github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clarify kubelet/kube-proxy iptables rule skew constraints

Browse Source
This commit is contained in:
Dan Winship
2023-04-13 13:54:52 -04:00
parent 139a2c54a2
commit 2bb35e08f4
3 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/proxy/ipvs/proxier.go
View File

@@ -1734,7 +1734,12 @@ func (proxier *Proxier) writeIptablesRules() {
// Install the kubernetes-specific postrouting rules. We use a whole chain for
// this so that it is easier to flush and change, for example if the mark
// value should ever change.
// NB: THIS MUST MATCH the corresponding code in the kubelet
// NOTE: kubelet creates identical copies of these rules. If you want to change
// these rules in the future, you MUST do so in a way that will interoperate
// correctly with skewed versions of the rules created by kubelet. (Remove this
// comment once IPTablesOwnershipCleanup is GA.)
proxier.natRules.Write(
"-A", string(kubePostroutingChain),
"-m", "mark", "!", "--mark", fmt.Sprintf("%s/%s", proxier.masqueradeMark, proxier.masqueradeMark),