Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(ipset): reset ipset handler before use
At the very end of a NPC full sync we call ipset.Save() during the ipset cleanup stage. This causes all of the current IPv4 and IPv6 sets that are defined on the system (ours or not) to enter into the handler's state. Since `ipset restore` is not implicitly destructive (e.g. it doesn't remove sets that aren't defined like iptables-restore does) we don't really need this previous state, and in some ways it may come back to cause bugs if the state isn't purged. So this is a fail safe to clean them out to ensure that they don't end up building up cruft. It also makes the restores go faster as kube-router is only defining it's own rules rather than defining all rules.
- Loading branch information