github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #80514 from liuxu623/master

Browse Source 
don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier
This commit is contained in:
Kubernetes Prow Robot 2019-08-28 23:49:56 -07:00 committed by GitHub
commit 454e8e6e92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/proxy/iptables/proxier.go
View File

@ -371,7 +371,7 @@ func CleanupLeftovers(ipt utiliptables.Interface) (encounteredError bool) {
natRules := bytes.NewBuffer(nil) natRules := bytes.NewBuffer(nil)
writeLine(natChains, "*nat") writeLine(natChains, "*nat")
// Start with chains we know we need to remove. // Start with chains we know we need to remove.
for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain, KubeMarkMasqChain} { for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain} {
if _, found := existingNATChains[chain]; found { if _, found := existingNATChains[chain]; found {
chainString := string(chain) chainString := string(chain)
writeBytesLine(natChains, existingNATChains[chain]) // flush writeBytesLine(natChains, existingNATChains[chain]) // flush

16
pkg/proxy/ipvs/proxier.go
View File

@ -111,6 +111,18 @@ var iptablesChains = []struct {
{utiliptables.TableFilter, KubeForwardChain}, {utiliptables.TableFilter, KubeForwardChain},
} }
var iptablesCleanupChains = []struct {
table utiliptables.Table
chain utiliptables.Chain
}{
{utiliptables.TableNAT, kubeServicesChain},
{utiliptables.TableNAT, kubePostroutingChain},
{utiliptables.TableNAT, KubeFireWallChain},
{utiliptables.TableNAT, KubeNodePortChain},
{utiliptables.TableNAT, KubeLoadBalancerChain},
{utiliptables.TableFilter, KubeForwardChain},
}
// ipsetInfo is all ipset we needed in ipvs proxier // ipsetInfo is all ipset we needed in ipvs proxier
var ipsetInfo = []struct { var ipsetInfo = []struct {
name string name string
@ -639,7 +651,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
} }
// Flush and remove all of our chains. Flushing all chains before removing them also removes all links between chains first. // Flush and remove all of our chains. Flushing all chains before removing them also removes all links between chains first.
for _, ch := range iptablesChains { for _, ch := range iptablesCleanupChains {
if err := ipt.FlushChain(ch.table, ch.chain); err != nil { if err := ipt.FlushChain(ch.table, ch.chain); err != nil {
if !utiliptables.IsNotFoundError(err) { if !utiliptables.IsNotFoundError(err) {
klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err) klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)
@ -649,7 +661,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
} }
// Remove all of our chains. // Remove all of our chains.
for _, ch := range iptablesChains { for _, ch := range iptablesCleanupChains {
if err := ipt.DeleteChain(ch.table, ch.chain); err != nil { if err := ipt.DeleteChain(ch.table, ch.chain); err != nil {
if !utiliptables.IsNotFoundError(err) { if !utiliptables.IsNotFoundError(err) {
klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err) klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)