github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 14:07:14 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #96830 from tnqn/ipvs-restore-commands

Browse Source 
Fix duplicate chains in iptables-restore input
This commit is contained in:
Kubernetes Prow Robot 2020-12-08 20:03:34 -08:00 committed by GitHub
commit 6aae473318
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/proxy/ipvs/proxier.go
View File

@ -1089,7 +1089,7 @@ func (proxier *Proxier) syncProxyRules() {
writeLine(proxier.filterChains, "*filter") writeLine(proxier.filterChains, "*filter")
writeLine(proxier.natChains, "*nat") writeLine(proxier.natChains, "*nat")
proxier.createAndLinkeKubeChain() proxier.createAndLinkKubeChain()
// make sure dummy interface exists in the system where ipvs Proxier will bind service address on it // make sure dummy interface exists in the system where ipvs Proxier will bind service address on it
_, err = proxier.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice) _, err = proxier.netlinkHandle.EnsureDummyDevice(DefaultDummyDevice)
@ -1884,8 +1884,8 @@ func (proxier *Proxier) acceptIPVSTraffic() {
} }
} }
// createAndLinkeKubeChain create all kube chains that ipvs proxier need and write basic link. // createAndLinkKubeChain create all kube chains that ipvs proxier need and write basic link.
func (proxier *Proxier) createAndLinkeKubeChain() { func (proxier *Proxier) createAndLinkKubeChain() {
existingFilterChains := proxier.getExistingChains(proxier.filterChainsData, utiliptables.TableFilter) existingFilterChains := proxier.getExistingChains(proxier.filterChainsData, utiliptables.TableFilter)
existingNATChains := proxier.getExistingChains(proxier.iptablesData, utiliptables.TableNAT) existingNATChains := proxier.getExistingChains(proxier.iptablesData, utiliptables.TableNAT)
@ -1907,13 +1907,13 @@ func (proxier *Proxier) createAndLinkeKubeChain() {
if chain, ok := existingNATChains[ch.chain]; ok { if chain, ok := existingNATChains[ch.chain]; ok {
writeBytesLine(proxier.natChains, chain) writeBytesLine(proxier.natChains, chain)
} else { } else {
writeLine(proxier.natChains, utiliptables.MakeChainLine(kubePostroutingChain)) writeLine(proxier.natChains, utiliptables.MakeChainLine(ch.chain))
} }
} else { } else {
if chain, ok := existingFilterChains[KubeForwardChain]; ok { if chain, ok := existingFilterChains[ch.chain]; ok {
writeBytesLine(proxier.filterChains, chain) writeBytesLine(proxier.filterChains, chain)
} else { } else {
writeLine(proxier.filterChains, utiliptables.MakeChainLine(KubeForwardChain)) writeLine(proxier.filterChains, utiliptables.MakeChainLine(ch.chain))
} }
} }
} }

19
pkg/proxy/ipvs/proxier_test.go
View File

@ -4320,3 +4320,22 @@ func TestFilterCIDRs(t *testing.T) {
t.Errorf("cidrs %v is not expected %v", cidrs, expected) t.Errorf("cidrs %v is not expected %v", cidrs, expected)
} }
} }
func TestCreateAndLinkKubeChain(t *testing.T) {
ipt := iptablestest.NewFake()
ipvs := ipvstest.NewFake()
ipset := ipsettest.NewFake(testIPSetVersion)
fp := NewFakeProxier(ipt, ipvs, ipset, nil, nil, true, v1.IPv4Protocol)
fp.createAndLinkKubeChain()
expectedNATChains := `:KUBE-SERVICES - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-FIREWALL - [0:0]
:KUBE-NODE-PORT - [0:0]
:KUBE-LOAD-BALANCER - [0:0]
:KUBE-MARK-MASQ - [0:0]
`
expectedFilterChains := `:KUBE-FORWARD - [0:0]
`
assert.Equal(t, expectedNATChains, fp.natChains.String())
assert.Equal(t, expectedFilterChains, fp.filterChains.String())
}