From c3548165d5dacd25a12896bacd0f8b6f71c55510 Mon Sep 17 00:00:00 2001 From: Jacob Tanenbaum Date: Mon, 11 Mar 2019 11:39:57 -0400 Subject: [PATCH] Clear conntrack entries on 0 -> 1 endpoint transition with externalIPs As part of the endpoint creation process when going from 0 -> 1 conntrack entries are cleared. This is to prevent an existing conntrack entry from preventing traffic to the service. Currently the system ignores the existance of the services external IP addresses, which exposes that errant behavior This adds the externalIP addresses of udp services to the list of conntrack entries that get cleared. Allowing traffic to flow Signed-off-by: Jacob Tanenbaum --- pkg/proxy/iptables/proxier.go | 3 +++ pkg/proxy/ipvs/proxier.go | 3 +++ 2 files changed, 6 insertions(+) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index a4f8dc8ef7..ab7c4ffe37 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -673,6 +673,9 @@ func (proxier *Proxier) syncProxyRules() { if svcInfo, ok := proxier.serviceMap[svcPortName]; ok && svcInfo != nil && svcInfo.GetProtocol() == v1.ProtocolUDP { klog.V(2).Infof("Stale udp service %v -> %s", svcPortName, svcInfo.ClusterIPString()) staleServices.Insert(svcInfo.ClusterIPString()) + for _, extIP := range svcInfo.ExternalIPStrings() { + staleServices.Insert(extIP) + } } } diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 49c32a0ca8..aa42fa73b8 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -741,6 +741,9 @@ func (proxier *Proxier) syncProxyRules() { if svcInfo, ok := proxier.serviceMap[svcPortName]; ok && svcInfo != nil && svcInfo.GetProtocol() == v1.ProtocolUDP { klog.V(2).Infof("Stale udp service %v -> %s", svcPortName, svcInfo.ClusterIPString()) staleServices.Insert(svcInfo.ClusterIPString()) + for _, extIP := range svcInfo.ExternalIPStrings() { + staleServices.Insert(extIP) + } } }