Skip to content

Commit c90b295

Browse files
liuxu623liuxu623
committed
don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier
1 parent cd5bc3c commit c90b295

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

pkg/proxy/iptables/proxier.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -408,7 +408,7 @@ func CleanupLeftovers(ipt utiliptables.Interface) (encounteredError bool) {
408408
natRules := bytes.NewBuffer(nil)
409409
writeLine(natChains, "*nat")
410410
// Start with chains we know we need to remove.
411-
for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain, KubeMarkMasqChain} {
411+
for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain} {
412412
if _, found := existingNATChains[chain]; found {
413413
chainString := string(chain)
414414
writeBytesLine(natChains, existingNATChains[chain]) // flush

pkg/proxy/ipvs/proxier.go

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,18 @@ var iptablesChains = []struct {
111111
{utiliptables.TableFilter, KubeForwardChain},
112112
}
113113

114+
var iptablesCleanupChains = []struct {
115+
table utiliptables.Table
116+
chain utiliptables.Chain
117+
}{
118+
{utiliptables.TableNAT, kubeServicesChain},
119+
{utiliptables.TableNAT, kubePostroutingChain},
120+
{utiliptables.TableNAT, KubeFireWallChain},
121+
{utiliptables.TableNAT, KubeNodePortChain},
122+
{utiliptables.TableNAT, KubeLoadBalancerChain},
123+
{utiliptables.TableFilter, KubeForwardChain},
124+
}
125+
114126
// ipsetInfo is all ipset we needed in ipvs proxier
115127
var ipsetInfo = []struct {
116128
name string
@@ -639,7 +651,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
639651
}
640652

641653
// Flush and remove all of our chains. Flushing all chains before removing them also removes all links between chains first.
642-
for _, ch := range iptablesChains {
654+
for _, ch := range iptablesCleanupChains {
643655
if err := ipt.FlushChain(ch.table, ch.chain); err != nil {
644656
if !utiliptables.IsNotFoundError(err) {
645657
klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)
@@ -649,7 +661,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
649661
}
650662

651663
// Remove all of our chains.
652-
for _, ch := range iptablesChains {
664+
for _, ch := range iptablesCleanupChains {
653665
if err := ipt.DeleteChain(ch.table, ch.chain); err != nil {
654666
if !utiliptables.IsNotFoundError(err) {
655667
klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)

0 commit comments

Comments
 (0)