From 118ebd57aabc13e826b4c9b4ee95ac35755a6f75 Mon Sep 17 00:00:00 2001
From: Minhan Xia <mixia@google.com>
Date: Fri, 9 Sep 2016 14:39:47 -0700
Subject: [PATCH] fix a bug in hostport where it flushes KUBE-MARK-MASQ chain

---
 pkg/kubelet/network/hostport/hostport.go | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/pkg/kubelet/network/hostport/hostport.go b/pkg/kubelet/network/hostport/hostport.go
index e673702f7fb..bf8e498975c 100644
--- a/pkg/kubelet/network/hostport/hostport.go
+++ b/pkg/kubelet/network/hostport/hostport.go
@@ -251,14 +251,6 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
 	} else {
 		writeLine(natChains, utiliptables.MakeChainLine(kubeHostportsChain))
 	}
-	// Assuming the node is running kube-proxy in iptables mode
-	// Reusing kube-proxy's KubeMarkMasqChain for SNAT
-	// TODO: let kubelet manage KubeMarkMasqChain. Other components should just be able to use it
-	if chain, ok := existingNATChains[iptablesproxy.KubeMarkMasqChain]; ok {
-		writeLine(natChains, chain)
-	} else {
-		writeLine(natChains, utiliptables.MakeChainLine(iptablesproxy.KubeMarkMasqChain))
-	}
 
 	// Accumulate NAT chains to keep.
 	activeNATChains := map[utiliptables.Chain]bool{} // use a map as a set
@@ -284,6 +276,7 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
 		}
 		writeLine(natRules, args...)
 
+		// Assuming kubelet is syncing iptables KUBE-MARK-MASQ chain
 		// If the request comes from the pod that is serving the hostport, then SNAT
 		args = []string{
 			"-A", string(hostportChain),