@@ -239,7 +239,7 @@ func (s *defaultSecurityListManager) Delete(ctx context.Context, lbSubnets []*co
239239 return err
240240 }
241241
242- return s .updateBackendRules (ctx , noSubnets , backendSubnets , nil , ports )
242+ return s .updateBackendRules (ctx , noSubnets , backendSubnets , & ports , ports )
243243}
244244
245245// frontendSecurityListManager manages only the ingress security list rules required for
@@ -408,22 +408,15 @@ func getNodeIngressRules(
408408 ingressRules = append (ingressRules , rule )
409409 desiredHealthChecker .Delete (* rule .Source )
410410 continue
411- }
412-
413- inUse , err := healthCheckPortInUse (serviceLister , int32 (desiredPorts .HealthCheckerPort ))
414- if err != nil {
415- // Unable to determine if this port is in use by another service, so I guess
416- // we better err on the safe side and keep the rule.
417- logger .Errorf ("failed to determine if port: %d is still in use: %v" , desiredPorts .HealthCheckerPort , err )
418- ingressRules = append (ingressRules , rule )
419- continue
420- }
421- if inUse {
422- // This rule is no longer needed for this service, but is still used
423- // by another service, so we must still keep it.
424- logger .Infof ("Port %d still in use by another service." , desiredPorts .HealthCheckerPort )
425- ingressRules = append (ingressRules , rule )
426- continue
411+ } else if * r .Max == desiredPorts .HealthCheckerPort {
412+ inUse , err := healthCheckPortInUse (serviceLister , int32 (desiredPorts .HealthCheckerPort ))
413+ if err != nil {
414+ logger .Errorf ("failed to determine if port: %d is still in use: %v" , desiredPorts .HealthCheckerPort , err )
415+ ingressRules = append (ingressRules , rule )
416+ } else if inUse {
417+ logger .Infof ("Port %d still in use by another service." , desiredPorts .HealthCheckerPort )
418+ ingressRules = append (ingressRules , rule )
419+ }
427420 }
428421
429422 // else the actual cidr no longer exists so we don't need to do
0 commit comments