github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-26 12:46:06 +00:00
Code Issues Projects Releases Wiki Activity

kube-proxy ensure KUBE-MARK-DROP exist but not modify their rules

Browse Source
This commit is contained in:
Lion-Wei
2020-09-11 17:41:49 +08:00
parent b3d4b8ed8a
commit 1f7ea16560
2 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/proxy/iptables/proxier.go
View File

@@ -399,6 +399,13 @@ var iptablesJumpChains = []iptablesJumpChain{
{utiliptables.TableNAT, kubePostroutingChain, utiliptables.ChainPostrouting, "kubernetes postrouting rules", nil},
}
var iptablesEnsureChains = []struct {
table utiliptables.Table
chain utiliptables.Chain
}{
{utiliptables.TableNAT, KubeMarkDropChain},
}
var iptablesCleanupOnlyChains = []iptablesJumpChain{}
// CleanupLeftovers removes all iptables rules and chains created by the Proxier
@@ -868,6 +875,14 @@ func (proxier *Proxier) syncProxyRules() {
}
}
// ensure KUBE-MARK-DROP chain exist but do not change any rules
for _, ch := range iptablesEnsureChains {
if _, err := proxier.iptables.EnsureChain(ch.table, ch.chain); err != nil {
klog.Errorf("Failed to ensure that %s chain %s exists: %v", ch.table, ch.chain, err)
return
}
}
//
// Below this point we will not return until we try to write the iptables rules.
//