mirror of https://github.com/k3s-io/k3s
4492337dbf
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. ipvs: add addrtype match for nodeport **What this PR does / why we need it**: before this PR: ``` -A KUBE-SERVICES -m comment --comment "Kubernetes nodeport TCP port for masquerade purpose" -m set --match-set KUBE-NODE-PORT-TCP dst -j KUBE-NODE-PORT -A KUBE-SERVICES -m comment --comment "Kubernetes service cluster ip + port for masquerade purpose" -m set --match-set KUBE-CLUSTER-IP dst,dst -j KUBE-MARK-MASQ -A KUBE-SERVICES -m set --match-set KUBE-CLUSTER-IP dst,dst -j ACCEPT -A KUBE-NODE-PORT -p tcp -m comment --comment "Kubernetes nodeport TCP port with externalTrafficPolicy=local" -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j RETURN -A KUBE-NODE-PORT -j KUBE-MARK-MASQ ``` after this PR: ``` -A KUBE-NODE-PORT -p tcp -m comment --comment "Kubernetes nodeport TCP port with externalTrafficPolicy=local" -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j RETURN -A KUBE-NODE-PORT -p tcp -m comment --comment "Kubernetes nodeport TCP port for masquerade purpose" -m set --match-set KUBE-NODE-PORT-TCP dst -j KUBE-MARK-MASQ -A KUBE-SERVICES -m comment --comment "Kubernetes service cluster ip + port for masquerade purpose" -m set --match-set KUBE-CLUSTER-IP dst,dst -j KUBE-MARK-MASQ -A KUBE-SERVICES -m set --match-set KUBE-CLUSTER-IP dst,dst -j ACCEPT -A KUBE-SERVICES -m addrtype --dst-type LOCAL -j KUBE-NODE-PORT ``` **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #65459 **Special notes for your reviewer**: manually tested cases: - ClusterIP distributed to pod on same node - ClusterIP distributed to pod on other node - NodePort distributed to pod on same node - NodePort distributed to pod on other node **Release note**: ```release-note ``` |
||
|---|---|---|
| .. | ||
| api | ||
| apis | ||
| auth | ||
| capabilities | ||
| client | ||
| cloudprovider | ||
| controller | ||
| credentialprovider | ||
| features | ||
| fieldpath | ||
| generated | ||
| kubeapiserver | ||
| kubectl | ||
| kubelet | ||
| kubemark | ||
| master | ||
| printers | ||
| probe | ||
| proxy | ||
| quota | ||
| registry | ||
| routes | ||
| scheduler | ||
| security | ||
| securitycontext | ||
| serviceaccount | ||
| ssh | ||
| util | ||
| version | ||
| volume | ||
| watch/json | ||
| windows/service | ||
| .import-restrictions | ||
| BUILD | ||
| OWNERS | ||