vendor updates

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/BUILD

@@ -12,20 +12,19 @@ go_test(
         "ipset_test.go",
         "proxier_test.go",
     ],
-    importpath = "k8s.io/kubernetes/pkg/proxy/ipvs",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
     deps = [
         "//pkg/apis/core:go_default_library",
         "//pkg/proxy:go_default_library",
         "//pkg/proxy/ipvs/testing:go_default_library",
         "//pkg/proxy/util:go_default_library",
+        "//pkg/proxy/util/testing:go_default_library",
         "//pkg/util/ipset:go_default_library",
         "//pkg/util/ipset/testing:go_default_library",
         "//pkg/util/iptables:go_default_library",
         "//pkg/util/iptables/testing:go_default_library",
         "//pkg/util/ipvs:go_default_library",
         "//pkg/util/ipvs/testing:go_default_library",
-        "//vendor/github.com/davecgh/go-spew/spew:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
@@ -40,42 +39,69 @@ go_library(
     srcs = [
         "ipset.go",
         "netlink.go",
-        "netlink_unsupported.go",
         "proxier.go",
     ] + select({
-        "@io_bazel_rules_go//go/platform:linux_amd64": [
+        "@io_bazel_rules_go//go/platform:android": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:darwin": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:dragonfly": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:freebsd": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:linux": [
             "netlink_linux.go",
         ],
+        "@io_bazel_rules_go//go/platform:nacl": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:netbsd": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:openbsd": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:plan9": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:solaris": [
+            "netlink_unsupported.go",
+        ],
+        "@io_bazel_rules_go//go/platform:windows": [
+            "netlink_unsupported.go",
+        ],
         "//conditions:default": [],
     }),
     importpath = "k8s.io/kubernetes/pkg/proxy/ipvs",
     deps = [
-        "//pkg/api/service:go_default_library",
         "//pkg/apis/core:go_default_library",
-        "//pkg/apis/core/helper:go_default_library",
-        "//pkg/features:go_default_library",
         "//pkg/proxy:go_default_library",
         "//pkg/proxy/healthcheck:go_default_library",
         "//pkg/proxy/metrics:go_default_library",
         "//pkg/proxy/util:go_default_library",
         "//pkg/util/async:go_default_library",
+        "//pkg/util/conntrack:go_default_library",
         "//pkg/util/ipset:go_default_library",
         "//pkg/util/iptables:go_default_library",
         "//pkg/util/ipvs:go_default_library",
+        "//pkg/util/net:go_default_library",
         "//pkg/util/sysctl:go_default_library",
         "//pkg/util/version:go_default_library",
         "//vendor/github.com/golang/glog:go_default_library",
         "//vendor/k8s.io/api/core/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library",
         "//vendor/k8s.io/client-go/tools/record:go_default_library",
         "//vendor/k8s.io/utils/exec:go_default_library",
     ] + select({
-        "@io_bazel_rules_go//go/platform:linux_amd64": [
+        "@io_bazel_rules_go//go/platform:linux": [
             "//vendor/github.com/vishvananda/netlink:go_default_library",
+            "//vendor/golang.org/x/sys/unix:go_default_library",
         ],
         "//conditions:default": [],
     }),

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/OWNERS

@@ -0,0 +1,8 @@
+reviewers:
+- thockin
+- brendandburns
+- m1093782566
+approvers:
+- thockin
+- brendandburns
+- m1093782566

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/README.md

@@ -8,60 +8,41 @@ This document shows how to use kube-proxy ipvs mode.
 Linux kernel.
 
 IPVS runs on a host and acts as a load balancer in front of a cluster of real servers. IPVS can direct requests for TCP
-and UDP-based services to the real servers, and make services of real servers appear as irtual services on a single IP address.
+and UDP-based services to the real servers, and make services of real servers appear as virtual services on a single IP address.
 
-## How to use
+## Run kube-proxy in ipvs mode
 
-#### Load IPVS kernel modules
+Currently, local-up scripts and kubeadm support switching IPVS proxy mode via exporting environment variables or specifying flags.
 
-Currently the IPVS kernel module can't be loaded automatically, so first we should use the following command to load IPVS kernel
-modules manually.
-
-```shell
-modprobe ip_vs
-modprobe ip_vs_rr
-modprobe ip_vs_wrr
-modprobe ip_vs_sh
-modprobe nf_conntrack_ipv4
-```
-
-After that, use `lsmod | grep ip_vs` to make sure kernel modules are loaded.
-
-#### Run kube-proxy in ipvs mode
-
-#### Local UP Cluster
+### Local UP Cluster
 
 Kube-proxy will run in iptables mode by default in a [local-up cluster](https://github.com/kubernetes/community/blob/master/contributors/devel/running-locally.md). 
 
-Users should export the env `KUBEPROXY_MODE=ipvs` to specify the ipvs mode before deploying the cluster if want to run kube-proxy in ipvs mode.
+Users should export the env `KUBE_PROXY_MODE=ipvs` to specify the ipvs mode before deploying the cluster if want to run kube-proxy in ipvs mode.
 
-#### Cluster Created by Kubeadm
+### Cluster Created by Kubeadm
 
 Kube-proxy will run in iptables mode by default in a cluster deployed by [kubeadm](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/). 
 
-Since IPVS mode is still feature-gated, users should add the flag `--feature-gates=SupportIPVSProxyMode=true` in `kubeadm init` command
-
-```
-kubeadm init --feature-gates=SupportIPVSProxyMode=true
-```
-
-to specify the ipvs mode before deploying the cluster if want to run kube-proxy in ipvs mode.
-
-If you are using kubeadm with a configuration file, you can specify the ipvs mode adding `SupportIPVSProxyMode: true` below the `featureGates` field.
+If you are using kubeadm with a [configuration file](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file), you can specify the ipvs mode adding `SupportIPVSProxyMode: true` below the `kubeProxy` field.
 Then the configuration file is similar to:
 
 ```json
 kind: MasterConfiguration
 apiVersion: kubeadm.k8s.io/v1alpha1
 ...
-featureGates:
-  SupportIPVSProxyMode: true
+kubeProxy:
+  config:
+    featureGates: SupportIPVSProxyMode=true
+    mode: ipvs
 ...
 ```
 
-#### Test
+## Debug
 
-Use `ipvsadm` tool to test whether the kube-proxy start succeed. By default we may get result like:
+### Check IPVS proxy rules
+
+People can use `ipvsadm` tool to check whether kube-proxy are maintaining IPVS rules correctly. For example, we may get IPVS proxy rules like:
 
 ```shell
 # ipvsadm -ln
@@ -73,3 +54,29 @@ TCP  10.0.0.1:443 rr persistent 10800
 TCP  10.0.0.10:53 rr      
 UDP  10.0.0.10:53 rr
 ```
+
+### Why kube-proxy can't start IPVS mode
+
+People can do the following check list step by step:
+
+**1. Enable IPVS feature gateway**
+
+Currently IPVS-based kube-proxy is still in alpha phase, people need to enable `--feature-gates=SupportIPVSProxyMode=true` explicitly.
+
+**2. Specify proxy-mode=ipvs**
+
+Tell kube-proxy that proxy-mode=ipvs, please.
+
+**3. Load ipvs required kernel modules**
+
+The following kernel modules are required by IPVS-based kube-proxy:
+
+```shell
+ip_vs
+ip_vs_rr
+ip_vs_wrr
+ip_vs_sh
+nf_conntrack_ipv4
+```
+
+IPVS-based kube-proxy will load them automatically. If it fails to load them, please check whether they are compiled into your kernel.

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/ipset.go

@@ -89,6 +89,10 @@ func NewIPSet(handle utilipset.Interface, name string, setType utilipset.Type, i
 	return set
 }
 
+func (set *IPSet) validateEntry(entry *utilipset.Entry) bool {
+	return entry.Validate(&set.IPSet)
+}
+
 func (set *IPSet) isEmpty() bool {
 	return len(set.activeEntries.UnsortedList()) == 0
 }
@@ -114,14 +118,16 @@ func (set *IPSet) syncIPSetEntries() {
 		// Clean legacy entries
 		for _, entry := range currentIPSetEntries.Difference(set.activeEntries).List() {
 			if err := set.handle.DelEntry(entry, set.Name); err != nil {
-				glog.Errorf("Failed to delete ip set entry: %s from ip set: %s, error: %v", entry, set.Name, err)
+				if !utilipset.IsNotFoundError(err) {
+					glog.Errorf("Failed to delete ip set entry: %s from ip set: %s, error: %v", entry, set.Name, err)
+				}
 			} else {
 				glog.V(3).Infof("Successfully delete legacy ip set entry: %s from ip set: %s", entry, set.Name)
 			}
 		}
 		// Create active entries
 		for _, entry := range set.activeEntries.Difference(currentIPSetEntries).List() {
-			if err := set.handle.AddEntry(entry, set.Name, true); err != nil {
+			if err := set.handle.AddEntry(entry, &set.IPSet, true); err != nil {
 				glog.Errorf("Failed to add entry: %v to ip set: %s, error: %v", entry, set.Name, err)
 			} else {
 				glog.V(3).Infof("Successfully add entry: %v to ip set: %s", entry, set.Name)

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/ipset_test.go

@@ -18,6 +18,9 @@ package ipvs
 
 import (
 	"testing"
+
+	utilipset "k8s.io/kubernetes/pkg/util/ipset"
+	fakeipset "k8s.io/kubernetes/pkg/util/ipset/testing"
 )
 
 func TestCheckIPSetVersion(t *testing.T) {
@@ -47,3 +50,157 @@ func TestCheckIPSetVersion(t *testing.T) {
 		}
 	}
 }
+
+const testIPSetVersion = "v6.19"
+
+func TestSyncIPSetEntries(t *testing.T) {
+	testCases := []struct {
+		set             *utilipset.IPSet
+		setType         utilipset.Type
+		ipv6            bool
+		activeEntries   []string
+		currentEntries  []string
+		expectedEntries []string
+	}{
+		{ // case 0
+			set: &utilipset.IPSet{
+				Name: "foo",
+			},
+			setType:         utilipset.HashIPPort,
+			ipv6:            false,
+			activeEntries:   []string{"172.17.0.4,tcp:80"},
+			currentEntries:  nil,
+			expectedEntries: []string{"172.17.0.4,tcp:80"},
+		},
+		{ // case 1
+			set: &utilipset.IPSet{
+				Name: "abz",
+			},
+			setType:         utilipset.HashIPPort,
+			ipv6:            true,
+			activeEntries:   []string{"FE80::0202:B3FF:FE1E:8329,tcp:80"},
+			currentEntries:  []string{"FE80::0202:B3FF:FE1E:8329,tcp:80"},
+			expectedEntries: []string{"FE80::0202:B3FF:FE1E:8329,tcp:80"},
+		},
+		{ // case 2
+			set: &utilipset.IPSet{
+				Name: "bca",
+			},
+			setType:         utilipset.HashIPPort,
+			ipv6:            false,
+			activeEntries:   []string{"172.17.0.4,tcp:80", "172.17.0.5,tcp:80"},
+			currentEntries:  []string{"172.17.0.5,udp:53"},
+			expectedEntries: []string{"172.17.0.4,tcp:80", "172.17.0.5,tcp:80"},
+		},
+		{ // case 3
+			set: &utilipset.IPSet{
+				Name: "bar",
+			},
+			setType:         utilipset.HashIPPortIP,
+			ipv6:            false,
+			activeEntries:   []string{"172.17.0.4,tcp:80:172.17.0.4"},
+			currentEntries:  []string{"172.17.0.4,tcp:80:172.17.0.4"},
+			expectedEntries: []string{"172.17.0.4,tcp:80:172.17.0.4"},
+		},
+		{ // case 4
+			set: &utilipset.IPSet{
+				Name: "baz",
+			},
+			setType:         utilipset.HashIPPortIP,
+			ipv6:            true,
+			activeEntries:   []string{"FE80:0000:0000:0000:0202:B3FF:FE1E:8329,tcp:8080:FE80:0000:0000:0000:0202:B3FF:FE1E:8329"},
+			currentEntries:  []string{"1111:0000:0000:0000:0202:B3FF:FE1E:8329,tcp:8081:1111:0000:0000:0000:0202:B3FF:FE1E:8329:8081"},
+			expectedEntries: []string{"FE80:0000:0000:0000:0202:B3FF:FE1E:8329,tcp:8080:FE80:0000:0000:0000:0202:B3FF:FE1E:8329"},
+		},
+		{ // case 5
+			set: &utilipset.IPSet{
+				Name: "NOPE",
+			},
+			setType:         utilipset.HashIPPortIP,
+			ipv6:            false,
+			activeEntries:   []string{"172.17.0.4,tcp:80,172.17.0.9", "172.17.0.5,tcp:80,172.17.0.10"},
+			currentEntries:  nil,
+			expectedEntries: []string{"172.17.0.4,tcp:80,172.17.0.9", "172.17.0.5,tcp:80,172.17.0.10"},
+		},
+		{ // case 6
+			set: &utilipset.IPSet{
+				Name: "ABC-DEF",
+			},
+			setType:         utilipset.HashIPPortNet,
+			ipv6:            false,
+			activeEntries:   []string{"172.17.0.4,tcp:80,172.17.0.0/16", "172.17.0.5,tcp:80,172.17.0.0/16"},
+			currentEntries:  nil,
+			expectedEntries: []string{"172.17.0.4,tcp:80,172.17.0.0/16", "172.17.0.5,tcp:80,172.17.0.0/16"},
+		},
+		{ // case 7
+			set: &utilipset.IPSet{
+				Name: "zar",
+			},
+			setType:         utilipset.HashIPPortNet,
+			ipv6:            true,
+			activeEntries:   []string{"FE80::8329,tcp:8800,2001:db8::/32"},
+			currentEntries:  []string{"FE80::8329,tcp:8800,2001:db8::/32"},
+			expectedEntries: []string{"FE80::8329,tcp:8800,2001:db8::/32"},
+		},
+		{ // case 8
+			set: &utilipset.IPSet{
+				Name: "bbb",
+			},
+			setType:         utilipset.HashIPPortNet,
+			ipv6:            true,
+			activeEntries:   nil,
+			currentEntries:  []string{"FE80::8329,udp:8801,2001:db8::/32"},
+			expectedEntries: nil,
+		},
+		{ // case 9
+			set: &utilipset.IPSet{
+				Name: "AAA",
+			},
+			setType:         utilipset.BitmapPort,
+			activeEntries:   nil,
+			currentEntries:  []string{"80"},
+			expectedEntries: nil,
+		},
+		{ // case 10
+			set: &utilipset.IPSet{
+				Name: "c-c-c",
+			},
+			setType:         utilipset.BitmapPort,
+			activeEntries:   []string{"8080", "9090"},
+			currentEntries:  []string{"80"},
+			expectedEntries: []string{"8080", "9090"},
+		},
+		{ // case 11
+			set: &utilipset.IPSet{
+				Name: "NODE-PORT",
+			},
+			setType:         utilipset.BitmapPort,
+			activeEntries:   []string{"8080"},
+			currentEntries:  []string{"80", "9090", "8081", "8082"},
+			expectedEntries: []string{"8080"},
+		},
+	}
+
+	for i := range testCases {
+		set := NewIPSet(fakeipset.NewFake(testIPSetVersion), testCases[i].set.Name, testCases[i].setType, testCases[i].ipv6)
+
+		if err := set.handle.CreateSet(&set.IPSet, true); err != nil {
+			t.Errorf("Unexpected error: %v", err)
+		}
+		for _, entry := range testCases[i].expectedEntries {
+			set.handle.AddEntry(entry, testCases[i].set, true)
+		}
+
+		set.activeEntries.Insert(testCases[i].activeEntries...)
+		set.syncIPSetEntries()
+		for _, entry := range testCases[i].expectedEntries {
+			found, err := set.handle.TestEntry(entry, testCases[i].set.Name)
+			if err != nil {
+				t.Errorf("Unexpected error: %v", err)
+			}
+			if !found {
+				t.Errorf("Unexpected entry 172.17.0.4,tcp:80 not found in set foo")
+			}
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink.go

@@ -16,14 +16,21 @@ limitations under the License.
 
 package ipvs
 
+import (
+	"k8s.io/apimachinery/pkg/util/sets"
+)
+
 // NetLinkHandle for revoke netlink interface
 type NetLinkHandle interface {
-	// EnsureAddressBind checks if address is bound to the interface and, if not, binds it. If the address is already bound, return true.
+	// EnsureAddressBind checks if address is bound to the interface and, if not, binds it.  If the address is already bound, return true.
 	EnsureAddressBind(address, devName string) (exist bool, err error)
 	// UnbindAddress unbind address from the interface
 	UnbindAddress(address, devName string) error
-	// EnsureDummyDevice checks if dummy device is exist and, if not, create one. If the dummy device is already exist, return true.
+	// EnsureDummyDevice checks if dummy device is exist and, if not, create one.  If the dummy device is already exist, return true.
 	EnsureDummyDevice(devName string) (exist bool, err error)
 	// DeleteDummyDevice deletes the given dummy device by name.
 	DeleteDummyDevice(devName string) error
+	// GetLocalAddresses returns all unique local type IP addresses based on filter device interface.  If filter device is not given,
+	// it will list all unique local type addresses.
+	GetLocalAddresses(filterDev string) (sets.String, error)
 }

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_linux.go

@@ -21,16 +21,18 @@ package ipvs
 import (
 	"fmt"
 	"net"
-	"syscall"
+
+	"k8s.io/apimachinery/pkg/util/sets"
 
 	"github.com/vishvananda/netlink"
+	"golang.org/x/sys/unix"
 )
 
 type netlinkHandle struct {
 	netlink.Handle
 }
 
-// NewNetLinkHandle will crate a new netlinkHandle
+// NewNetLinkHandle will crate a new NetLinkHandle
 func NewNetLinkHandle() NetLinkHandle {
 	return &netlinkHandle{netlink.Handle{}}
 }
@@ -47,7 +49,7 @@ func (h *netlinkHandle) EnsureAddressBind(address, devName string) (exist bool,
 	}
 	if err := h.AddrAdd(dev, &netlink.Addr{IPNet: netlink.NewIPNet(addr)}); err != nil {
 		// "EEXIST" will be returned if the address is already bound to device
-		if err == syscall.Errno(syscall.EEXIST) {
+		if err == unix.EEXIST {
 			return true, nil
 		}
 		return false, fmt.Errorf("error bind address: %s to interface: %s, err: %v", address, devName, err)
@@ -55,7 +57,7 @@ func (h *netlinkHandle) EnsureAddressBind(address, devName string) (exist bool,
 	return false, nil
 }
 
-// UnbindAddress unbind address from the interface
+// UnbindAddress makes sure IP address is unbound from the network interface.
 func (h *netlinkHandle) UnbindAddress(address, devName string) error {
 	dev, err := h.LinkByName(devName)
 	if err != nil {
@@ -66,7 +68,9 @@ func (h *netlinkHandle) UnbindAddress(address, devName string) error {
 		return fmt.Errorf("error parse ip address: %s", address)
 	}
 	if err := h.AddrDel(dev, &netlink.Addr{IPNet: netlink.NewIPNet(addr)}); err != nil {
-		return fmt.Errorf("error unbind address: %s from interface: %s, err: %v", address, devName, err)
+		if err != unix.ENXIO {
+			return fmt.Errorf("error unbind address: %s from interface: %s, err: %v", address, devName, err)
+		}
 	}
 	return nil
 }
@@ -88,7 +92,11 @@ func (h *netlinkHandle) EnsureDummyDevice(devName string) (bool, error) {
 func (h *netlinkHandle) DeleteDummyDevice(devName string) error {
 	link, err := h.LinkByName(devName)
 	if err != nil {
-		return fmt.Errorf("error deleting a non-exist dummy device: %s", devName)
+		_, ok := err.(netlink.LinkNotFoundError)
+		if ok {
+			return nil
+		}
+		return fmt.Errorf("error deleting a non-exist dummy device: %s, %v", devName, err)
 	}
 	dummy, ok := link.(*netlink.Dummy)
 	if !ok {
@@ -96,3 +104,59 @@ func (h *netlinkHandle) DeleteDummyDevice(devName string) error {
 	}
 	return h.LinkDel(dummy)
 }
+
+// GetLocalAddresses lists all LOCAL type IP addresses from host based on filter device.
+// If filter device is not specified, it's equivalent to exec:
+// $ ip route show table local type local proto kernel
+// 10.0.0.1 dev kube-ipvs0  scope host  src 10.0.0.1
+// 10.0.0.10 dev kube-ipvs0  scope host  src 10.0.0.10
+// 10.0.0.252 dev kube-ipvs0  scope host  src 10.0.0.252
+// 100.106.89.164 dev eth0  scope host  src 100.106.89.164
+// 127.0.0.0/8 dev lo  scope host  src 127.0.0.1
+// 127.0.0.1 dev lo  scope host  src 127.0.0.1
+// 172.17.0.1 dev docker0  scope host  src 172.17.0.1
+// 192.168.122.1 dev virbr0  scope host  src 192.168.122.1
+// Then cut the unique src IP fields,
+// --> result set: [10.0.0.1, 10.0.0.10, 10.0.0.252, 100.106.89.164, 127.0.0.1, 192.168.122.1]
+
+// If filter device is specified, it's equivalent to exec:
+// $ ip route show table local type local proto kernel dev kube-ipvs0
+// 10.0.0.1  scope host  src 10.0.0.1
+// 10.0.0.10  scope host  src 10.0.0.10
+// Then cut the unique src IP fields,
+// --> result set: [10.0.0.1, 10.0.0.10]
+func (h *netlinkHandle) GetLocalAddresses(filterDev string) (sets.String, error) {
+	linkIndex := -1
+	if len(filterDev) != 0 {
+		link, err := h.LinkByName(filterDev)
+		if err != nil {
+			return nil, fmt.Errorf("error get filter device %s, err: %v", filterDev, err)
+		}
+		linkIndex = link.Attrs().Index
+	}
+
+	routeFilter := &netlink.Route{
+		Table:    unix.RT_TABLE_LOCAL,
+		Type:     unix.RTN_LOCAL,
+		Protocol: unix.RTPROT_KERNEL,
+	}
+	filterMask := netlink.RT_FILTER_TABLE | netlink.RT_FILTER_TYPE | netlink.RT_FILTER_PROTOCOL
+
+	// find filter device
+	if linkIndex != -1 {
+		routeFilter.LinkIndex = linkIndex
+		filterMask |= netlink.RT_FILTER_OIF
+	}
+
+	routes, err := h.RouteListFiltered(netlink.FAMILY_ALL, routeFilter, filterMask)
+	if err != nil {
+		return nil, fmt.Errorf("error list route table, err: %v", err)
+	}
+	res := sets.NewString()
+	for _, route := range routes {
+		if route.Src != nil {
+			res.Insert(route.Src.String())
+		}
+	}
+	return res, nil
+}

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_unsupported.go

@@ -20,6 +20,8 @@ package ipvs
 
 import (
 	"fmt"
+
+	"k8s.io/apimachinery/pkg/util/sets"
 )
 
 type emptyHandle struct {
@@ -49,3 +51,8 @@ func (h *emptyHandle) EnsureDummyDevice(devName string) (bool, error) {
 func (h *emptyHandle) DeleteDummyDevice(devName string) error {
 	return fmt.Errorf("netlink is not supported in this platform")
 }
+
+// GetLocalAddresses is part of interface.
+func (h *emptyHandle) GetLocalAddresses(filterDev string) (sets.String, error) {
+	return nil, fmt.Errorf("netlink is not supported in this platform")
+}

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/testing/BUILD

@@ -5,6 +5,7 @@ licenses(["notice"])
 load(
     "@io_bazel_rules_go//go:def.bzl",
     "go_library",
+    "go_test",
 )
 
 go_library(
@@ -12,6 +13,7 @@ go_library(
     srcs = ["fake.go"],
     importpath = "k8s.io/kubernetes/pkg/proxy/ipvs/testing",
     tags = ["automanaged"],
+    deps = ["//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library"],
 )
 
 filegroup(
@@ -26,3 +28,10 @@ filegroup(
     srcs = [":package-srcs"],
     tags = ["automanaged"],
 )
+
+go_test(
+    name = "go_default_test",
+    srcs = ["fake_test.go"],
+    embed = [":go_default_library"],
+    deps = ["//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library"],
+)

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/testing/fake.go

@@ -16,21 +16,33 @@ limitations under the License.
 
 package testing
 
-//FakeNetlinkHandle mock implementation of proxy NetlinkHandle
+import (
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+)
+
+// FakeNetlinkHandle mock implementation of proxy NetlinkHandle
 type FakeNetlinkHandle struct {
+	// localAddresses is a network interface name to all of its IP addresses map, e.g.
+	// eth0 -> [1.2.3.4, 10.20.30.40]
+	localAddresses map[string][]string
 }
 
-//NewFakeNetlinkHandle will create a new FakeNetlinkHandle
+// NewFakeNetlinkHandle will create a new FakeNetlinkHandle
 func NewFakeNetlinkHandle() *FakeNetlinkHandle {
-	return &FakeNetlinkHandle{}
+	fake := &FakeNetlinkHandle{
+		localAddresses: make(map[string][]string),
+	}
+	return fake
 }
 
-//EnsureAddressBind is a mock implementation
+// EnsureAddressBind is a mock implementation
 func (h *FakeNetlinkHandle) EnsureAddressBind(address, devName string) (exist bool, err error) {
 	return false, nil
 }
 
-//UnbindAddress is a mock implementation
+// UnbindAddress is a mock implementation
 func (h *FakeNetlinkHandle) UnbindAddress(address, devName string) error {
 	return nil
 }
@@ -44,3 +56,36 @@ func (h *FakeNetlinkHandle) EnsureDummyDevice(devName string) (bool, error) {
 func (h *FakeNetlinkHandle) DeleteDummyDevice(devName string) error {
 	return nil
 }
+
+// GetLocalAddresses is a mock implementation
+func (h *FakeNetlinkHandle) GetLocalAddresses(filterDev string) (sets.String, error) {
+	res := sets.NewString()
+	if len(filterDev) != 0 {
+		// list all addresses from a given network interface.
+		for _, addr := range h.localAddresses[filterDev] {
+			res.Insert(addr)
+		}
+		return res, nil
+	}
+	// If filterDev is not given, will list all addresses from all available network interface.
+	for linkName := range h.localAddresses {
+		// list all addresses from a given network interface.
+		for _, addr := range h.localAddresses[linkName] {
+			res.Insert(addr)
+		}
+	}
+	return res, nil
+}
+
+// SetLocalAddresses set IP addresses to the given interface device.  It's not part of interface.
+func (h *FakeNetlinkHandle) SetLocalAddresses(dev string, ips ...string) error {
+	if h.localAddresses == nil {
+		h.localAddresses = make(map[string][]string)
+	}
+	if len(dev) == 0 {
+		return fmt.Errorf("device name can't be empty")
+	}
+	h.localAddresses[dev] = make([]string, 0)
+	h.localAddresses[dev] = append(h.localAddresses[dev], ips...)
+	return nil
+}

vendor/k8s.io/kubernetes/pkg/proxy/ipvs/testing/fake_test.go

@@ -0,0 +1,49 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package testing
+
+import (
+	"reflect"
+	"testing"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+)
+
+func TestSetGetLocalAddresses(t *testing.T) {
+	fake := NewFakeNetlinkHandle()
+	fake.SetLocalAddresses("eth0", "1.2.3.4")
+	expected := sets.NewString("1.2.3.4")
+	addr, _ := fake.GetLocalAddresses("eth0")
+	if !reflect.DeepEqual(expected, addr) {
+		t.Errorf("Unexpected mismatch, expected: %v, got: %v", expected, addr)
+	}
+	list, _ := fake.GetLocalAddresses("")
+	if !reflect.DeepEqual(expected, list) {
+		t.Errorf("Unexpected mismatch, expected: %v, got: %v", expected, list)
+	}
+	fake.SetLocalAddresses("lo", "127.0.0.1")
+	expected = sets.NewString("127.0.0.1")
+	addr, _ = fake.GetLocalAddresses("lo")
+	if !reflect.DeepEqual(expected, addr) {
+		t.Errorf("Unexpected mismatch, expected: %v, got: %v", expected, addr)
+	}
+	list, _ = fake.GetLocalAddresses("")
+	expected = sets.NewString("1.2.3.4", "127.0.0.1")
+	if !reflect.DeepEqual(expected, list) {
+		t.Errorf("Unexpected mismatch, expected: %v, got: %v", expected, list)
+	}
+}