Periodically verify that all required NodePortLocal iptables rules are present in the Node #2210
Assignees
Labels
area/proxy/nodeportlocal
Issues or PRs related to the NodePortLocal feature
good first issue
Good for newcomers
kind/design
Categorizes issue or PR as related to design.
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
Comments
antoninbas
added
kind/design
|
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment, or this will be closed in 180 days |
github-actions
bot
added
the
lifecycle/stale
antoninbas
removed
the
lifecycle/stale
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Mar 16, 2022
The iptable rules can be deleted by mistake.This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added. fixes antrea-io#2210
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Mar 18, 2022
The iptables rules can be deleted by mistake. This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added. fixes antrea-io#2210
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Mar 25, 2022
The iptables rules can be deleted by mistake. This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added. Some fake pod data was taken and some initial iptables rules were added. Rules were deleted and we checked wheteher they were restored periodically. fixes antrea-io#2210
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Mar 25, 2022
The iptables rules can be deleted by mistake. This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added.It adds some NPL iptables rules, and delete the rules and check if the rules are recovered automatcally. fixes antrea-io#2210
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Apr 1, 2022
The iptables rules can be deleted by mistake. This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added.It adds some NPL iptables rules, and delete the rules and check if the rules are recovered automatcally. fixes antrea-io#2210
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Apr 13, 2022
The iptables rules can be deleted by mistake. This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added.It adds some NPL iptables rules, and delete the rules and check if the rules are recovered automatcally. fixes antrea-io#2210
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Apr 13, 2022
The iptables rules can be deleted by mistake. This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added.It adds some NPL iptables rules, and delete the rules and check if the rules are recovered automatcally. fixes antrea-io#2210
NamanAg30
pushed a commit
to NamanAg30/antrea
that referenced
this issue
Apr 29, 2022
The iptables rules can be deleted by mistake. This patch is used to call a function to ensure that the rules are restored automatically in such a situation. Also integration test was added.It adds some NPL iptables rules, and delete the rules and check if the rules are recovered automatcally. fixes antrea-io#2210
|
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days |
github-actions
bot
added
the
lifecycle/stale
github-actions
bot
removed
the
lifecycle/stale
|
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days |
github-actions
bot
added
the
lifecycle/stale
antoninbas
removed
the
lifecycle/stale
|
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days |
github-actions
bot
added
the
lifecycle/stale
antoninbas
removed
the
lifecycle/stale
|
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days |
github-actions
bot
added
the
lifecycle/stale
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe what you are trying to solve
This issue is similar to #628. In #1751, we added support to periodically sync-up iptables rules. However that PR didn't cover the NodePortLocal iptables rules (https://github.com/antrea-io/antrea/blob/main/pkg/agent/nodeportlocal/rules/iptable_rule.go), probably because PRs were merged at around the same time (v0.13.0 release).
Describe the solution you have in mind
We should add similar logic to periodically verify that all expected NodePortLocal iptables are present.
Describe how your solution impacts user flows
Nothing changes for the user, the Antrea NodePortLocal feature becomes more robust.
Describe the main design/architecture of your solution
There are 2 types of rules:
A new sync method can be added to
antrea/pkg/agent/nodeportlocal/k8s/npl_controller.go
Line 48 in 87c772d
and invoked in a loop from a new goroutine. It can take care of installing both types of routes. Note that for the second type of rules (individual DNAT rules), all the information can be found in
antrea/pkg/agent/nodeportlocal/portcache/port_table.go
Lines 33 to 39 in 87c772d
Test plan
Add an integration test like in #1751 to validate that iptables rules deleted manually are restored automatically.
The text was updated successfully, but these errors were encountered: