github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix a bug in hostport where it flushes KUBE-MARK-MASQ chain

pull/6/head
Minhan Xia 2016-09-09 14:39:47 -07:00
parent 9d06efb2d1
commit 118ebd57aa
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/kubelet/network/hostport/hostport.go
View File

@ -251,14 +251,6 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
} else {
writeLine(natChains, utiliptables.MakeChainLine(kubeHostportsChain))
}
// Assuming the node is running kube-proxy in iptables mode
// Reusing kube-proxy's KubeMarkMasqChain for SNAT
// TODO: let kubelet manage KubeMarkMasqChain. Other components should just be able to use it
if chain, ok := existingNATChains[iptablesproxy.KubeMarkMasqChain]; ok {
writeLine(natChains, chain)
} else {
writeLine(natChains, utiliptables.MakeChainLine(iptablesproxy.KubeMarkMasqChain))
}
// Accumulate NAT chains to keep.
activeNATChains := map[utiliptables.Chain]bool{} // use a map as a set
@ -284,6 +276,7 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
}
writeLine(natRules, args...)
// Assuming kubelet is syncing iptables KUBE-MARK-MASQ chain
// If the request comes from the pod that is serving the hostport, then SNAT
args = []string{
"-A", string(hostportChain),