Fix #12596

Fix for https://github.com/kubernetes/kubernetes/issues/12596 Disconnect the pure-iptables proxy’s services chain when starting the userspace proxy.
2015-08-12 15:01:24 -04:00 · 2015-08-12 15:01:24 -04:00 · 8006a39cc3
parent 098dc407d6
commit 8006a39cc3
1 changed files with 15 additions and 0 deletions
--- a/pkg/proxy/userspace/proxier.go
+++ b/pkg/proxy/userspace/proxier.go
@ -131,6 +131,8 @@ func createProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptables
 	if proxyPorts == nil {
 		proxyPorts = newPortAllocator(util.PortRange{})
 	}
+	glog.V(2).Info("Tearing down pure-iptables proxy rules. Errors here are acceptable.")
+	tearDownIptablesProxierRules(iptables)
 	// Set up the iptables foundations we need.
 	if err := iptablesInit(iptables); err != nil {
 		return nil, fmt.Errorf("failed to initialize iptables: %v", err)
@ -151,6 +153,19 @@ func createProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptables
 	}, nil
 }

+// remove the iptables rules from the pure iptables Proxier
+func tearDownIptablesProxierRules(ipt iptables.Interface) {
+	//TODO: actually tear down all rules and chains.
+	//NOTE: this needs to be kept in sync with the proxy/iptables Proxier's rules.
+	args := []string{"-j", "KUBE-SERVICES"}
+	if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainOutput, args...); err != nil {
+		glog.Errorf("Error removing pure-iptables proxy rule: %v", err)
+	}
+	if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainPrerouting, args...); err != nil {
+		glog.Errorf("Error removing pure-iptables proxy rule: %v", err)
+	}
+}
+
 // The periodic interval for checking the state of things.
 const syncInterval = 5 * time.Second