github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 04:33:26 +00:00
Code Issues Projects Releases Wiki Activity

fix a bug in hostport where it flushes KUBE-MARK-MASQ chain

Browse Source
This commit is contained in:
Minhan Xia 2016-09-09 14:39:47 -07:00
parent 9d06efb2d1
commit 118ebd57aa
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/kubelet/network/hostport/hostport.go
View File

@ -251,14 +251,6 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
} else { } else {
writeLine(natChains, utiliptables.MakeChainLine(kubeHostportsChain)) writeLine(natChains, utiliptables.MakeChainLine(kubeHostportsChain))
} }
// Assuming the node is running kube-proxy in iptables mode
// Reusing kube-proxy's KubeMarkMasqChain for SNAT
// TODO: let kubelet manage KubeMarkMasqChain. Other components should just be able to use it
if chain, ok := existingNATChains[iptablesproxy.KubeMarkMasqChain]; ok {
writeLine(natChains, chain)
} else {
writeLine(natChains, utiliptables.MakeChainLine(iptablesproxy.KubeMarkMasqChain))
}
// Accumulate NAT chains to keep. // Accumulate NAT chains to keep.
activeNATChains := map[utiliptables.Chain]bool{} // use a map as a set activeNATChains := map[utiliptables.Chain]bool{} // use a map as a set
@ -284,6 +276,7 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
} }
writeLine(natRules, args...) writeLine(natRules, args...)
// Assuming kubelet is syncing iptables KUBE-MARK-MASQ chain
// If the request comes from the pod that is serving the hostport, then SNAT // If the request comes from the pod that is serving the hostport, then SNAT
args = []string{ args = []string{
"-A", string(hostportChain), "-A", string(hostportChain),