remove unnecessary function getBuggyHostportChain

2025-07-31 15:25:57 +00:00 · 2018-01-02 15:04:30 +08:00 · 2018-01-02 15:04:30 +08:00 · 2fefca4a0b
commit 2fefca4a0b
parent cfc1d47397
2 changed files with 0 additions and 96 deletions
--- a/pkg/kubelet/network/hostport/hostport_manager.go
+++ b/pkg/kubelet/network/hostport/hostport_manager.go
@ -178,8 +178,6 @@ func (hm *hostportManager) Remove(id string, podPortMapping *PodPortMapping) (er
 	chainsToRemove := []utiliptables.Chain{}
 	for _, pm := range hostportMappings {
 		chainsToRemove = append(chainsToRemove, getHostportChain(id, pm))
-		// TODO remove this after release 1.9, please refer https://github.com/kubernetes/kubernetes/pull/55153
-		chainsToRemove = append(chainsToRemove, getBuggyHostportChain(id, pm))
 	}

 	// remove rules that consists of target chains
@ -255,16 +253,6 @@ func getHostportChain(id string, pm *PortMapping) utiliptables.Chain {
 	return utiliptables.Chain(kubeHostportChainPrefix + encoded[:16])
 }

-// This bugy func does bad conversion on HostPort from int32 to string.
-// It may generates same chain names for different ports of the same pod, e.g. port 57119/55429/56833.
-// `getHostportChain` fixed this bug. In order to cleanup the legacy chains/rules, it is temporarily left.
-// TODO remove this after release 1.9, please refer https://github.com/kubernetes/kubernetes/pull/55153
-func getBuggyHostportChain(id string, pm *PortMapping) utiliptables.Chain {
-	hash := sha256.Sum256([]byte(id + string(pm.HostPort) + string(pm.Protocol)))
-	encoded := base32.StdEncoding.EncodeToString(hash[:])
-	return utiliptables.Chain(kubeHostportChainPrefix + encoded[:16])
-}
-
 // gatherHostportMappings returns all the PortMappings which has hostport for a pod
 func gatherHostportMappings(podPortMapping *PodPortMapping) []*PortMapping {
 	mappings := []*PortMapping{}
--- a/pkg/kubelet/network/hostport/hostport_manager_test.go
+++ b/pkg/kubelet/network/hostport/hostport_manager_test.go
@ -27,14 +27,6 @@ import (
 	utiliptables "k8s.io/kubernetes/pkg/util/iptables"
 )

-func NewFakeHostportManager() HostPortManager {
-	return &hostportManager{
-		hostPortMap: make(map[hostport]closeable),
-		iptables:    NewFakeIPTables(),
-		portOpener:  NewFakeSocketManager().openFakeSocket,
-	}
-}
-
 func TestHostportManager(t *testing.T) {
 	iptables := NewFakeIPTables()
 	portOpener := NewFakeSocketManager()
@ -211,79 +203,3 @@ func TestGetHostportChain(t *testing.T) {
 		t.Fatal(m)
 	}
 }
-
-func TestHostPortManagerRemoveLegacyRules(t *testing.T) {
-	iptables := NewFakeIPTables()
-	legacyRules := [][]string{
-		{"-A", "KUBE-HOSTPORTS", "-m comment --comment \"pod3_ns1 hostport 8443\" -m tcp -p tcp --dport 8443 -j KUBE-HP-5N7UH5JAXCVP5UJR"},
-		{"-A", "KUBE-HOSTPORTS", "-m comment --comment \"pod1_ns1 hostport 8081\" -m udp -p udp --dport 8081 -j KUBE-HP-7THKRFSEH4GIIXK7"},
-		{"-A", "KUBE-HOSTPORTS", "-m comment --comment \"pod1_ns1 hostport 8080\" -m tcp -p tcp --dport 8080 -j KUBE-HP-4YVONL46AKYWSKS3"},
-		{"-A", "OUTPUT", "-m comment --comment \"kube hostport portals\" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS"},
-		{"-A", "PREROUTING", "-m comment --comment \"kube hostport portals\" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS"},
-		{"-A", "POSTROUTING", "-m comment --comment \"SNAT for localhost access to hostports\" -o cbr0 -s 127.0.0.0/8 -j MASQUERADE"},
-		{"-A", "KUBE-HP-4YVONL46AKYWSKS3", "-m comment --comment \"pod1_ns1 hostport 8080\" -s 10.1.1.2/32 -j KUBE-MARK-MASQ"},
-		{"-A", "KUBE-HP-4YVONL46AKYWSKS3", "-m comment --comment \"pod1_ns1 hostport 8080\" -m tcp -p tcp -j DNAT --to-destination 10.1.1.2:80"},
-		{"-A", "KUBE-HP-7THKRFSEH4GIIXK7", "-m comment --comment \"pod1_ns1 hostport 8081\" -s 10.1.1.2/32 -j KUBE-MARK-MASQ"},
-		{"-A", "KUBE-HP-7THKRFSEH4GIIXK7", "-m comment --comment \"pod1_ns1 hostport 8081\" -m udp -p udp -j DNAT --to-destination 10.1.1.2:81"},
-		{"-A", "KUBE-HP-5N7UH5JAXCVP5UJR", "-m comment --comment \"pod3_ns1 hostport 8443\" -s 10.1.1.4/32 -j KUBE-MARK-MASQ"},
-		{"-A", "KUBE-HP-5N7UH5JAXCVP5UJR", "-m comment --comment \"pod3_ns1 hostport 8443\" -m tcp -p tcp -j DNAT --to-destination 10.1.1.4:443"},
-	}
-	for _, rule := range legacyRules {
-		_, err := iptables.EnsureChain(utiliptables.TableNAT, utiliptables.Chain(rule[1]))
-		assert.NoError(t, err)
-		_, err = iptables.ensureRule(utiliptables.RulePosition(rule[0]), utiliptables.TableNAT, utiliptables.Chain(rule[1]), rule[2])
-		assert.NoError(t, err)
-	}
-	portOpener := NewFakeSocketManager()
-	manager := &hostportManager{
-		hostPortMap: make(map[hostport]closeable),
-		iptables:    iptables,
-		portOpener:  portOpener.openFakeSocket,
-	}
-	err := manager.Remove("id", &PodPortMapping{
-		Name:        "pod1",
-		Namespace:   "ns1",
-		IP:          net.ParseIP("10.1.1.2"),
-		HostNetwork: false,
-		PortMappings: []*PortMapping{
-			{
-				HostPort:      8080,
-				ContainerPort: 80,
-				Protocol:      v1.ProtocolTCP,
-			},
-			{
-				HostPort:      8081,
-				ContainerPort: 81,
-				Protocol:      v1.ProtocolUDP,
-			},
-		},
-	})
-	assert.NoError(t, err)
-
-	err = manager.Remove("id", &PodPortMapping{
-		Name:        "pod3",
-		Namespace:   "ns1",
-		IP:          net.ParseIP("10.1.1.4"),
-		HostNetwork: false,
-		PortMappings: []*PortMapping{
-			{
-				HostPort:      8443,
-				ContainerPort: 443,
-				Protocol:      v1.ProtocolTCP,
-			},
-		},
-	})
-	assert.NoError(t, err)
-
-	natTable, ok := iptables.tables[string(utiliptables.TableNAT)]
-	assert.True(t, ok)
-	// check KUBE-HOSTPORTS chain should be cleaned up
-	hostportChain, ok := natTable.chains["KUBE-HOSTPORTS"]
-	assert.True(t, ok, string(hostportChain.name))
-	assert.Equal(t, 0, len(hostportChain.rules), "%v", hostportChain.rules)
-	// check KUBE-HP-* chains should be deleted
-	for _, name := range []string{"KUBE-HP-4YVONL46AKYWSKS3", "KUBE-HP-7THKRFSEH4GIIXK7", "KUBE-HP-5N7UH5JAXCVP5UJR"} {
-		_, ok := natTable.chains[name]
-		assert.False(t, ok)
-	}
-}