github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 03:11:40 +00:00
Code Issues Projects Releases Wiki Activity

Add new iptables rule for local-up-cluster.sh

Browse Source 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Davanum Srinivas 2021-03-24 21:42:35 -04:00
parent bcab4c35d2
commit 44d143f6e1
No known key found for this signature in database
GPG Key ID: 80D83A796103BF59
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hack/local-up-cluster.sh
View File

@ -378,6 +378,9 @@ cleanup()
if [[ "${PRESERVE_ETCD}" == "false" ]]; then
[[ -n "${ETCD_DIR-}" ]] && kube::etcd::clean_etcd_dir
fi
# Drop the rule we added
iptables -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER || true
exit 0
}
@ -1086,8 +1089,17 @@ if [[ "${START_MODE}" != "kubeletonly" ]]; then
kube::etcd::validate
fi
if [ "${CONTAINER_RUNTIME}" == "docker" ] && ! kube::util::ensure_docker_daemon_connectivity; then
if [ "${CONTAINER_RUNTIME}" == "docker" ]; then
if ! kube::util::ensure_docker_daemon_connectivity; then
exit 1
else
# docker doesn't allow to reach exposed hostPorts from the node, however, Kubernetes does
# so we append a new rule on top of the docker one
# -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER <-- docker rule
if ! iptables -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER; then
iptables -t nat -A OUTPUT -m addrtype --dst-type LOCAL -j DOCKER
fi
fi
fi
if [[ "${START_MODE}" != "kubeletonly" ]]; then