Correctly Clear conntrack entrty on endpoint changes when using nodeport

When using NodePort to connect to an endpoint using UDP, if the endpoint is deleted on restoration of the endpoint traffic does not flow. This happens because conntrack holds the state of the connection and the proxy does not correctly clear the conntrack entry for the stale endpoint. Introduced a new function to conntrack ClearEntriesForPortNAT that uses the endpointIP and NodePort to remove the stale conntrack entry and allow traffic to resume when the endpoint is restored. Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
2018-11-29 11:46:12 -05:00
parent 527d1c34cc
commit 144280e7a7
5 changed files with 77 additions and 1 deletions
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@@ -607,7 +607,13 @@ func (proxier *Proxier) deleteEndpointConnections(connectionMap []proxy.ServiceE
 	for _, epSvcPair := range connectionMap {
 		if svcInfo, ok := proxier.serviceMap[epSvcPair.ServicePortName]; ok && svcInfo.GetProtocol() == v1.ProtocolUDP {
 			endpointIP := utilproxy.IPPart(epSvcPair.Endpoint)
-			err := conntrack.ClearEntriesForNAT(proxier.exec, svcInfo.ClusterIPString(), endpointIP, v1.ProtocolUDP)
+			nodePort := svcInfo.GetNodePort()
+			var err error
+			if nodePort != 0 {
+				err = conntrack.ClearEntriesForPortNAT(proxier.exec, endpointIP, nodePort, v1.ProtocolUDP)
+			} else {
+				err = conntrack.ClearEntriesForNAT(proxier.exec, svcInfo.ClusterIPString(), endpointIP, v1.ProtocolUDP)
+			}
 			if err != nil {
 				klog.Errorf("Failed to delete %s endpoint connections, error: %v", epSvcPair.ServicePortName.String(), err)
 			}