Quan Tian 9ee3ae748b Fix client IP preservation for NodePort service with protocol SCTP ...

The iptables rule that matches kubeNodePortLocalSetSCTP must be inserted
before the one matches kubeNodePortSetSCTP, otherwise all SCTP traffic
would be masqueraded regardless of whether its ExternalTrafficPolicy is
Local or not.

To cover the case in tests, the patch adds rule order validation to
checkIptables.

2021-09-06 18:54:35 +08:00

175 KiB

Raw Blame History

View Raw