From c90b295ef1e3c55deaa99a9881b88db1a8f0d35a Mon Sep 17 00:00:00 2001 From: liuxu Date: Tue, 20 Aug 2019 15:43:54 +0800 Subject: [PATCH] don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier --- pkg/proxy/iptables/proxier.go | 2 +- pkg/proxy/ipvs/proxier.go | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 34e4d3e8f83..2a54ebcabfd 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -408,7 +408,7 @@ func CleanupLeftovers(ipt utiliptables.Interface) (encounteredError bool) { natRules := bytes.NewBuffer(nil) writeLine(natChains, "*nat") // Start with chains we know we need to remove. - for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain, KubeMarkMasqChain} { + for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain} { if _, found := existingNATChains[chain]; found { chainString := string(chain) writeBytesLine(natChains, existingNATChains[chain]) // flush diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 6264ea33587..fd334a68ba0 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -111,6 +111,18 @@ var iptablesChains = []struct { {utiliptables.TableFilter, KubeForwardChain}, } +var iptablesCleanupChains = []struct { + table utiliptables.Table + chain utiliptables.Chain +}{ + {utiliptables.TableNAT, kubeServicesChain}, + {utiliptables.TableNAT, kubePostroutingChain}, + {utiliptables.TableNAT, KubeFireWallChain}, + {utiliptables.TableNAT, KubeNodePortChain}, + {utiliptables.TableNAT, KubeLoadBalancerChain}, + {utiliptables.TableFilter, KubeForwardChain}, +} + // ipsetInfo is all ipset we needed in ipvs proxier var ipsetInfo = []struct { name string @@ -639,7 +651,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool } // Flush and remove all of our chains. Flushing all chains before removing them also removes all links between chains first. - for _, ch := range iptablesChains { + for _, ch := range iptablesCleanupChains { if err := ipt.FlushChain(ch.table, ch.chain); err != nil { if !utiliptables.IsNotFoundError(err) { klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err) @@ -649,7 +661,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool } // Remove all of our chains. - for _, ch := range iptablesChains { + for _, ch := range iptablesCleanupChains { if err := ipt.DeleteChain(ch.table, ch.chain); err != nil { if !utiliptables.IsNotFoundError(err) { klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)