Fix UDP service blackhole problem when number of endpoints changes from 0 to non-0

[danwinship]

When a UDP service goes from 0 endpoints to 1, we need to run "conntrack -D ..." in case there are cached conntrack entries from pods hitting the "-j REJECT" iptables rule that gets installed for services with no endpoints.

Additionally, we need to make sure that OpenShift nodes have conntrack-tools installed so that they can actually run /sbin/conntrack in this and other cases. (There are additional bugs open about fixing the official images.)

Upstream: kubernetes/kubernetes#48524
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1487438

[bparees]

/unassign

[danwinship]

@eparis want to approve the cherry-pick?
(integration failure is just the thing that's failing for everyone)

[eparis]

/lgtm

[danwinship]

Pushed another commit to add the dep to origin.spec too

[eparis]

/lgtm

[openshift-merge-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, eparis

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• OWNERS [eparis]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[imcsk8]

LGTM

[danwinship]

/retest

[knobunc]

/retest (last errors were fixed by a test change)

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-merge-robot]

Automatic merge from submit-queue (batch tested with PRs 15725, 16244, 15796, 16328, 16334)