flannel
flannel copied to clipboard
Update iptables-wrapper-installer.sh from upstream
Description
We are experiencing problems with the current version of the iptables-wrapper
script. If you have any processes which are using an older binary for iptables, you can experience issues with Flannel selecting the correct version of iptables when first starting the container. Currently if your iptables-legacy-save
output is greater than or equal to the output of iptables-nft-save
then the container will select using the legacy table. The new behavior, which is supported in Kubernetes 1.17+ will look for some special table names in iptables, provided by kubelet, and if they are not found then will revert to line counting. This yields a more consistent experience with iptables version selection.
Change: Download the v2 version of this script which behaves more consistently but reverts back to the old behavior of iptables-save line counting if the other behaviors don't work.
Script source: https://raw.githubusercontent.com/kubernetes-sigs/iptables-wrappers/v2/iptables-wrapper-installer.sh SHA: e139a115350974aac8a82ec4b815d2845f86997e Pulled from: https://github.com/kubernetes-sigs/iptables-wrappers
Todos
- [ ] Tests
- [ ] Documentation
- [ ] Release note
Release Note
Upgrade mechanism to select iptables legacy vs nf_tables to more modern upstream script
Note that I've only tested this on v0.14.0.
Thanks for the PR. Could you please squash the commits before we merge it?
All set - and rebased onto mainline.
Anything I need to do here? The linter appears to be failing on files I didn't touch.
Hi yes it's an error unrelated to your code. It was fixed in the master branch. Could you rebase again please? This should fix the issue.
@thomasferrandiz all set
Bump
Sorry I missed your previous update.