github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 12:15:52 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #12597 from BenTheElder/userspace_iptables_cleanup

Browse Source 
Fix #12596
This commit is contained in:
Wojciech Tyczynski 2015-08-13 10:18:19 +02:00
commit 53514dccca
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/proxy/userspace/proxier.go
View File

@ -131,6 +131,8 @@ func createProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptables
if proxyPorts == nil {
proxyPorts = newPortAllocator(util.PortRange{})
}
glog.V(2).Info("Tearing down pure-iptables proxy rules. Errors here are acceptable.")
tearDownIptablesProxierRules(iptables)
// Set up the iptables foundations we need.
if err := iptablesInit(iptables); err != nil {
return nil, fmt.Errorf("failed to initialize iptables: %v", err)
@ -151,6 +153,19 @@ func createProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptables
}, nil
}
// remove the iptables rules from the pure iptables Proxier
func tearDownIptablesProxierRules(ipt iptables.Interface) {
//TODO: actually tear down all rules and chains.
//NOTE: this needs to be kept in sync with the proxy/iptables Proxier's rules.
args := []string{"-j", "KUBE-SERVICES"}
if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainOutput, args...); err != nil {
glog.Errorf("Error removing pure-iptables proxy rule: %v", err)
}
if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainPrerouting, args...); err != nil {
glog.Errorf("Error removing pure-iptables proxy rule: %v", err)
}
}
// The periodic interval for checking the state of things.
const syncInterval = 5 * time.Second