Skip to content

Commit 454e8e6

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#80514 from liuxu623/master
don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier
2 parents 37016c3 + c90b295 commit 454e8e6

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

pkg/proxy/iptables/proxier.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -371,7 +371,7 @@ func CleanupLeftovers(ipt utiliptables.Interface) (encounteredError bool) {
371371
natRules := bytes.NewBuffer(nil)
372372
writeLine(natChains, "*nat")
373373
// Start with chains we know we need to remove.
374-
for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain, KubeMarkMasqChain} {
374+
for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain} {
375375
if _, found := existingNATChains[chain]; found {
376376
chainString := string(chain)
377377
writeBytesLine(natChains, existingNATChains[chain]) // flush

pkg/proxy/ipvs/proxier.go

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,18 @@ var iptablesChains = []struct {
111111
{utiliptables.TableFilter, KubeForwardChain},
112112
}
113113

114+
var iptablesCleanupChains = []struct {
115+
table utiliptables.Table
116+
chain utiliptables.Chain
117+
}{
118+
{utiliptables.TableNAT, kubeServicesChain},
119+
{utiliptables.TableNAT, kubePostroutingChain},
120+
{utiliptables.TableNAT, KubeFireWallChain},
121+
{utiliptables.TableNAT, KubeNodePortChain},
122+
{utiliptables.TableNAT, KubeLoadBalancerChain},
123+
{utiliptables.TableFilter, KubeForwardChain},
124+
}
125+
114126
// ipsetInfo is all ipset we needed in ipvs proxier
115127
var ipsetInfo = []struct {
116128
name string
@@ -639,7 +651,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
639651
}
640652

641653
// Flush and remove all of our chains. Flushing all chains before removing them also removes all links between chains first.
642-
for _, ch := range iptablesChains {
654+
for _, ch := range iptablesCleanupChains {
643655
if err := ipt.FlushChain(ch.table, ch.chain); err != nil {
644656
if !utiliptables.IsNotFoundError(err) {
645657
klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)
@@ -649,7 +661,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
649661
}
650662

651663
// Remove all of our chains.
652-
for _, ch := range iptablesChains {
664+
for _, ch := range iptablesCleanupChains {
653665
if err := ipt.DeleteChain(ch.table, ch.chain); err != nil {
654666
if !utiliptables.IsNotFoundError(err) {
655667
klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)

0 commit comments

Comments
 (0)