github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 10:43:56 +00:00
Code Issues Projects Releases Wiki Activity

Don't name 'eth0' in MASQUERADE rule

Browse Source 
This causes endless loops of adding duplicate rules on machines without "eth0".
This commit is contained in:
Tim Hockin 2015-08-28 22:32:30 -07:00
parent d79f53f73b
commit 1aca401813
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/kubelet/container_bridge.go
View File

@ -121,13 +121,23 @@ func cbr0CidrCorrect(wantCIDR *net.IPNet) bool {
// TODO(dawnchen): Using pkg/util/iptables // TODO(dawnchen): Using pkg/util/iptables
func ensureIPTablesMasqRule() error { func ensureIPTablesMasqRule() error {
// Check if the MASQUERADE rule exist or not // Check if the MASQUERADE rule exist or not
if err := exec.Command("iptables", "-t", "nat", "-C", "POSTROUTING", "-o", "eth0", "-j", "MASQUERADE", "!", "-d", "10.0.0.0/8").Run(); err == nil { if err := exec.Command("iptables",
"-t", "nat",
"-C", "POSTROUTING",
"!", "-d", "10.0.0.0/8",
"-m", "addrtype", "!", "--dst-type", "LOCAL",
"-j", "MASQUERADE").Run(); err == nil {
// The MASQUERADE rule exists // The MASQUERADE rule exists
return nil return nil
} }
glog.Infof("MASQUERADE rule doesn't exist, recreate it") glog.Infof("MASQUERADE rule doesn't exist, recreate it")
if err := exec.Command("iptables", "-t", "nat", "-A", "POSTROUTING", "-o", "eth0", "-j", "MASQUERADE", "!", "-d", "10.0.0.0/8").Run(); err != nil { if err := exec.Command("iptables",
"-t", "nat",
"-A", "POSTROUTING",
"!", "-d", "10.0.0.0/8",
"-m", "addrtype", "!", "--dst-type", "LOCAL",
"-j", "MASQUERADE").Run(); err != nil {
return err return err
} }
return nil return nil