github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-14 14:23:37 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #118088 from danwinship/kube-proxy-belated-cleanup

Browse Source 
belated cleanup of some kube-proxy stuff for old versions
This commit is contained in:
Kubernetes Prow Robot 2023-05-18 13:18:34 -07:00 committed by GitHub
commit b2a1855f2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/proxy/iptables/proxier.go
View File

@ -383,10 +383,9 @@ var iptablesKubeletJumpChains = []iptablesJumpChain{
{utiliptables.TableNAT, kubePostroutingChain, utiliptables.ChainPostrouting, "kubernetes postrouting rules", nil}, {utiliptables.TableNAT, kubePostroutingChain, utiliptables.ChainPostrouting, "kubernetes postrouting rules", nil},
} }
var iptablesCleanupOnlyChains = []iptablesJumpChain{ // When chains get removed from iptablesJumpChains, add them here so they get cleaned up
// Present in kube 1.13 - 1.19. Removed by #95252 in favor of adding reject rules for incoming/forwarding packets to kubeExternalServicesChain // on upgrade.
{utiliptables.TableFilter, kubeServicesChain, utiliptables.ChainInput, "kubernetes service portals", []string{"-m", "conntrack", "--ctstate", "NEW"}}, var iptablesCleanupOnlyChains = []iptablesJumpChain{}
}
// CleanupLeftovers removes all iptables rules and chains created by the Proxier // CleanupLeftovers removes all iptables rules and chains created by the Proxier
// It returns true if an error was encountered. Errors are logged. // It returns true if an error was encountered. Errors are logged.
@ -682,9 +681,6 @@ const (
serviceFirewallChainNamePrefix = "KUBE-FW-" serviceFirewallChainNamePrefix = "KUBE-FW-"
serviceExternalChainNamePrefix = "KUBE-EXT-" serviceExternalChainNamePrefix = "KUBE-EXT-"
servicePortEndpointChainNamePrefix = "KUBE-SEP-" servicePortEndpointChainNamePrefix = "KUBE-SEP-"
// For cleanup. This can be removed after 1.26 is released.
deprecatedServiceLBChainNamePrefix = "KUBE-XLB-"
) )
// servicePortPolicyClusterChain returns the name of the KUBE-SVC-XXXX chain for a service, which is the // servicePortPolicyClusterChain returns the name of the KUBE-SVC-XXXX chain for a service, which is the
@ -730,7 +726,6 @@ func isServiceChainName(chainString string) bool {
servicePortEndpointChainNamePrefix, servicePortEndpointChainNamePrefix,
serviceFirewallChainNamePrefix, serviceFirewallChainNamePrefix,
serviceExternalChainNamePrefix, serviceExternalChainNamePrefix,
deprecatedServiceLBChainNamePrefix,
} }
for _, p := range prefixes { for _, p := range prefixes {