Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting unusual timeouts with LoadBalancer on Kubernetes 1.3.3 running on GCE #29759

Closed
ChrisMcKenzie opened this issue Jul 28, 2016 · 7 comments
Closed

Getting unusual timeouts with LoadBalancer on Kubernetes 1.3.3 running on GCE #29759

ChrisMcKenzie opened this issue Jul 28, 2016 · 7 comments
Labels
area/apiserver sig/network Categorizes an issue or PR as relevant to SIG Network.

Comments

@ChrisMcKenzie
Copy link

Hi,
I am getting unusual timeouts with the 'LoadBalancer' service type on Kubernetes 1.3.3 running on GCE, and I don't know where to start troubleshooting.

My environment:

KUBERNETES_VERSION=1.3.3
KUBERNETES_PROVIDER=gce
KUBE_GCE_ZONE=us-central1-b
NODE_SIZE=n1-standard-4

Cluster created via the cluster/kube-up.sh script.

Here is some repro steps to try to illustrate what I'm seeing.

  1. Create two simple nginx RCs and two LoadBalancer services.
  2. Curl the first nginx's LoadBalancer IP.
  3. Scale replicas for the second nginx RC.
  4. Watch the curl command of the first nginx timeout for 2 minutes.

1. Create two simple nginx RCs and two LoadBalancer services.

kubectl create -f - <<- EOF
apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx-alpine
spec:
  replicas: 1
  selector:
    name: nginx-alpine
  template:
    metadata:
      labels:
        name: nginx-alpine
    spec:
      containers:
      - name: nginx-alpine
        image: rohan/nginx-alpine
        ports:
        - containerPort: 80
EOF
kubectl create -f - <<- EOF
apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx-alpine2
spec:
  replicas: 1
  selector:
    name: nginx-alpine2
  template:
    metadata:
      labels:
        name: nginx-alpine2
    spec:
      containers:
      - name: nginx-alpine2
        image: rohan/nginx-alpine
        ports:
        - containerPort: 80
EOF
kubectl create -f - <<- EOF
apiVersion: v1
kind: Service
metadata:
  name: nginx-alpine
  labels:
    app: nginx-alpine
spec:
  type: LoadBalancer
  ports:
  - port: 80
    protocol: TCP
    name: http
  selector:
    name: nginx-alpine
EOF
kubectl create -f - <<- EOF
apiVersion: v1
kind: Service
metadata:
  name: nginx-alpine2
  labels:
    app: nginx-alpine2
spec:
  type: LoadBalancer
  ports:
  - port: 80
    protocol: TCP
    name: http
  selector:
    name: nginx-alpine2
EOF

2. Curl the first nginx's LoadBalancer IP 10times/sec, ts for timestamps

while true; do /usr/bin/curl -k -I http://104.155.xxx.xxx | ts ; sleep 0.1; done

3. Scale replicas for the second nginx RC.

kubectl scale rc nginx-alpine2 --replicas 4

4. Watch the curl command of the first nginx timeout for 2 minutes.

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0   612    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Jul 26 21:09:50 HTTP/1.1 200 OK
Jul 26 21:09:50 Server: nginx/1.6.2
Jul 26 21:09:50 Date: Wed, 27 Jul 2016 04:09:50 GMT
Jul 26 21:09:50 Content-Type: text/html
Jul 26 21:09:50 Content-Length: 612
Jul 26 21:09:50 Last-Modified: Mon, 17 Nov 2014 14:48:17 GMT
Jul 26 21:09:50 Connection: keep-alive
Jul 26 21:09:50 ETag: "546a0ab1-264"
Jul 26 21:09:50 Accept-Ranges: bytes
Jul 26 21:09:50 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0
...
  0     0    0     0    0     0      0      0 --:--:--  0:02:04 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:02:05 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:02:06 --:--:--     0
curl: (7) Failed to connect to 104.155.142.86 port 80: Connection timed out
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0   612    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Jul 26 21:11:58 HTTP/1.1 200 OK
Jul 26 21:11:58 Server: nginx/1.6.2
Jul 26 21:11:58 Date: Wed, 27 Jul 2016 04:11:58 GMT
Jul 26 21:11:58 Content-Type: text/html
Jul 26 21:11:58 Content-Length: 612
Jul 26 21:11:58 Last-Modified: Mon, 17 Nov 2014 14:48:17 GMT
Jul 26 21:11:58 Connection: keep-alive
Jul 26 21:11:58 ETag: "546a0ab1-264"
Jul 26 21:11:58 Accept-Ranges: bytes
Jul 26 21:11:58

During the timeout, netstat says:
tcp 0 1 10.10.130.104:54848 104.155.xxx.xxx:80 SYN_SENT 17235/curl

Interestingly, a GCE Kubernetes cluster running 1.2.5 or GKE running 1.3.3 does not exhibit this timeout.
Is this normal or am I doing something wrong?

I should also point out that communications to the service inside the cluster via k8s dns work perfect.
@ChrisMcKenzie
Copy link
Author

ChrisMcKenzie commented Jul 29, 2016
edited
Loading

Another interesting finding is that if I create a cluster with a master and one minion (previously 4 minion cluster) I do not get this issue.

@ChrisMcKenzie
Copy link
Author

I have found so far that setting masquerade-all helps with this issue however It does not completely remedy it, I still get a small pause in request handling.

Any thoughts here? Could this be something to do with the iptables configuration or am I looking in the wrong spot?

@ChrisMcKenzie
Copy link
Author

So I have not found a solution to this but I have proved that it has something to do with kube-proxy running in iptables mode after switching it to userspace mode it no long drops connections.

@vsimon
Copy link
Contributor

vsimon commented Aug 2, 2016

cc'ing @thockin (hope ok I found your handle in the original issue #3760), should this be happening in the iptables mode of kube-proxy?

@thockin
Copy link
Member

thockin commented Aug 3, 2016

I don't think this is a kube-proxy issue, if you say that it works fine within the cluster.

@girishkalele

@girishkalele
Copy link

@ChrisMcKenzie

There are several interesting datapoints here.

  • The curl to the first nginx service pauses for 2 minutes when the second RC is scaled up to 4 replicas.
  • This does not happen on a 1 minion cluster but on a four node cluster. Was the RC able to scale to 4 replicas in the 1 minion cluster or it just had no resources to schedule which prevented the issue from showing up ?
  • This does not happen with the userspace proxy but with the iptables proxy.

IIUC, the GCE load-balancer configuration is untouched when the RC is scaled so that we can eliminate.

Endpoint addition/removal will trigger conntrack flushes but the next SYN will work, 120 seconds is way too long.

We definitely need more debug data, we would need the output of describe service for both services, all endpoints for the 2 services and the output of iptables-save from all minions when the problem is 'live'.

@ChrisMcKenzie
Copy link
Author

Very sorry for the late reply. here is the data you asked for.

Service Describes

Name:                   kubernetes
Namespace:              default
Labels:                 component=apiserver
                        provider=kubernetes
Selector:               <none>
Type:                   ClusterIP
IP:                     10.0.0.1
Port:                   https   443/TCP
Endpoints:              10.128.0.2:443
Session Affinity:       ClientIP
No events.

Name:                   nginx-alpine
Namespace:              default
Labels:                 app=nginx-alpine
Selector:               name=nginx-alpine
Type:                   LoadBalancer
IP:                     10.0.187.101
LoadBalancer Ingress:   104.197.17.157
Port:                   http    80/TCP
NodePort:               http    32304/TCP
Endpoints:              10.244.3.3:80
Session Affinity:       None
Events:
  FirstSeen     LastSeen        Count   From                    SubobjectPath   Type            Reason                  Message
  ---------     --------        -----   ----                    -------------   --------        ------                  -------
  1m            1m              1       {service-controller }                   Normal          CreatingLoadBalancer    Creating load balancer
  26s           26s             1       {service-controller }                   Normal          CreatedLoadBalancer     Created load balancer


Name:                   nginx-alpine2
Namespace:              default
Labels:                 app=nginx-alpine2
Selector:               name=nginx-alpine2
Type:                   LoadBalancer
IP:                     10.0.100.175
Port:                   http    80/TCP
NodePort:               http    31454/TCP
Endpoints:              10.244.1.3:80
Session Affinity:       None
Events:
  FirstSeen     LastSeen        Count   From                    SubobjectPath   Type            Reason                  Message
  ---------     --------        -----   ----                    -------------   --------        ------                  -------
  27s           27s             1       {service-controller }                   Normal          CreatingLoadBalancer    Creating load balancer

Endpoints

Name:           kubernetes
Namespace:      default
Labels:         <none>
Subsets:
  Addresses:            10.128.0.2
  NotReadyAddresses:    <none>
  Ports:
    Name        Port    Protocol
    ----        ----    --------
    https       443     TCP

No events.

Name:           nginx-alpine
Namespace:      default
Labels:         app=nginx-alpine
Subsets:
  Addresses:            10.244.3.3
  NotReadyAddresses:    <none>
  Ports:
    Name        Port    Protocol
    ----        ----    --------
    http        80      TCP

No events.

Name:           nginx-alpine2
Namespace:      default
Labels:         app=nginx-alpine2
Subsets:
  Addresses:            10.244.1.3
  NotReadyAddresses:    <none>
  Ports:
    Name        Port    Protocol
    ----        ----    --------
    http        80      TCP

No events.

Iptables Save BEFORE SCALE

# Generated by iptables-save v1.4.14 on Wed Aug 10 20:00:41 2016
*filter
:INPUT ACCEPT [271:99040]
:FORWARD ACCEPT [315:78793]
:OUTPUT ACCEPT [232:28950]
:DOCKER - [0:0]
:DOCKER-ISOLATION - [0:0]
:KUBE-SERVICES - [0:0]
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A DOCKER-ISOLATION -j RETURN
COMMIT
# Completed on Wed Aug 10 20:00:41 2016
# Generated by iptables-save v1.4.14 on Wed Aug 10 20:00:41 2016
*nat
:PREROUTING ACCEPT [35:2534]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [15:920]
:POSTROUTING ACCEPT [11:660]
:DOCKER - [0:0]
:KUBE-HOSTPORTS - [0:0]
:KUBE-MARK-MASQ - [0:0]
:KUBE-NODEPORTS - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-SEP-BUJ5OJMLNJS4IG24 - [0:0]
:KUBE-SEP-DOVWEW33RROJFUEM - [0:0]
:KUBE-SEP-E45QDZNOOWJPY3H7 - [0:0]
:KUBE-SEP-HKEHNU6DU44F6J3Q - [0:0]
:KUBE-SEP-JBTNJKJ27H5DOTKW - [0:0]
:KUBE-SEP-KXKN46YFODM6673N - [0:0]
:KUBE-SEP-PBFVJUGNX7I4VSY2 - [0:0]
:KUBE-SEP-RELSGQPZUR65POGX - [0:0]
:KUBE-SEP-SBCF5D2ZF5GAKWZR - [0:0]
:KUBE-SEP-U2ON4RA2GTR6A3CO - [0:0]
:KUBE-SEP-YCJRHIOQ464L7AYZ - [0:0]
:KUBE-SEP-ZCXVXMFXWKBPBM23 - [0:0]
:KUBE-SERVICES - [0:0]
:KUBE-SVC-BJM46V3U5RZHCFRZ - [0:0]
:KUBE-SVC-CK6HVV5A27TDFNIA - [0:0]
:KUBE-SVC-DFASHI6RIH76M72E - [0:0]
:KUBE-SVC-ERIFXISQEP7F7OF4 - [0:0]
:KUBE-SVC-J6IQQ3OHLYKKWSUU - [0:0]
:KUBE-SVC-JRXTEHDDTAFMSEAS - [0:0]
:KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
:KUBE-SVC-TCOU7JCQXEZGVUNU - [0:0]
:KUBE-SVC-WEHLQ23XZWSA5ZX3 - [0:0]
:KUBE-SVC-XGLOHA7QRQ3V22RZ - [0:0]
:KUBE-SVC-XP4WJ6VSLGWALMW5 - [0:0]
-A PREROUTING -m comment --comment "kube hostport portals" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT -m comment --comment "kube hostport portals" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
-A POSTROUTING ! -d 10.0.0.0/8 -m comment --comment "kubenet: SNAT for outbound traffic from cluster" -m addrtype ! --dst-type LOCAL -j MASQUERADE
-A POSTROUTING -s 127.0.0.0/8 -o cbr0 -m comment --comment "SNAT for localhost access to hostports" -j MASQUERADE
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine:http" -m tcp --dport 32304 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine:http" -m tcp --dport 32304 -j KUBE-SVC-J6IQQ3OHLYKKWSUU
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp --dport 31454 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp --dport 31454 -j KUBE-SVC-DFASHI6RIH76M72E
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp --dport 31658 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp --dport 31658 -j KUBE-SVC-XP4WJ6VSLGWALMW5
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE
-A KUBE-SEP-BUJ5OJMLNJS4IG24 -s 10.244.3.3/32 -m comment --comment "default/nginx-alpine:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-BUJ5OJMLNJS4IG24 -p tcp -m comment --comment "default/nginx-alpine:http" -m tcp -j DNAT --to-destination 10.244.3.3:80
-A KUBE-SEP-DOVWEW33RROJFUEM -s 10.244.2.5/32 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-DOVWEW33RROJFUEM -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.2.5:53
-A KUBE-SEP-E45QDZNOOWJPY3H7 -s 10.244.1.3/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-E45QDZNOOWJPY3H7 -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.1.3:80
-A KUBE-SEP-HKEHNU6DU44F6J3Q -s 10.244.2.6/32 -m comment --comment "kube-system/kubernetes-dashboard:" -j KUBE-MARK-MASQ
-A KUBE-SEP-HKEHNU6DU44F6J3Q -p tcp -m comment --comment "kube-system/kubernetes-dashboard:" -m tcp -j DNAT --to-destination 10.244.2.6:9090
-A KUBE-SEP-JBTNJKJ27H5DOTKW -s 10.244.2.4/32 -m comment --comment "kube-system/monitoring-grafana:" -j KUBE-MARK-MASQ
-A KUBE-SEP-JBTNJKJ27H5DOTKW -p tcp -m comment --comment "kube-system/monitoring-grafana:" -m tcp -j DNAT --to-destination 10.244.2.4:3000
-A KUBE-SEP-KXKN46YFODM6673N -s 10.244.2.4/32 -m comment --comment "kube-system/monitoring-influxdb:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-KXKN46YFODM6673N -p tcp -m comment --comment "kube-system/monitoring-influxdb:http" -m tcp -j DNAT --to-destination 10.244.2.4:8083
-A KUBE-SEP-PBFVJUGNX7I4VSY2 -s 10.244.2.5/32 -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-PBFVJUGNX7I4VSY2 -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.2.5:53
-A KUBE-SEP-RELSGQPZUR65POGX -s 10.128.0.2/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-RELSGQPZUR65POGX -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-RELSGQPZUR65POGX --rsource -m tcp -j DNAT --to-destination 10.128.0.2:443
-A KUBE-SEP-SBCF5D2ZF5GAKWZR -s 10.244.2.3/32 -m comment --comment "kube-system/default-http-backend:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-SBCF5D2ZF5GAKWZR -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp -j DNAT --to-destination 10.244.2.3:8080
-A KUBE-SEP-U2ON4RA2GTR6A3CO -s 10.128.0.2/32 -m comment --comment "kube-system/default-http-backend:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-U2ON4RA2GTR6A3CO -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp -j DNAT --to-destination 10.128.0.2:8080
-A KUBE-SEP-YCJRHIOQ464L7AYZ -s 10.244.4.3/32 -m comment --comment "kube-system/heapster:" -j KUBE-MARK-MASQ
-A KUBE-SEP-YCJRHIOQ464L7AYZ -p tcp -m comment --comment "kube-system/heapster:" -m tcp -j DNAT --to-destination 10.244.4.3:8082
-A KUBE-SEP-ZCXVXMFXWKBPBM23 -s 10.244.2.4/32 -m comment --comment "kube-system/monitoring-influxdb:api" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZCXVXMFXWKBPBM23 -p tcp -m comment --comment "kube-system/monitoring-influxdb:api" -m tcp -j DNAT --to-destination 10.244.2.4:8086
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.187.101/32 -p tcp -m comment --comment "default/nginx-alpine:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.187.101/32 -p tcp -m comment --comment "default/nginx-alpine:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-J6IQQ3OHLYKKWSUU
-A KUBE-SERVICES -d 104.197.17.157/32 -p tcp -m comment --comment "default/nginx-alpine:http loadbalancer IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 104.197.17.157/32 -p tcp -m comment --comment "default/nginx-alpine:http loadbalancer IP" -m tcp --dport 80 -j KUBE-SVC-J6IQQ3OHLYKKWSUU
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.100.175/32 -p tcp -m comment --comment "default/nginx-alpine2:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.100.175/32 -p tcp -m comment --comment "default/nginx-alpine2:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-DFASHI6RIH76M72E
-A KUBE-SERVICES -d 104.197.228.181/32 -p tcp -m comment --comment "default/nginx-alpine2:http loadbalancer IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 104.197.228.181/32 -p tcp -m comment --comment "default/nginx-alpine2:http loadbalancer IP" -m tcp --dport 80 -j KUBE-SVC-DFASHI6RIH76M72E
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.118.20/32 -p tcp -m comment --comment "kube-system/heapster: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.118.20/32 -p tcp -m comment --comment "kube-system/heapster: cluster IP" -m tcp --dport 80 -j KUBE-SVC-BJM46V3U5RZHCFRZ
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.157.106/32 -p tcp -m comment --comment "kube-system/monitoring-grafana: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.157.106/32 -p tcp -m comment --comment "kube-system/monitoring-grafana: cluster IP" -m tcp --dport 80 -j KUBE-SVC-JRXTEHDDTAFMSEAS
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.240.84/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.240.84/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard: cluster IP" -m tcp --dport 80 -j KUBE-SVC-XGLOHA7QRQ3V22RZ
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:http cluster IP" -m tcp --dport 8083 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:http cluster IP" -m tcp --dport 8083 -j KUBE-SVC-WEHLQ23XZWSA5ZX3
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:api cluster IP" -m tcp --dport 8086 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:api cluster IP" -m tcp --dport 8086 -j KUBE-SVC-CK6HVV5A27TDFNIA
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.39.39/32 -p tcp -m comment --comment "kube-system/default-http-backend:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.39.39/32 -p tcp -m comment --comment "kube-system/default-http-backend:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-XP4WJ6VSLGWALMW5
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-SVC-BJM46V3U5RZHCFRZ -m comment --comment "kube-system/heapster:" -j KUBE-SEP-YCJRHIOQ464L7AYZ
-A KUBE-SVC-CK6HVV5A27TDFNIA -m comment --comment "kube-system/monitoring-influxdb:api" -j KUBE-SEP-ZCXVXMFXWKBPBM23
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -j KUBE-SEP-E45QDZNOOWJPY3H7
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-SEP-DOVWEW33RROJFUEM
-A KUBE-SVC-J6IQQ3OHLYKKWSUU -m comment --comment "default/nginx-alpine:http" -j KUBE-SEP-BUJ5OJMLNJS4IG24
-A KUBE-SVC-JRXTEHDDTAFMSEAS -m comment --comment "kube-system/monitoring-grafana:" -j KUBE-SEP-JBTNJKJ27H5DOTKW
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 180 --reap --name KUBE-SEP-RELSGQPZUR65POGX --rsource -j KUBE-SEP-RELSGQPZUR65POGX
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-RELSGQPZUR65POGX
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -j KUBE-SEP-PBFVJUGNX7I4VSY2
-A KUBE-SVC-WEHLQ23XZWSA5ZX3 -m comment --comment "kube-system/monitoring-influxdb:http" -j KUBE-SEP-KXKN46YFODM6673N
-A KUBE-SVC-XGLOHA7QRQ3V22RZ -m comment --comment "kube-system/kubernetes-dashboard:" -j KUBE-SEP-HKEHNU6DU44F6J3Q
-A KUBE-SVC-XP4WJ6VSLGWALMW5 -m comment --comment "kube-system/default-http-backend:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-U2ON4RA2GTR6A3CO
-A KUBE-SVC-XP4WJ6VSLGWALMW5 -m comment --comment "kube-system/default-http-backend:http" -j KUBE-SEP-SBCF5D2ZF5GAKWZR
COMMIT
# Completed on Wed Aug 10 20:00:41 2016

Iptables Save AFTER SCALE

# Generated by iptables-save v1.4.14 on Wed Aug 10 20:05:32 2016
*nat
:PREROUTING ACCEPT [26:1870]
:INPUT ACCEPT [1:60]
:OUTPUT ACCEPT [10:660]
:POSTROUTING ACCEPT [6:360]
:DOCKER - [0:0]
:KUBE-HOSTPORTS - [0:0]
:KUBE-MARK-MASQ - [0:0]
:KUBE-NODEPORTS - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-SEP-2PUFH44HOFYHCHPC - [0:0]
:KUBE-SEP-2VFZDYR2ZN5SO2OD - [0:0]
:KUBE-SEP-45EPZXYW4WC6YKRV - [0:0]
:KUBE-SEP-4WHNFNU7TBFT2UUM - [0:0]
:KUBE-SEP-5A56ZPDHREKMYPDF - [0:0]
:KUBE-SEP-BUJ5OJMLNJS4IG24 - [0:0]
:KUBE-SEP-DOVWEW33RROJFUEM - [0:0]
:KUBE-SEP-E45QDZNOOWJPY3H7 - [0:0]
:KUBE-SEP-ERHOFXWHWE5NZYXW - [0:0]
:KUBE-SEP-GS2LAIX5VBOJNNZ3 - [0:0]
:KUBE-SEP-GW7B3JCGSO7A53IF - [0:0]
:KUBE-SEP-HKEHNU6DU44F6J3Q - [0:0]
:KUBE-SEP-J7NY7JVZUA6V5GFJ - [0:0]
:KUBE-SEP-JBTNJKJ27H5DOTKW - [0:0]
:KUBE-SEP-KXKN46YFODM6673N - [0:0]
:KUBE-SEP-MHWC3Y67LHQKWLRU - [0:0]
:KUBE-SEP-MYMEIBIT432J2J7T - [0:0]
:KUBE-SEP-OLD62CPOHLP4WK6D - [0:0]
:KUBE-SEP-PBFVJUGNX7I4VSY2 - [0:0]
:KUBE-SEP-RBPUWMMKIZVWSDFA - [0:0]
:KUBE-SEP-RELSGQPZUR65POGX - [0:0]
:KUBE-SEP-SBCF5D2ZF5GAKWZR - [0:0]
:KUBE-SEP-TO2BDH4AGZQMTTRY - [0:0]
:KUBE-SEP-U2ON4RA2GTR6A3CO - [0:0]
:KUBE-SEP-UFD3PZZPA3KGNJAK - [0:0]
:KUBE-SEP-X4B46EHIM3TZLNRB - [0:0]
:KUBE-SEP-XJERRRUXJ46DOAB7 - [0:0]
:KUBE-SEP-YCJRHIOQ464L7AYZ - [0:0]
:KUBE-SEP-YMS3GWDO6D4G2FHV - [0:0]
:KUBE-SEP-YOYA5L4E5XMSKVLE - [0:0]
:KUBE-SEP-ZCXVXMFXWKBPBM23 - [0:0]
:KUBE-SERVICES - [0:0]
:KUBE-SVC-BJM46V3U5RZHCFRZ - [0:0]
:KUBE-SVC-CK6HVV5A27TDFNIA - [0:0]
:KUBE-SVC-DFASHI6RIH76M72E - [0:0]
:KUBE-SVC-ERIFXISQEP7F7OF4 - [0:0]
:KUBE-SVC-J6IQQ3OHLYKKWSUU - [0:0]
:KUBE-SVC-JRXTEHDDTAFMSEAS - [0:0]
:KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
:KUBE-SVC-TCOU7JCQXEZGVUNU - [0:0]
:KUBE-SVC-WEHLQ23XZWSA5ZX3 - [0:0]
:KUBE-SVC-XGLOHA7QRQ3V22RZ - [0:0]
:KUBE-SVC-XP4WJ6VSLGWALMW5 - [0:0]
-A PREROUTING -m comment --comment "kube hostport portals" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT -m comment --comment "kube hostport portals" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
-A POSTROUTING ! -d 10.0.0.0/8 -m comment --comment "kubenet: SNAT for outbound traffic from cluster" -m addrtype ! --dst-type LOCAL -j MASQUERADE
-A POSTROUTING -s 127.0.0.0/8 -o cbr0 -m comment --comment "SNAT for localhost access to hostports" -j MASQUERADE
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine:http" -m tcp --dport 32304 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine:http" -m tcp --dport 32304 -j KUBE-SVC-J6IQQ3OHLYKKWSUU
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp --dport 31454 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp --dport 31454 -j KUBE-SVC-DFASHI6RIH76M72E
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp --dport 31658 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp --dport 31658 -j KUBE-SVC-XP4WJ6VSLGWALMW5
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE
-A KUBE-SEP-2PUFH44HOFYHCHPC -s 10.244.1.5/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-2PUFH44HOFYHCHPC -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.1.5:80
-A KUBE-SEP-2VFZDYR2ZN5SO2OD -s 10.244.1.7/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-2VFZDYR2ZN5SO2OD -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.1.7:80
-A KUBE-SEP-45EPZXYW4WC6YKRV -s 10.244.3.4/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-45EPZXYW4WC6YKRV -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.3.4:80
-A KUBE-SEP-4WHNFNU7TBFT2UUM -s 10.244.3.8/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-4WHNFNU7TBFT2UUM -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.3.8:80
-A KUBE-SEP-5A56ZPDHREKMYPDF -s 10.244.4.4/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-5A56ZPDHREKMYPDF -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.4.4:80
-A KUBE-SEP-BUJ5OJMLNJS4IG24 -s 10.244.3.3/32 -m comment --comment "default/nginx-alpine:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-BUJ5OJMLNJS4IG24 -p tcp -m comment --comment "default/nginx-alpine:http" -m tcp -j DNAT --to-destination 10.244.3.3:80
-A KUBE-SEP-DOVWEW33RROJFUEM -s 10.244.2.5/32 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-DOVWEW33RROJFUEM -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.2.5:53
-A KUBE-SEP-E45QDZNOOWJPY3H7 -s 10.244.1.3/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-E45QDZNOOWJPY3H7 -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.1.3:80
-A KUBE-SEP-ERHOFXWHWE5NZYXW -s 10.244.1.4/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-ERHOFXWHWE5NZYXW -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.1.4:80
-A KUBE-SEP-GS2LAIX5VBOJNNZ3 -s 10.244.2.9/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-GS2LAIX5VBOJNNZ3 -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.2.9:80
-A KUBE-SEP-GW7B3JCGSO7A53IF -s 10.244.2.11/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-GW7B3JCGSO7A53IF -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.2.11:80
-A KUBE-SEP-HKEHNU6DU44F6J3Q -s 10.244.2.6/32 -m comment --comment "kube-system/kubernetes-dashboard:" -j KUBE-MARK-MASQ
-A KUBE-SEP-HKEHNU6DU44F6J3Q -p tcp -m comment --comment "kube-system/kubernetes-dashboard:" -m tcp -j DNAT --to-destination 10.244.2.6:9090
-A KUBE-SEP-J7NY7JVZUA6V5GFJ -s 10.244.4.6/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-J7NY7JVZUA6V5GFJ -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.4.6:80
-A KUBE-SEP-JBTNJKJ27H5DOTKW -s 10.244.2.4/32 -m comment --comment "kube-system/monitoring-grafana:" -j KUBE-MARK-MASQ
-A KUBE-SEP-JBTNJKJ27H5DOTKW -p tcp -m comment --comment "kube-system/monitoring-grafana:" -m tcp -j DNAT --to-destination 10.244.2.4:3000
-A KUBE-SEP-KXKN46YFODM6673N -s 10.244.2.4/32 -m comment --comment "kube-system/monitoring-influxdb:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-KXKN46YFODM6673N -p tcp -m comment --comment "kube-system/monitoring-influxdb:http" -m tcp -j DNAT --to-destination 10.244.2.4:8083
-A KUBE-SEP-MHWC3Y67LHQKWLRU -s 10.244.1.6/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-MHWC3Y67LHQKWLRU -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.1.6:80
-A KUBE-SEP-MYMEIBIT432J2J7T -s 10.244.2.7/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-MYMEIBIT432J2J7T -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.2.7:80
-A KUBE-SEP-OLD62CPOHLP4WK6D -s 10.244.4.7/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-OLD62CPOHLP4WK6D -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.4.7:80
-A KUBE-SEP-PBFVJUGNX7I4VSY2 -s 10.244.2.5/32 -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-PBFVJUGNX7I4VSY2 -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.2.5:53
-A KUBE-SEP-RBPUWMMKIZVWSDFA -s 10.244.4.5/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-RBPUWMMKIZVWSDFA -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.4.5:80
-A KUBE-SEP-RELSGQPZUR65POGX -s 10.128.0.2/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-RELSGQPZUR65POGX -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-RELSGQPZUR65POGX --rsource -m tcp -j DNAT --to-destination 10.128.0.2:443
-A KUBE-SEP-SBCF5D2ZF5GAKWZR -s 10.244.2.3/32 -m comment --comment "kube-system/default-http-backend:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-SBCF5D2ZF5GAKWZR -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp -j DNAT --to-destination 10.244.2.3:8080
-A KUBE-SEP-TO2BDH4AGZQMTTRY -s 10.244.3.5/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-TO2BDH4AGZQMTTRY -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.3.5:80
-A KUBE-SEP-U2ON4RA2GTR6A3CO -s 10.128.0.2/32 -m comment --comment "kube-system/default-http-backend:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-U2ON4RA2GTR6A3CO -p tcp -m comment --comment "kube-system/default-http-backend:http" -m tcp -j DNAT --to-destination 10.128.0.2:8080
-A KUBE-SEP-UFD3PZZPA3KGNJAK -s 10.244.3.7/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-UFD3PZZPA3KGNJAK -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.3.7:80
-A KUBE-SEP-X4B46EHIM3TZLNRB -s 10.244.3.6/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-X4B46EHIM3TZLNRB -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.3.6:80
-A KUBE-SEP-XJERRRUXJ46DOAB7 -s 10.244.2.10/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-XJERRRUXJ46DOAB7 -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.2.10:80
-A KUBE-SEP-YCJRHIOQ464L7AYZ -s 10.244.4.3/32 -m comment --comment "kube-system/heapster:" -j KUBE-MARK-MASQ
-A KUBE-SEP-YCJRHIOQ464L7AYZ -p tcp -m comment --comment "kube-system/heapster:" -m tcp -j DNAT --to-destination 10.244.4.3:8082
-A KUBE-SEP-YMS3GWDO6D4G2FHV -s 10.244.1.8/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-YMS3GWDO6D4G2FHV -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.1.8:80
-A KUBE-SEP-YOYA5L4E5XMSKVLE -s 10.244.2.8/32 -m comment --comment "default/nginx-alpine2:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-YOYA5L4E5XMSKVLE -p tcp -m comment --comment "default/nginx-alpine2:http" -m tcp -j DNAT --to-destination 10.244.2.8:80
-A KUBE-SEP-ZCXVXMFXWKBPBM23 -s 10.244.2.4/32 -m comment --comment "kube-system/monitoring-influxdb:api" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZCXVXMFXWKBPBM23 -p tcp -m comment --comment "kube-system/monitoring-influxdb:api" -m tcp -j DNAT --to-destination 10.244.2.4:8086
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.157.106/32 -p tcp -m comment --comment "kube-system/monitoring-grafana: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.157.106/32 -p tcp -m comment --comment "kube-system/monitoring-grafana: cluster IP" -m tcp --dport 80 -j KUBE-SVC-JRXTEHDDTAFMSEAS
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.187.101/32 -p tcp -m comment --comment "default/nginx-alpine:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.187.101/32 -p tcp -m comment --comment "default/nginx-alpine:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-J6IQQ3OHLYKKWSUU
-A KUBE-SERVICES -d 104.197.17.157/32 -p tcp -m comment --comment "default/nginx-alpine:http loadbalancer IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 104.197.17.157/32 -p tcp -m comment --comment "default/nginx-alpine:http loadbalancer IP" -m tcp --dport 80 -j KUBE-SVC-J6IQQ3OHLYKKWSUU
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.100.175/32 -p tcp -m comment --comment "default/nginx-alpine2:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.100.175/32 -p tcp -m comment --comment "default/nginx-alpine2:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-DFASHI6RIH76M72E
-A KUBE-SERVICES -d 104.197.228.181/32 -p tcp -m comment --comment "default/nginx-alpine2:http loadbalancer IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 104.197.228.181/32 -p tcp -m comment --comment "default/nginx-alpine2:http loadbalancer IP" -m tcp --dport 80 -j KUBE-SVC-DFASHI6RIH76M72E
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.118.20/32 -p tcp -m comment --comment "kube-system/heapster: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.118.20/32 -p tcp -m comment --comment "kube-system/heapster: cluster IP" -m tcp --dport 80 -j KUBE-SVC-BJM46V3U5RZHCFRZ
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.39.39/32 -p tcp -m comment --comment "kube-system/default-http-backend:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.39.39/32 -p tcp -m comment --comment "kube-system/default-http-backend:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-XP4WJ6VSLGWALMW5
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.240.84/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.240.84/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard: cluster IP" -m tcp --dport 80 -j KUBE-SVC-XGLOHA7QRQ3V22RZ
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:http cluster IP" -m tcp --dport 8083 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:http cluster IP" -m tcp --dport 8083 -j KUBE-SVC-WEHLQ23XZWSA5ZX3
-A KUBE-SERVICES ! -s 10.244.0.0/14 -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:api cluster IP" -m tcp --dport 8086 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.219.165/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb:api cluster IP" -m tcp --dport 8086 -j KUBE-SVC-CK6HVV5A27TDFNIA
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-SVC-BJM46V3U5RZHCFRZ -m comment --comment "kube-system/heapster:" -j KUBE-SEP-YCJRHIOQ464L7AYZ
-A KUBE-SVC-CK6HVV5A27TDFNIA -m comment --comment "kube-system/monitoring-influxdb:api" -j KUBE-SEP-ZCXVXMFXWKBPBM23
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.04999999981 -j KUBE-SEP-E45QDZNOOWJPY3H7
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.05262999982 -j KUBE-SEP-ERHOFXWHWE5NZYXW
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.05555999978 -j KUBE-SEP-2PUFH44HOFYHCHPC
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.05881999992 -j KUBE-SEP-MHWC3Y67LHQKWLRU
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.06250000000 -j KUBE-SEP-2VFZDYR2ZN5SO2OD
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.06667000009 -j KUBE-SEP-YMS3GWDO6D4G2FHV
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.07143000001 -j KUBE-SEP-XJERRRUXJ46DOAB7
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.07691999990 -j KUBE-SEP-GW7B3JCGSO7A53IF
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.08332999982 -j KUBE-SEP-MYMEIBIT432J2J7T
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.09090999980 -j KUBE-SEP-YOYA5L4E5XMSKVLE
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.10000000009 -j KUBE-SEP-GS2LAIX5VBOJNNZ3
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.11110999994 -j KUBE-SEP-45EPZXYW4WC6YKRV
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-TO2BDH4AGZQMTTRY
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-X4B46EHIM3TZLNRB
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-UFD3PZZPA3KGNJAK
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-4WHNFNU7TBFT2UUM
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-5A56ZPDHREKMYPDF
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-RBPUWMMKIZVWSDFA
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-J7NY7JVZUA6V5GFJ
-A KUBE-SVC-DFASHI6RIH76M72E -m comment --comment "default/nginx-alpine2:http" -j KUBE-SEP-OLD62CPOHLP4WK6D
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-SEP-DOVWEW33RROJFUEM
-A KUBE-SVC-J6IQQ3OHLYKKWSUU -m comment --comment "default/nginx-alpine:http" -j KUBE-SEP-BUJ5OJMLNJS4IG24
-A KUBE-SVC-JRXTEHDDTAFMSEAS -m comment --comment "kube-system/monitoring-grafana:" -j KUBE-SEP-JBTNJKJ27H5DOTKW
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 180 --reap --name KUBE-SEP-RELSGQPZUR65POGX --rsource -j KUBE-SEP-RELSGQPZUR65POGX
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-RELSGQPZUR65POGX
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -j KUBE-SEP-PBFVJUGNX7I4VSY2
-A KUBE-SVC-WEHLQ23XZWSA5ZX3 -m comment --comment "kube-system/monitoring-influxdb:http" -j KUBE-SEP-KXKN46YFODM6673N
-A KUBE-SVC-XGLOHA7QRQ3V22RZ -m comment --comment "kube-system/kubernetes-dashboard:" -j KUBE-SEP-HKEHNU6DU44F6J3Q
-A KUBE-SVC-XP4WJ6VSLGWALMW5 -m comment --comment "kube-system/default-http-backend:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-U2ON4RA2GTR6A3CO
-A KUBE-SVC-XP4WJ6VSLGWALMW5 -m comment --comment "kube-system/default-http-backend:http" -j KUBE-SEP-SBCF5D2ZF5GAKWZR
COMMIT
# Completed on Wed Aug 10 20:05:32 2016

@Alan01252 Alan01252 mentioned this issue Apr 12, 2017
Closed
@thockin thockin added the sig/network Categorizes an issue or PR as relevant to SIG Network. label May 19, 2017
@thockin thockin closed this as completed May 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/apiserver sig/network Categorizes an issue or PR as relevant to SIG Network.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@vsimon @ChrisMcKenzie @thockin @pwittrock @k8s-github-robot @girishkalele