Why iptables rules are not cleaned up by kubeproxy when the pods are terminated/rolling update?

Solution Verified - Updated -

Issue

  • While performing the rolling update, kubeproxy does not clean the iptable rules for the old pods immediately and on average it takes ~10 minutes to clean up those rules.

Environment

  • Openshift v3.11.318 and before
  • Rolling strategy as below
 rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In