Merge pull request #77298 from JieJhih/iptables/endpoints

combine two logics avoid for range the same thing
2025-07-23 19:56:01 +00:00 · 2019-05-01 13:15:10 -07:00 · 2019-05-01 13:15:10 -07:00 · b6860f7f24
commit b6860f7f24
parent 5bfa8f3c89 176d49300d
1 changed files with 9 additions and 11 deletions
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@ -1152,7 +1152,16 @@ func (proxier *Proxier) syncProxyRules() {

 		// Now write loadbalancing & DNAT rules.
 		n := len(endpointChains)
+		localEndpoints := make([]*endpointsInfo, 0)
+		localEndpointChains := make([]utiliptables.Chain, 0)
 		for i, endpointChain := range endpointChains {
+			// Write ingress loadbalancing & DNAT rules only for services that request OnlyLocal traffic.
+			if svcInfo.OnlyNodeLocalEndpoints && endpoints[i].IsLocal {
+				// These slices parallel each other; must be kept in sync
+				localEndpoints = append(localEndpoints, endpoints[i])
+				localEndpointChains = append(localEndpointChains, endpointChains[i])
+			}
+
 			epIP := endpoints[i].IP()
 			if epIP == "" {
 				// Error parsing this endpoint has been logged. Skip to next endpoint.
@ -1193,17 +1202,6 @@ func (proxier *Proxier) syncProxyRules() {
 			continue
 		}

-		// Now write ingress loadbalancing & DNAT rules only for services that request OnlyLocal traffic.
-		// TODO - This logic may be combinable with the block above that creates the svc balancer chain
-		localEndpoints := make([]*endpointsInfo, 0)
-		localEndpointChains := make([]utiliptables.Chain, 0)
-		for i := range endpointChains {
-			if endpoints[i].IsLocal {
-				// These slices parallel each other; must be kept in sync
-				localEndpoints = append(localEndpoints, endpoints[i])
-				localEndpointChains = append(localEndpointChains, endpointChains[i])
-			}
-		}
 		// First rule in the chain redirects all pod -> external VIP traffic to the
 		// Service's ClusterIP instead. This happens whether or not we have local
 		// endpoints; only if clusterCIDR is specified