From 749df8e022655390cb563483f18812018211fa0d Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Fri, 18 Feb 2022 12:51:14 -0500 Subject: [PATCH] Move iptables consts to kubelet_network_linux.go. --- pkg/kubelet/kubelet_network.go | 16 ---------------- pkg/kubelet/kubelet_network_linux.go | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/pkg/kubelet/kubelet_network.go b/pkg/kubelet/kubelet_network.go index 5b68d10efb4..bacbc27c7ff 100644 --- a/pkg/kubelet/kubelet_network.go +++ b/pkg/kubelet/kubelet_network.go @@ -22,22 +22,6 @@ import ( "k8s.io/api/core/v1" runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" "k8s.io/klog/v2" - utiliptables "k8s.io/kubernetes/pkg/util/iptables" -) - -const ( - // KubeMarkMasqChain is the mark-for-masquerade chain - // TODO: clean up this logic in kube-proxy - KubeMarkMasqChain utiliptables.Chain = "KUBE-MARK-MASQ" - - // KubeMarkDropChain is the mark-for-drop chain - KubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" - - // KubePostroutingChain is kubernetes postrouting rules - KubePostroutingChain utiliptables.Chain = "KUBE-POSTROUTING" - - // KubeFirewallChain is kubernetes firewall rules - KubeFirewallChain utiliptables.Chain = "KUBE-FIREWALL" ) // providerRequiresNetworkingConfiguration returns whether the cloud provider diff --git a/pkg/kubelet/kubelet_network_linux.go b/pkg/kubelet/kubelet_network_linux.go index 2aee3fb540c..613275c57f1 100644 --- a/pkg/kubelet/kubelet_network_linux.go +++ b/pkg/kubelet/kubelet_network_linux.go @@ -30,6 +30,21 @@ import ( utilnet "k8s.io/utils/net" ) +const ( + // KubeMarkMasqChain is the mark-for-masquerade chain + // TODO: clean up this logic in kube-proxy + KubeMarkMasqChain utiliptables.Chain = "KUBE-MARK-MASQ" + + // KubeMarkDropChain is the mark-for-drop chain + KubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" + + // KubePostroutingChain is kubernetes postrouting rules + KubePostroutingChain utiliptables.Chain = "KUBE-POSTROUTING" + + // KubeFirewallChain is kubernetes firewall rules + KubeFirewallChain utiliptables.Chain = "KUBE-FIREWALL" +) + func (kl *Kubelet) initNetworkUtil() { exec := utilexec.New() // TODO: @khenidak review when there is no IPv6 iptables exec what should happen here (note: no error returned from this func)