxyutil.NodePortAddresses, healthzServer proxyHealthChecker) ServiceHealthServer {
 	// It doesn't matter whether we listen on "0.0.0.0", "::", or ""; go
 	// treats them all the same.
 	nodeIPs := []net.IP{net.IPv4zero}
@@ -72,7 +72,7 @@ func newServiceHealthServer(hostname string, recorder events.EventRecorder, list
 	}
 
 	return &server{
-		hostname:      hostname,
+		nodeName:      nodeName,
 		recorder:      recorder,
 		listener:      listener,
 		httpFactory:   factory,
@@ -83,12 +83,12 @@ func newServiceHealthServer(hostname string, recorder events.EventRecorder, list
 }
 
 // NewServiceHealthServer allocates a new service healthcheck server manager
-func NewServiceHealthServer(hostname string, recorder events.EventRecorder, nodePortAddresses *proxyutil.NodePortAddresses, healthzServer proxyHealthChecker) ServiceHealthServer {
-	return newServiceHealthServer(hostname, recorder, stdNetListener{}, stdHTTPServerFactory{}, nodePortAddresses, healthzServer)
+func NewServiceHealthServer(nodeName string, recorder events.EventRecorder, nodePortAddresses *proxyutil.NodePortAddresses, healthzServer proxyHealthChecker) ServiceHealthServer {
+	return newServiceHealthServer(nodeName, recorder, stdNetListener{}, stdHTTPServerFactory{}, nodePortAddresses, healthzServer)
 }
 
 type server struct {
-	hostname string
+	nodeName string
 	// node addresses where health check port will listen on
 	nodeIPs     []net.IP
 	recorder    events.EventRecorder // can be nil
@@ -131,7 +131,7 @@ func (hcs *server) SyncServices(newServices map[types.NamespacedName]uint16) err
 		err := svc.listenAndServeAll(hcs)
 
 		if err != nil {
-			msg := fmt.Sprintf("node %s failed to start healthcheck %q on port %d: %v", hcs.hostname, nsn.String(), port, err)
+			msg := fmt.Sprintf("node %s failed to start healthcheck %q on port %d: %v", hcs.nodeName, nsn.String(), port, err)
 
 			if hcs.recorder != nil {
 				hcs.recorder.Eventf(
@@ -142,7 +142,7 @@ func (hcs *server) SyncServices(newServices map[types.NamespacedName]uint16) err
 						UID:       types.UID(nsn.String()),
 					}, nil, api.EventTypeWarning, "FailedToStartServiceHealthcheck", "Listen", msg)
 			}
-			klog.ErrorS(err, "Failed to start healthcheck", "node", hcs.hostname, "service", nsn, "port", port)
+			klog.ErrorS(err, "Failed to start healthcheck", "node", hcs.nodeName, "service", nsn, "port", port)
 			continue
 		}
 		hcs.services[nsn] = svc

pkg/proxy/iptables/proxier.go

@@ -102,7 +102,7 @@ func NewDualStackProxier(
 	localhostNodePorts bool,
 	masqueradeBit int,
 	localDetectors map[v1.IPFamily]proxyutil.LocalTrafficDetector,
-	hostname string,
+	nodeName string,
 	nodeIPs map[v1.IPFamily]net.IP,
 	recorder events.EventRecorder,
 	healthzServer *healthcheck.ProxyHealthServer,
@@ -112,15 +112,15 @@ func NewDualStackProxier(
 	// Create an ipv4 instance of the single-stack proxier
 	ipv4Proxier, err := NewProxier(ctx, v1.IPv4Protocol, ipts[v1.IPv4Protocol], sysctl,
 		syncPeriod, minSyncPeriod, masqueradeAll, localhostNodePorts, masqueradeBit,
-		localDetectors[v1.IPv4Protocol], hostname, nodeIPs[v1.IPv4Protocol],
+		localDetectors[v1.IPv4Protocol], nodeName, nodeIPs[v1.IPv4Protocol],
 		recorder, healthzServer, nodePortAddresses, initOnly)
 	if err != nil {
 		return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err)
 	}
 
 	ipv6Proxier, err := NewProxier(ctx, v1.IPv6Protocol, ipts[v1.IPv6Protocol], sysctl,
 		syncPeriod, minSyncPeriod, masqueradeAll, false, masqueradeBit,
-		localDetectors[v1.IPv6Protocol], hostname, nodeIPs[v1.IPv6Protocol],
+		localDetectors[v1.IPv6Protocol], nodeName, nodeIPs[v1.IPv6Protocol],
 		recorder, healthzServer, nodePortAddresses, initOnly)
 	if err != nil {
 		return nil, fmt.Errorf("unable to create ipv6 proxier: %v", err)
@@ -166,7 +166,7 @@ type Proxier struct {
 	conntrack      conntrack.Interface
 	nfacct         nfacct.Interface
 	localDetector  proxyutil.LocalTrafficDetector
-	hostname       string
+	nodeName       string
 	nodeIP         net.IP
 
 	serviceHealthServer healthcheck.ServiceHealthServer
@@ -224,7 +224,7 @@ func NewProxier(ctx context.Context,
 	localhostNodePorts bool,
 	masqueradeBit int,
 	localDetector proxyutil.LocalTrafficDetector,
-	hostname string,
+	nodeName string,
 	nodeIP net.IP,
 	recorder events.EventRecorder,
 	healthzServer *healthcheck.ProxyHealthServer,
@@ -265,7 +265,7 @@ func NewProxier(ctx context.Context,
 	masqueradeMark := fmt.Sprintf("%#08x", masqueradeValue)
 	logger.V(2).Info("Using iptables mark for masquerade", "mark", masqueradeMark)
 
-	serviceHealthServer := healthcheck.NewServiceHealthServer(hostname, recorder, nodePortAddresses, healthzServer)
+	serviceHealthServer := healthcheck.NewServiceHealthServer(nodeName, recorder, nodePortAddresses, healthzServer)
 	nfacctRunner, err := nfacct.New()
 	if err != nil {
 		logger.Error(err, "Failed to create nfacct runner, nfacct based metrics won't be available")
@@ -276,7 +276,7 @@ func NewProxier(ctx context.Context,
 		svcPortMap:               make(proxy.ServicePortMap),
 		serviceChanges:           proxy.NewServiceChangeTracker(ipFamily, newServiceInfo, nil),
 		endpointsMap:             make(proxy.EndpointsMap),
-		endpointsChanges:         proxy.NewEndpointsChangeTracker(ipFamily, hostname, newEndpointInfo, nil),
+		endpointsChanges:         proxy.NewEndpointsChangeTracker(ipFamily, nodeName, newEndpointInfo, nil),
 		needFullSync:             true,
 		syncPeriod:               syncPeriod,
 		iptables:                 ipt,
@@ -285,7 +285,7 @@ func NewProxier(ctx context.Context,
 		conntrack:                conntrack.New(),
 		nfacct:                   nfacctRunner,
 		localDetector:            localDetector,
-		hostname:                 hostname,
+		nodeName:                 nodeName,
 		nodeIP:                   nodeIP,
 		serviceHealthServer:      serviceHealthServer,
 		healthzServer:            healthzServer,
@@ -615,9 +615,9 @@ func (proxier *Proxier) OnEndpointSlicesSynced() {
 // OnNodeAdd is called whenever creation of new node object
 // is observed.
 func (proxier *Proxier) OnNodeAdd(node *v1.Node) {
-	if node.Name != proxier.hostname {
+	if node.Name != proxier.nodeName {
 		proxier.logger.Error(nil, "Received a watch event for a node that doesn't match the current node",
-			"eventNode", node.Name, "currentNode", proxier.hostname)
+			"eventNode", node.Name, "currentNode", proxier.nodeName)
 		return
 	}
 
@@ -640,9 +640,9 @@ func (proxier *Proxier) OnNodeAdd(node *v1.Node) {
 // OnNodeUpdate is called whenever modification of an existing
 // node object is observed.
 func (proxier *Proxier) OnNodeUpdate(oldNode, node *v1.Node) {
-	if node.Name != proxier.hostname {
+	if node.Name != proxier.nodeName {
 		proxier.logger.Error(nil, "Received a watch event for a node that doesn't match the current node",
-			"eventNode", node.Name, "currentNode", proxier.hostname)
+			"eventNode", node.Name, "currentNode", proxier.nodeName)
 		return
 	}
 
@@ -665,9 +665,9 @@ func (proxier *Proxier) OnNodeUpdate(oldNode, node *v1.Node) {
 // OnNodeDelete is called whenever deletion of an existing node
 // object is observed.
 func (proxier *Proxier) OnNodeDelete(node *v1.Node) {
-	if node.Name != proxier.hostname {
+	if node.Name != proxier.nodeName {
 		proxier.logger.Error(nil, "Received a watch event for a node that doesn't match the current node",
-			"eventNode", node.Name, "currentNode", proxier.hostname)
+			"eventNode", node.Name, "currentNode", proxier.nodeName)
 		return
 	}