Merge pull request #96830 from tnqn/ipvs-restore-commands

Fix duplicate chains in iptables-restore input
This commit is contained in:
Kubernetes Prow Robot 2020-12-08 20:03:34 -08:00 committed by GitHub
commit 6aae473318
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 6 deletions

View File

@ -1089,7 +1089,7 @@ func (proxier *Proxier) syncProxyRules() {
writeLine(proxier.filterChains, "*filter")
writeLine(proxier.natChains, "*nat")
proxier.createAndLinkeKubeChain()
proxier.createAndLinkKubeChain()
// make sure dummy interface exists in the system where ipvs Proxier will bind service address on it
_, err = proxier.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice)
@ -1884,8 +1884,8 @@ func (proxier *Proxier) acceptIPVSTraffic() {
}
}
// createAndLinkeKubeChain create all kube chains that ipvs proxier need and write basic link.
func (proxier *Proxier) createAndLinkeKubeChain() {
// createAndLinkKubeChain create all kube chains that ipvs proxier need and write basic link.
func (proxier *Proxier) createAndLinkKubeChain() {
existingFilterChains := proxier.getExistingChains(proxier.filterChainsData, utiliptables.TableFilter)
existingNATChains := proxier.getExistingChains(proxier.iptablesData, utiliptables.TableNAT)
@ -1907,13 +1907,13 @@ func (proxier *Proxier) createAndLinkeKubeChain() {
if chain, ok := existingNATChains[ch.chain]; ok {
writeBytesLine(proxier.natChains, chain)
} else {
writeLine(proxier.natChains, utiliptables.MakeChainLine(kubePostroutingChain))
writeLine(proxier.natChains, utiliptables.MakeChainLine(ch.chain))
}
} else {
if chain, ok := existingFilterChains[KubeForwardChain]; ok {
if chain, ok := existingFilterChains[ch.chain]; ok {
writeBytesLine(proxier.filterChains, chain)
} else {
writeLine(proxier.filterChains, utiliptables.MakeChainLine(KubeForwardChain))
writeLine(proxier.filterChains, utiliptables.MakeChainLine(ch.chain))
}
}
}

View File

@ -4320,3 +4320,22 @@ func TestFilterCIDRs(t *testing.T) {
t.Errorf("cidrs %v is not expected %v", cidrs, expected)
}
}
func TestCreateAndLinkKubeChain(t *testing.T) {
ipt := iptablestest.NewFake()
ipvs := ipvstest.NewFake()
ipset := ipsettest.NewFake(testIPSetVersion)
fp := NewFakeProxier(ipt, ipvs, ipset, nil, nil, true, v1.IPv4Protocol)
fp.createAndLinkKubeChain()
expectedNATChains := `:KUBE-SERVICES - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-FIREWALL - [0:0]
:KUBE-NODE-PORT - [0:0]
:KUBE-LOAD-BALANCER - [0:0]
:KUBE-MARK-MASQ - [0:0]
`
expectedFilterChains := `:KUBE-FORWARD - [0:0]
`
assert.Equal(t, expectedNATChains, fp.natChains.String())
assert.Equal(t, expectedFilterChains, fp.filterChains.String())
}