github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #32413 from freehan/hostportfix

Browse Source 
Automatic merge from submit-queue

Fix a bug in kubelet hostport logic which flushes KUBE-MARK-MASQ iptables chain

Fixes #32415
This commit is contained in:
Kubernetes Submit Queue 2016-09-09 16:15:26 -07:00 committed by GitHub
commit e43f605759
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/kubelet/network/hostport/hostport.go
View File

@ -251,14 +251,6 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
} else { } else {
writeLine(natChains, utiliptables.MakeChainLine(kubeHostportsChain)) writeLine(natChains, utiliptables.MakeChainLine(kubeHostportsChain))
} }
// Assuming the node is running kube-proxy in iptables mode
// Reusing kube-proxy's KubeMarkMasqChain for SNAT
// TODO: let kubelet manage KubeMarkMasqChain. Other components should just be able to use it
if chain, ok := existingNATChains[iptablesproxy.KubeMarkMasqChain]; ok {
writeLine(natChains, chain)
} else {
writeLine(natChains, utiliptables.MakeChainLine(iptablesproxy.KubeMarkMasqChain))
}
// Accumulate NAT chains to keep. // Accumulate NAT chains to keep.
activeNATChains := map[utiliptables.Chain]bool{} // use a map as a set activeNATChains := map[utiliptables.Chain]bool{} // use a map as a set
@ -284,6 +276,7 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
} }
writeLine(natRules, args...) writeLine(natRules, args...)
// Assuming kubelet is syncing iptables KUBE-MARK-MASQ chain
// If the request comes from the pod that is serving the hostport, then SNAT // If the request comes from the pod that is serving the hostport, then SNAT
args = []string{ args = []string{
"-A", string(hostportChain), "-A", string(hostportChain),