github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 12:15:52 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #100550 from dims/add-new-iptables-rule-for-local-up-cluster.sh

Browse Source 
Add new iptables rule for local-up-cluster.sh
This commit is contained in:
Kubernetes Prow Robot 2021-03-29 13:24:09 -07:00 committed by GitHub
commit 6572fe4d90
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hack/local-up-cluster.sh
View File

@ -378,6 +378,9 @@ cleanup()
if [[ "${PRESERVE_ETCD}" == "false" ]]; then
[[ -n "${ETCD_DIR-}" ]] && kube::etcd::clean_etcd_dir
fi
# Drop the rule we added
iptables -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER || true
exit 0
}
@ -1094,8 +1097,17 @@ if [[ "${START_MODE}" != "kubeletonly" ]]; then
kube::etcd::validate
fi
if [ "${CONTAINER_RUNTIME}" == "docker" ] && ! kube::util::ensure_docker_daemon_connectivity; then
exit 1
if [ "${CONTAINER_RUNTIME}" == "docker" ]; then
if ! kube::util::ensure_docker_daemon_connectivity; then
exit 1
else
# docker doesn't allow to reach exposed hostPorts from the node, however, Kubernetes does
# so we append a new rule on top of the docker one
# -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER <-- docker rule
if ! iptables -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER; then
iptables -t nat -A OUTPUT -m addrtype --dst-type LOCAL -j DOCKER
fi
fi
fi
if [[ "${START_MODE}" != "kubeletonly" ]]; then