upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-18 18:28:18 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

pkg/proxy/nftables: fix kube-proxy crash with newer nftables versions

Browse source 
Fixes kube-proxy's nftables mode to work on systems with nft 1.1.3.
This commit is contained in:
Alessio Attilio 2026-02-11 20:00:48 +01:00
parent 62c3d8d820
commit 72ef5b34a8
1 changed files with 6 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/proxy/nftables/proxier.go
View file

@ -1109,24 +1109,20 @@ func (proxier *Proxier) syncProxyRules() (retryError error) {
ipvX_addr = "ipv6_addr"
}
var err error
var existingChains sets.Set[string]
existingChainsList, err := proxier.nftables.List(context.TODO(), "chain")
if err == nil {
existingChains = sets.New(existingChainsList...)
} else {
proxier.logger.Error(err, "Failed to list existing chains")
}
var existingAffinitySets sets.Set[string]
existingSets, err := proxier.nftables.List(context.TODO(), "sets")
if err == nil {
if allObjects, err := proxier.nftables.ListAll(context.TODO()); err == nil {
existingChains = sets.New(allObjects["chain"]...)
existingAffinitySets = sets.New[string]()
for _, set := range existingSets {
for _, set := range allObjects["set"] {
if isAffinitySetName(set) {
existingAffinitySets.Insert(set)
}
}
} else {
proxier.logger.Error(err, "Failed to list existing sets")
proxier.logger.Error(err, "Failed to list existing nftables objects")
}
// Accumulate service/endpoint chains and affinity sets to keep.