diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 2c89eb0b534..a4f8dc8ef76 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -613,6 +613,18 @@ func (proxier *Proxier) deleteEndpointConnections(connectionMap []proxy.ServiceE if err != nil { klog.Errorf("Failed to delete %s endpoint connections, error: %v", epSvcPair.ServicePortName.String(), err) } + for _, extIP := range svcInfo.ExternalIPStrings() { + err := conntrack.ClearEntriesForNAT(proxier.exec, extIP, endpointIP, v1.ProtocolUDP) + if err != nil { + klog.Errorf("Failed to delete %s endpoint connections for externalIP %s, error: %v", epSvcPair.ServicePortName.String(), extIP, err) + } + } + for _, lbIP := range svcInfo.LoadBalancerIPStrings() { + err := conntrack.ClearEntriesForNAT(proxier.exec, lbIP, endpointIP, v1.ProtocolUDP) + if err != nil { + klog.Errorf("Failed to delete %s endpoint connections for LoabBalancerIP %s, error: %v", epSvcPair.ServicePortName.String(), lbIP, err) + } + } } } } diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index c8cf3c35bf8..49c32a0ca8b 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -1499,6 +1499,18 @@ func (proxier *Proxier) deleteEndpointConnections(connectionMap []proxy.ServiceE if err != nil { klog.Errorf("Failed to delete %s endpoint connections, error: %v", epSvcPair.ServicePortName.String(), err) } + for _, extIP := range svcInfo.ExternalIPStrings() { + err := conntrack.ClearEntriesForNAT(proxier.exec, extIP, endpointIP, v1.ProtocolUDP) + if err != nil { + klog.Errorf("Failed to delete %s endpoint connections for externalIP %s, error: %v", epSvcPair.ServicePortName.String(), extIP, err) + } + } + for _, lbIP := range svcInfo.LoadBalancerIPStrings() { + err := conntrack.ClearEntriesForNAT(proxier.exec, lbIP, endpointIP, v1.ProtocolUDP) + if err != nil { + klog.Errorf("Failed to delete %s endpoint connections for LoabBalancerIP %s, error: %v", epSvcPair.ServicePortName.String(), lbIP, err) + } + } } } } diff --git a/pkg/proxy/service.go b/pkg/proxy/service.go index 7de51df1aef..2d5bd352f53 100644 --- a/pkg/proxy/service.go +++ b/pkg/proxy/service.go @@ -79,6 +79,20 @@ func (info *BaseServiceInfo) GetNodePort() int { return info.NodePort } +// ExternalIPStrings is part of ServicePort interface. +func (info *BaseServiceInfo) ExternalIPStrings() []string { + return info.ExternalIPs +} + +// LoadBalancerIPStrings is part of ServicePort interface. +func (info *BaseServiceInfo) LoadBalancerIPStrings() []string { + var ips []string + for _, ing := range info.LoadBalancerStatus.Ingress { + ips = append(ips, ing.IP) + } + return ips +} + func (sct *ServiceChangeTracker) newBaseServiceInfo(port *v1.ServicePort, service *v1.Service) *BaseServiceInfo { onlyNodeLocalEndpoints := false if apiservice.RequestsOnlyLocalTraffic(service) { diff --git a/pkg/proxy/types.go b/pkg/proxy/types.go index f77f9ed0f36..b7d8b1654a9 100644 --- a/pkg/proxy/types.go +++ b/pkg/proxy/types.go @@ -50,6 +50,10 @@ type ServicePort interface { String() string // ClusterIPString returns service cluster IP in string format. ClusterIPString() string + // ExternalIPStrings returns service ExternalIPs as a string array. + ExternalIPStrings() []string + // LoadBalancerIPStrings returns service LoadBalancerIPs as a string array. + LoadBalancerIPStrings() []string // GetProtocol returns service protocol. GetProtocol() v1.Protocol // GetHealthCheckNodePort returns service health check node port if present. If return 0, it means not present.