github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 19:31:44 +00:00
Code Issues Projects Releases Wiki Activity

Add comments for ipset entries in kube-proxy - fix

Browse Source
This commit is contained in:
Weibin Lin 2018-05-15 17:27:12 +08:00 committed by GitHub
parent dc62a73742
commit 1558d13ca0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/proxy/ipvs/proxier.go
View File

@ -1207,7 +1207,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.loopbackSet.isEmpty() {
args = append(args[:0],
"-A", string(kubePostroutingChain),
"-m", "comment", "--comment", proxier.loopbackSet.Comment,
"-m", "comment", "--comment", `"Kubernetes endpoints dst ip:port, source ip for solving hairpin purpose"`,
"-m", "set", "--match-set", proxier.loopbackSet.Name,
"dst,dst,src",
)
@ -1216,7 +1216,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.clusterIPSet.isEmpty() {
args = append(args[:0],
"-A", string(kubeServicesChain),
"-m", "comment", "--comment", proxier.clusterIPSet.Comment,
"-m", "comment", "--comment", `"Kubernetes service cluster ip + port for masquerade purpose"`,
"-m", "set", "--match-set", proxier.clusterIPSet.Name,
"dst,dst",
)
@ -1235,7 +1235,7 @@ func (proxier *Proxier) syncProxyRules() {
// Build masquerade rules for packets to external IPs.
args = append(args[:0],
"-A", string(kubeServicesChain),
"-m", "comment", "--comment", proxier.externalIPSet.Comment,
"-m", "comment", "--comment", `"Kubernetes service external ip + port for masquerade and filter purpose"`,
"-m", "set", "--match-set", proxier.externalIPSet.Name,
"dst,dst",
)
@ -1257,7 +1257,7 @@ func (proxier *Proxier) syncProxyRules() {
// Build masquerade rules for packets which cross node visit load balancer ingress IPs.
args = append(args[:0],
"-A", string(kubeServicesChain),
"-m", "comment", "--comment", proxier.lbSet.Comment,
"-m", "comment", "--comment", `"Kubernetes service lb portal"`,
"-m", "set", "--match-set", proxier.lbSet.Name,
"dst,dst",
)
@ -1267,7 +1267,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.lbFWSet.isEmpty() {
args = append(args[:0],
"-A", string(KubeLoadBalancerChain),
"-m", "comment", "--comment", proxier.lbFWSet.Comment,
"-m", "comment", "--comment", `"Kubernetes service load balancer ip + port for load balancer with sourceRange"`,
"-m", "set", "--match-set", proxier.lbFWSet.Name,
"dst,dst",
)
@ -1276,7 +1276,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.lbWhiteListCIDRSet.isEmpty() {
args = append(args[:0],
"-A", string(KubeFireWallChain),
"-m", "comment", "--comment", proxier.lbWhiteListCIDRSet.Comment,
"-m", "comment", "--comment", `"Kubernetes service load balancer ip + port + source IP for packet filter purpose"`,
"-m", "set", "--match-set", proxier.lbWhiteListCIDRSet.Name,
"dst,dst,src",
)
@ -1285,7 +1285,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.lbWhiteListIPSet.isEmpty() {
args = append(args[:0],
"-A", string(KubeFireWallChain),
"-m", "comment", "--comment", proxier.lbWhiteListIPSet.Comment,
"-m", "comment", "--comment", `"Kubernetes service load balancer ip + port + source cidr for packet filter purpose"`,
"-m", "set", "--match-set", proxier.lbWhiteListIPSet.Name,
"dst,dst,src",
)
@ -1302,7 +1302,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.lbLocalSet.isEmpty() {
args = append(args[:0],
"-A", string(KubeLoadBalancerChain),
"-m", "comment", "--comment", proxier.lbLocalSet.Comment,
"-m", "comment", "--comment", `"Kubernetes service load balancer ip + port with externalTrafficPolicy=local"`,
"-m", "set", "--match-set", proxier.lbLocalSet.Name,
"dst,dst",
)
@ -1321,7 +1321,7 @@ func (proxier *Proxier) syncProxyRules() {
args = append(args[:0],
"-A", string(kubeServicesChain),
"-m", "tcp", "-p", "tcp",
"-m", "comment", "--comment", proxier.nodePortSetTCP.Comment,
"-m", "comment", "--comment", `"Kubernetes nodeport TCP port for masquerade purpose"`,
"-m", "set", "--match-set", proxier.nodePortSetTCP.Name,
"dst",
)
@ -1330,7 +1330,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.nodePortLocalSetTCP.isEmpty() {
args = append(args[:0],
"-A", string(KubeNodePortChain),
"-m", "comment", "--comment", proxier.nodePortLocalSetTCP.Comment,
"-m", "comment", "--comment", `"Kubernetes nodeport TCP port with externalTrafficPolicy=local"`,
"-m", "set", "--match-set", proxier.nodePortLocalSetTCP.Name,
"dst",
)
@ -1349,7 +1349,7 @@ func (proxier *Proxier) syncProxyRules() {
args = append(args[:0],
"-A", string(kubeServicesChain),
"-m", "udp", "-p", "udp",
"-m", "comment", "--comment", proxier.nodePortSetUDP.Comment,
"-m", "comment", "--comment", `"Kubernetes nodeport UDP port for masquerade purpose"`,
"-m", "set", "--match-set", proxier.nodePortSetUDP.Name,
"dst",
)
@ -1357,7 +1357,7 @@ func (proxier *Proxier) syncProxyRules() {
if !proxier.nodePortLocalSetUDP.isEmpty() {
args = append(args[:0],
"-A", string(KubeNodePortChain),
"-m", "comment", "--comment", proxier.nodePortLocalSetUDP.Comment,
"-m", "comment", "--comment", `"Kubernetes nodeport UDP port with externalTrafficPolicy=local"`,
"-m", "set", "--match-set", proxier.nodePortLocalSetUDP.Name,
"dst",
)