From dbb5438b330fd31de7d8321af5e022959819484e Mon Sep 17 00:00:00 2001 From: Lion-Wei Date: Sat, 19 Sep 2020 17:44:38 +0800 Subject: [PATCH] fix kube-proxy cleanup --- cmd/kube-proxy/app/server.go | 17 +++++++++--- cmd/kube-proxy/app/server_others.go | 43 ++++++++++++++--------------- 2 files changed, 34 insertions(+), 26 deletions(-) diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go index 6976b9cae0e..ce054597ec4 100644 --- a/cmd/kube-proxy/app/server.go +++ b/cmd/kube-proxy/app/server.go @@ -801,11 +801,20 @@ func getConntrackMax(config kubeproxyconfig.KubeProxyConntrackConfiguration) (in return 0, nil } -// CleanupAndExit remove iptables rules and exit if success return nil +// CleanupAndExit remove iptables rules and ipset/ipvs rules in ipvs proxy mode +// and exit if success return nil func (s *ProxyServer) CleanupAndExit() error { - encounteredError := userspace.CleanupLeftovers(s.IptInterface) - encounteredError = iptables.CleanupLeftovers(s.IptInterface) || encounteredError - encounteredError = ipvs.CleanupLeftovers(s.IpvsInterface, s.IptInterface, s.IpsetInterface, s.CleanupIPVS) || encounteredError + // cleanup IPv6 and IPv4 iptables rules + ipts := []utiliptables.Interface{ + utiliptables.New(s.execer, utiliptables.ProtocolIPv4), + utiliptables.New(s.execer, utiliptables.ProtocolIPv6), + } + var encounteredError bool + for _, ipt := range ipts { + encounteredError = userspace.CleanupLeftovers(ipt) || encounteredError + encounteredError = iptables.CleanupLeftovers(ipt) || encounteredError + encounteredError = ipvs.CleanupLeftovers(s.IpvsInterface, ipt, s.IpsetInterface, s.CleanupIPVS) || encounteredError + } if encounteredError { return errors.New("encountered an error while tearing down rules") } diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index eb69ea27fb9..614dd61d460 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -91,26 +91,6 @@ func newProxyServer( return nil, fmt.Errorf("unable to register configz: %s", err) } - hostname, err := utilnode.GetHostname(config.HostnameOverride) - if err != nil { - return nil, err - } - - client, eventClient, err := createClients(config.ClientConnection, master) - if err != nil { - return nil, err - } - - nodeIP := detectNodeIP(client, hostname, config.BindAddress) - - protocol := utiliptables.ProtocolIPv4 - if utilsnet.IsIPv6(nodeIP) { - klog.V(0).Infof("kube-proxy node IP is an IPv6 address (%s), assume IPv6 operation", nodeIP.String()) - protocol = utiliptables.ProtocolIPv6 - } else { - klog.V(0).Infof("kube-proxy node IP is an IPv4 address (%s), assume IPv4 operation", nodeIP.String()) - } - var iptInterface utiliptables.Interface var ipvsInterface utilipvs.Interface var kernelHandler ipvs.KernelHandler @@ -119,7 +99,6 @@ func newProxyServer( // Create a iptables utils. execer := exec.New() - iptInterface = utiliptables.New(execer, protocol) kernelHandler = ipvs.NewLinuxKernelHandler() ipsetInterface = utilipset.New(execer) canUseIPVS, err := ipvs.CanUseIPVSProxier(kernelHandler, ipsetInterface) @@ -135,7 +114,6 @@ func newProxyServer( if cleanupAndExit { return &ProxyServer{ execer: execer, - IptInterface: iptInterface, IpvsInterface: ipvsInterface, IpsetInterface: ipsetInterface, }, nil @@ -145,6 +123,27 @@ func newProxyServer( metrics.SetShowHidden() } + hostname, err := utilnode.GetHostname(config.HostnameOverride) + if err != nil { + return nil, err + } + + client, eventClient, err := createClients(config.ClientConnection, master) + if err != nil { + return nil, err + } + + nodeIP := detectNodeIP(client, hostname, config.BindAddress) + protocol := utiliptables.ProtocolIPv4 + if utilsnet.IsIPv6(nodeIP) { + klog.V(0).Infof("kube-proxy node IP is an IPv6 address (%s), assume IPv6 operation", nodeIP.String()) + protocol = utiliptables.ProtocolIPv6 + } else { + klog.V(0).Infof("kube-proxy node IP is an IPv4 address (%s), assume IPv4 operation", nodeIP.String()) + } + + iptInterface = utiliptables.New(execer, protocol) + // Create event recorder eventBroadcaster := record.NewBroadcaster() recorder := eventBroadcaster.NewRecorder(proxyconfigscheme.Scheme, v1.EventSource{Component: "kube-proxy", Host: hostname})