mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 12:43:23 +00:00
Merge pull request #96830 from tnqn/ipvs-restore-commands
Fix duplicate chains in iptables-restore input
This commit is contained in:
commit
6aae473318
@ -1089,7 +1089,7 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
writeLine(proxier.filterChains, "*filter")
|
||||
writeLine(proxier.natChains, "*nat")
|
||||
|
||||
proxier.createAndLinkeKubeChain()
|
||||
proxier.createAndLinkKubeChain()
|
||||
|
||||
// make sure dummy interface exists in the system where ipvs Proxier will bind service address on it
|
||||
_, err = proxier.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice)
|
||||
@ -1884,8 +1884,8 @@ func (proxier *Proxier) acceptIPVSTraffic() {
|
||||
}
|
||||
}
|
||||
|
||||
// createAndLinkeKubeChain create all kube chains that ipvs proxier need and write basic link.
|
||||
func (proxier *Proxier) createAndLinkeKubeChain() {
|
||||
// createAndLinkKubeChain create all kube chains that ipvs proxier need and write basic link.
|
||||
func (proxier *Proxier) createAndLinkKubeChain() {
|
||||
existingFilterChains := proxier.getExistingChains(proxier.filterChainsData, utiliptables.TableFilter)
|
||||
existingNATChains := proxier.getExistingChains(proxier.iptablesData, utiliptables.TableNAT)
|
||||
|
||||
@ -1907,13 +1907,13 @@ func (proxier *Proxier) createAndLinkeKubeChain() {
|
||||
if chain, ok := existingNATChains[ch.chain]; ok {
|
||||
writeBytesLine(proxier.natChains, chain)
|
||||
} else {
|
||||
writeLine(proxier.natChains, utiliptables.MakeChainLine(kubePostroutingChain))
|
||||
writeLine(proxier.natChains, utiliptables.MakeChainLine(ch.chain))
|
||||
}
|
||||
} else {
|
||||
if chain, ok := existingFilterChains[KubeForwardChain]; ok {
|
||||
if chain, ok := existingFilterChains[ch.chain]; ok {
|
||||
writeBytesLine(proxier.filterChains, chain)
|
||||
} else {
|
||||
writeLine(proxier.filterChains, utiliptables.MakeChainLine(KubeForwardChain))
|
||||
writeLine(proxier.filterChains, utiliptables.MakeChainLine(ch.chain))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -4320,3 +4320,22 @@ func TestFilterCIDRs(t *testing.T) {
|
||||
t.Errorf("cidrs %v is not expected %v", cidrs, expected)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCreateAndLinkKubeChain(t *testing.T) {
|
||||
ipt := iptablestest.NewFake()
|
||||
ipvs := ipvstest.NewFake()
|
||||
ipset := ipsettest.NewFake(testIPSetVersion)
|
||||
fp := NewFakeProxier(ipt, ipvs, ipset, nil, nil, true, v1.IPv4Protocol)
|
||||
fp.createAndLinkKubeChain()
|
||||
expectedNATChains := `:KUBE-SERVICES - [0:0]
|
||||
:KUBE-POSTROUTING - [0:0]
|
||||
:KUBE-FIREWALL - [0:0]
|
||||
:KUBE-NODE-PORT - [0:0]
|
||||
:KUBE-LOAD-BALANCER - [0:0]
|
||||
:KUBE-MARK-MASQ - [0:0]
|
||||
`
|
||||
expectedFilterChains := `:KUBE-FORWARD - [0:0]
|
||||
`
|
||||
assert.Equal(t, expectedNATChains, fp.natChains.String())
|
||||
assert.Equal(t, expectedFilterChains, fp.filterChains.String())
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user