From a3b7f219a10efc2ee081dd8de43d9585c14a25b5 Mon Sep 17 00:00:00 2001 From: Johannes Scheerer Date: Mon, 4 Apr 2022 16:10:06 +0200 Subject: [PATCH] Cleanup KUBE-NODE-PORT chain in filter table. When cleaning up iptables rules and ipsets used by kube-proxy in IPVS mode iptables chain KUBE-NODE-PORT needs to be deleted before ipset KUBE-HEALTH-CHECK-NODE-PORT can be removed. Therefore, deletion of iptables chain KUBE-NODE-PORT is added in this change. --- pkg/proxy/ipvs/proxier.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 28c76622f96..6dcfc2533cf 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -143,6 +143,7 @@ var iptablesCleanupChains = []struct { {utiliptables.TableNAT, KubeNodePortChain}, {utiliptables.TableNAT, KubeLoadBalancerChain}, {utiliptables.TableFilter, KubeForwardChain}, + {utiliptables.TableFilter, KubeNodePortChain}, } // ipsetInfo is all ipset we needed in ipvs proxier