From c031391faf85125d4e73ced06a8df12a6d6b2622 Mon Sep 17 00:00:00 2001
From: Lars Ekman <lars.g.ekman@est.tech>
Date: Tue, 2 May 2023 15:51:22 +0200
Subject: [PATCH] Kube-proxy/ipvs: accept access to healthCheckNodePort on LbIP

---
 pkg/proxy/ipvs/proxier.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go
index 6f013cac7439..bac8e61a2302 100644
--- a/pkg/proxy/ipvs/proxier.go
+++ b/pkg/proxy/ipvs/proxier.go
@@ -1820,6 +1820,9 @@ func (proxier *Proxier) writeIptablesRules() {
 	proxier.filterRules.Write(
 		"-A", string(kubeIPVSFilterChain),
 		"-m", "set", "--match-set", proxier.ipsetList[kubeExternalIPSet].Name, "dst,dst", "-j", "RETURN")
+	proxier.filterRules.Write(
+		"-A", string(kubeIPVSFilterChain),
+		"-m", "set", "--match-set", proxier.ipsetList[kubeHealthCheckNodePortSet].Name, "dst", "-j", "RETURN")
 	proxier.filterRules.Write(
 		"-A", string(kubeIPVSFilterChain),
 		"-m", "conntrack", "--ctstate", "NEW",