scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 11:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

kube-proxy ensure KUBE-MARK-DROP exist but not modify their rules

Browse Source
This commit is contained in:
Lion-Wei
2020-09-11 17:41:49 +08:00
parent b3d4b8ed8a
commit 1f7ea16560
2 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/proxy/ipvs/proxier.go
View File

@@ -117,10 +117,16 @@ var iptablesChains = []struct {
{utiliptables.TableNAT, KubeNodePortChain},
{utiliptables.TableNAT, KubeLoadBalancerChain},
{utiliptables.TableNAT, KubeMarkMasqChain},
{utiliptables.TableNAT, KubeMarkDropChain},
{utiliptables.TableFilter, KubeForwardChain},
}
var iptablesEnsureChains = []struct {
table utiliptables.Table
chain utiliptables.Chain
}{
{utiliptables.TableNAT, KubeMarkDropChain},
}
var iptablesCleanupChains = []struct {
table utiliptables.Table
chain utiliptables.Chain
@@ -1858,6 +1864,14 @@ func (proxier *Proxier) createAndLinkeKubeChain() {
existingFilterChains := proxier.getExistingChains(proxier.filterChainsData, utiliptables.TableFilter)
existingNATChains := proxier.getExistingChains(proxier.iptablesData, utiliptables.TableNAT)
// ensure KUBE-MARK-DROP chain exist but do not change any rules
for _, ch := range iptablesEnsureChains {
if _, err := proxier.iptables.EnsureChain(ch.table, ch.chain); err != nil {
klog.Errorf("Failed to ensure that %s chain %s exists: %v", ch.table, ch.chain, err)
return
}
}
// Make sure we keep stats for the top-level chains
for _, ch := range iptablesChains {
if _, err := proxier.iptables.EnsureChain(ch.table, ch.chain); err != nil {