github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kube-proxy: do not delete previously stale but currently active chains

Browse Source 
In some cases a chain could change from stale to active, but once it's
added to staleChains it would always be deleted once. When the proxier
tries to delete a previously stale but currently active chain, it would
fail and lead to errors, though it won't cause real problem thanks to
kernel's validation.

The commit removes a chain from staleChains if it becomes active.

Signed-off-by: Quan Tian <qtian@vmware.com>
This commit is contained in:
Quan Tian
2024-01-05 17:54:51 +08:00
parent 18608cc56b
commit ca8c27c480
2 changed files with 92 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/proxy/nftables/proxier.go
View File

@@ -1525,11 +1525,15 @@ func (proxier *Proxier) syncProxyRules() {
existingChains, err := proxier.nftables.List(context.TODO(), "chains")
if err == nil {
for _, chain := range existingChains {
if isServiceChainName(chain) && !activeChains.Has(chain) {
tx.Flush(&knftables.Chain{
Name: chain,
})
proxier.staleChains[chain] = start
if isServiceChainName(chain) {
if !activeChains.Has(chain) {
tx.Flush(&knftables.Chain{
Name: chain,
})
proxier.staleChains[chain] = start
} else {
delete(proxier.staleChains, chain)
}
}
}
} else if !knftables.IsNotFound(err) {