From 30ea22f40e9de45c4ceb386faaba6fa71a46b54d Mon Sep 17 00:00:00 2001
From: Dan Winship <danw@redhat.com>
Date: Fri, 14 Aug 2015 12:38:43 -0400
Subject: [PATCH] Make kube-proxy resync its rules on firewalld restart

---
 cmd/kube-proxy/app/server.go   |  2 ++
 pkg/proxy/iptables/proxier.go  | 13 ++++++++-----
 pkg/proxy/types.go             |  2 ++
 pkg/proxy/userspace/proxier.go | 15 ++++++++++-----
 4 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go
index 0b9567c0aba..002fd182abd 100644
--- a/cmd/kube-proxy/app/server.go
+++ b/cmd/kube-proxy/app/server.go
@@ -240,6 +240,8 @@ func (s *ProxyServer) Run(_ []string) error {
 		}, 5*time.Second, util.NeverStop)
 	}
 
+	ipt.AddReloadFunc(proxier.Sync)
+
 	// Just loop forever for now...
 	proxier.SyncLoop()
 	return nil
diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go
index 6fb74068cce..2acdaccb6b3 100644
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@@ -248,6 +248,13 @@ func ipsEqual(lhs, rhs []string) bool {
 	return true
 }
 
+// Sync is called to immediately synchronize the proxier state to iptables
+func (proxier *Proxier) Sync() {
+	proxier.mu.Lock()
+	defer proxier.mu.Unlock()
+	proxier.syncProxyRules()
+}
+
 // SyncLoop runs periodic work.  This is expected to run as a goroutine or as the main loop of the app.  It does not return.
 func (proxier *Proxier) SyncLoop() {
 	t := time.NewTicker(proxier.syncPeriod)
@@ -255,11 +262,7 @@ func (proxier *Proxier) SyncLoop() {
 	for {
 		<-t.C
 		glog.V(6).Infof("Periodic sync")
-		func() {
-			proxier.mu.Lock()
-			defer proxier.mu.Unlock()
-			proxier.syncProxyRules()
-		}()
+		proxier.Sync()
 	}
 }
 
diff --git a/pkg/proxy/types.go b/pkg/proxy/types.go
index a3f309db278..15b227f1cc5 100644
--- a/pkg/proxy/types.go
+++ b/pkg/proxy/types.go
@@ -29,6 +29,8 @@ type ProxyProvider interface {
 	// Active service proxies are reinitialized if found in the update set or
 	// removed if missing from the update set.
 	OnServiceUpdate(services []api.Service)
+	// Sync immediately synchronizes the ProxyProvider's current state to iptables.
+	Sync()
 	// SyncLoop runs periodic work.
 	// This is expected to run as a goroutine or as the main loop of the app.
 	// It does not return.
diff --git a/pkg/proxy/userspace/proxier.go b/pkg/proxy/userspace/proxier.go
index 5fecd71d8c0..f0fe398e5d0 100644
--- a/pkg/proxy/userspace/proxier.go
+++ b/pkg/proxy/userspace/proxier.go
@@ -222,6 +222,15 @@ func CleanupLeftovers(ipt iptables.Interface) (encounteredError bool) {
 	return encounteredError
 }
 
+// Sync is called to immediately synchronize the proxier state to iptables
+func (proxier *Proxier) Sync() {
+	if err := iptablesInit(proxier.iptables); err != nil {
+		glog.Errorf("Failed to ensure iptables: %v", err)
+	}
+	proxier.ensurePortals()
+	proxier.cleanupStaleStickySessions()
+}
+
 // SyncLoop runs periodic work.  This is expected to run as a goroutine or as the main loop of the app.  It does not return.
 func (proxier *Proxier) SyncLoop() {
 	t := time.NewTicker(proxier.syncPeriod)
@@ -229,11 +238,7 @@ func (proxier *Proxier) SyncLoop() {
 	for {
 		<-t.C
 		glog.V(6).Infof("Periodic sync")
-		if err := iptablesInit(proxier.iptables); err != nil {
-			glog.Errorf("Failed to ensure iptables: %v", err)
-		}
-		proxier.ensurePortals()
-		proxier.cleanupStaleStickySessions()
+		proxier.Sync()
 	}
 }