mirror of https://github.com/k3s-io/k3s
c11ae9d21e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Only run connection-rejecting rules on new connections Kube-proxy has two iptables chains full of rules to reject incoming connections to services that don't have any endpoints. Currently these rules get tested against all incoming packets, but that's unnecessary; if a connection to a given service has already been established, then we can't have been rejecting connections to that service. By only checking the first packet in each new connection, we can get rid of a lot of unnecessary checks on incoming traffic. Fixes #56842 **Release note**: ```release-note Additional changes to iptables kube-proxy backend to improve performance on clusters with very large numbers of services. ``` |
||
|---|---|---|
| .. | ||
| apis/kubeproxyconfig | ||
| config | ||
| healthcheck | ||
| iptables | ||
| ipvs | ||
| metrics | ||
| userspace | ||
| util | ||
| winkernel | ||
| winuserspace | ||
| BUILD | ||
| OWNERS | ||
| doc.go | ||
| endpoints.go | ||
| endpoints_test.go | ||
| service.go | ||
| service_test.go | ||
| types.go | ||