fix: flush the CNI-HOSTPORT-DNAT chain on stop (#4963) (#4970)

berkayoz · web-flow · commit c7d337fccb50 · 2025-03-27T09:33:28.000+03:00
`microk8s stop` was changed to fully remove containers via ctr(#4755) which results in an old DNAT rule getting left-over that points to the old container id. flushing the chain should fix issues of hostPort connections dropping after a stop & start. (cherry picked from commit b170cad)
diff --git a/microk8s-resources/actions/common/utils.sh b/microk8s-resources/actions/common/utils.sh
@@ -990,6 +990,8 @@ remove_all_containers() {
     do
         "${SNAP}/microk8s-ctr.wrapper" container delete $container &>/dev/null || true
     done
+
+    iptables-legacy -t nat -F CNI-HOSTPORT-DNAT || true
 }
 
 get_container_shim_pids() {

Original file line number	Diff line number	Diff line change
`@@ -990,6 +990,8 @@ remove_all_containers() {`
`990`	`990`	`do`
`991`	`991`	`"${SNAP}/microk8s-ctr.wrapper" container delete $container &>/dev/null \|\| true`
`992`	`992`	`done`
	`993`	`+`
	`994`	`+ iptables-legacy -t nat -F CNI-HOSTPORT-DNAT \|\| true`
`993`	`995`	`}`
`994`	`996`
`995`	`997`	`get_container_shim_pids() {`