Correctly fix clearing conntrack entry on endpoint changes (nodeport)

A previous PR (#71573) intended to clear conntrack entry on endpoint changes when using nodeport by introducing a dedicated function to remove the stale conntrack entry on the node port and allow traffic to resume. By doing so, it has introduced a nodeport specific bug where the conntrack entries related to the ClusterIP does not get clean if endpoint is changed (issue #96174). We fix by doing ClusterIP cleanup in all cases.
2025-07-30 15:05:27 +00:00 · 2020-11-05 09:45:17 +01:00 · 2020-11-05 09:45:17 +01:00 · fdee7b2faa
commit fdee7b2faa
parent 8bdd10b7d7
1 changed files with 4 additions and 2 deletions
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@ -768,9 +768,11 @@ func (proxier *Proxier) deleteEndpointConnections(connectionMap []proxy.ServiceE
 			var err error
 			if nodePort != 0 {
 				err = conntrack.ClearEntriesForPortNAT(proxier.exec, endpointIP, nodePort, svcProto)
-			} else {
-				err = conntrack.ClearEntriesForNAT(proxier.exec, svcInfo.ClusterIP().String(), endpointIP, svcProto)
+				if err != nil {
+					klog.Errorf("Failed to delete nodeport-related %s endpoint connections, error: %v", epSvcPair.ServicePortName.String(), err)
+				}
 			}
+			err = conntrack.ClearEntriesForNAT(proxier.exec, svcInfo.ClusterIP().String(), endpointIP, svcProto)
 			if err != nil {
 				klog.Errorf("Failed to delete %s endpoint connections, error: %v", epSvcPair.ServicePortName.String(), err)
 			}