From e496085bd3423b99ef42dff6174c94eabc42b2cd Mon Sep 17 00:00:00 2001
From: Lars Ekman <lars.g.ekman@est.tech>
Date: Tue, 2 May 2023 15:51:22 +0200
Subject: [PATCH] Kube-proxy/ipvs: accept access to healthCheckNodePort on LbIP

---
 pkg/proxy/ipvs/proxier.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go
index 7c5152f34aa..b2a9f6912bb 100644
--- a/pkg/proxy/ipvs/proxier.go
+++ b/pkg/proxy/ipvs/proxier.go
@@ -1694,6 +1694,9 @@ func (proxier *Proxier) writeIptablesRules() {
 	proxier.filterRules.Write(
 		"-A", string(kubeIPVSFilterChain),
 		"-m", "set", "--match-set", proxier.ipsetList[kubeExternalIPSet].Name, "dst,dst", "-j", "RETURN")
+	proxier.filterRules.Write(
+		"-A", string(kubeIPVSFilterChain),
+		"-m", "set", "--match-set", proxier.ipsetList[kubeHealthCheckNodePortSet].Name, "dst", "-j", "RETURN")
 	proxier.filterRules.Write(
 		"-A", string(kubeIPVSFilterChain),
 		"-m", "conntrack", "--ctstate", "NEW",