github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

proxy/iptables: fix a bug in node address error handling

Browse Source 
If GetNodeAddresses() fails (eg, because you passed the wrong CIDR to
`--nodeport-addresses`), then any NodePort services would end up with
only half a set of iptables rules. Fix it to just not output the
NodePort-specific parts in that case (in addition to logging an error
about the GetNodeAddresses() failure).
This commit is contained in:
Dan Winship 2021-11-09 09:25:23 -05:00
parent ab67a942ca
commit 62672d06e6
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/proxy/iptables/proxier.go
View File

@ -1302,13 +1302,9 @@ func (proxier *Proxier) syncProxyRules() {
// Capture nodeports. If we had more than 2 rules it might be // Capture nodeports. If we had more than 2 rules it might be
// worthwhile to make a new per-service chain for nodeport rules, but // worthwhile to make a new per-service chain for nodeport rules, but
// with just 2 rules it ends up being a waste and a cognitive burden. // with just 2 rules it ends up being a waste and a cognitive burden.
if svcInfo.NodePort() != 0 { if svcInfo.NodePort() != 0 && len(nodeAddresses) != 0 {
// Hold the local port open so no other process can open it // Hold the local port open so no other process can open it
// (because the socket might open but it would never work). // (because the socket might open but it would never work).
if len(nodeAddresses) == 0 {
continue
}
lps := make([]netutils.LocalPort, 0) lps := make([]netutils.LocalPort, 0)
for address := range nodeAddresses { for address := range nodeAddresses {
lp := netutils.LocalPort{ lp := netutils.LocalPort{