github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 13:07:07 +00:00
Code Issues Projects Releases Wiki Activity

ipvs loadbalance

Browse Source
This commit is contained in:
Lion-Wei 2018-03-13 16:10:26 +08:00
parent f8134deb63
commit dce97b165e
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/proxy/ipvs/proxier.go
View File

@ -1145,10 +1145,13 @@ func (proxier *Proxier) syncProxyRules() {
} }
if !proxier.lbWhiteListCIDRSet.isEmpty() || !proxier.lbWhiteListIPSet.isEmpty() { if !proxier.lbWhiteListCIDRSet.isEmpty() || !proxier.lbWhiteListIPSet.isEmpty() {
// link kube-services chain -> kube-fire-wall chain // link kube-services chain -> kube-fire-wall chain
args := []string{"-m", "set", "--match-set", proxier.lbIngressSet.Name, "dst,dst", "-j", string(KubeFireWallChain)} args := []string{
if _, err := proxier.iptables.EnsureRule(utiliptables.Append, utiliptables.TableNAT, kubeServicesChain, args...); err != nil { "-A", string(kubeServicesChain),
glog.Errorf("Failed to ensure that ipset %s chain %s jumps to %s: %v", proxier.lbIngressSet.Name, kubeServicesChain, KubeFireWallChain, err) "-m", "set", "--match-set", proxier.lbIngressSet.Name,
"dst,dst",
"-j", string(KubeFireWallChain),
} }
writeLine(proxier.natRules, args...)
if !proxier.lbWhiteListCIDRSet.isEmpty() { if !proxier.lbWhiteListCIDRSet.isEmpty() {
args = append(args[:0], args = append(args[:0],
"-A", string(KubeFireWallChain), "-A", string(KubeFireWallChain),