Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iptables: use the same mode with kube-proxy #2758

Merged
merged 2 commits into from
May 6, 2023
Merged

iptables: use the same mode with kube-proxy #2758

merged 2 commits into from
May 6, 2023

Conversation

zhangzujian
Copy link
Member

@zhangzujian zhangzujian commented May 6, 2023
edited by ghost
Loading

What type of this PR

  • Bug fixes

Which issue(s) this PR fixes:

Backport #2535 to release-1.11.

WHAT

🤖 Generated by Copilot at 3688ab3

This pull request adds support for both legacy and nft iptables modes in the kube-ovn project. It replaces the github.com/coreos/go-iptables library with a forked version github.com/kubeovn/go-iptables that can detect and handle both modes. It also updates the iptables rules and chains in the pkg/daemon/controller_linux.go and pkg/daemon/gateway_linux.go files to work with the correct iptables mode.

🤖 Generated by Copilot at 3688ab3

We're sailing on the kubeovn ship, with iptables on our side
We need to switch the modes around, to match the Linux tide
So heave away, me hearties, heave away with all your might
We'll use the go-iptables fork, and keep our rulesets tight

HOW

🤖 Generated by Copilot at 3688ab3

  • Replace github.com/coreos/go-iptables/iptables with github.com/kubeovn/go-iptables/iptables to support both legacy and nft iptables modes (link, link, link, link)
  • Add iptablesObsolete field to ControllerRuntime struct to store iptables handles for the obsolete mode (link)
  • Modify createIptablesRule and updateIptablesChain functions to take iptables.IPTables instance as parameter instead of protocol string (link, link)
  • Use ipt parameter instead of iptables map from controller to create, insert, list, and delete iptables rules and chains (link, link, link, link, link, link)
  • Remove obsolete iptables rules from setIptables function (link)
  • Use local variable ipt to store iptables handle for the current mode and rename abandonedRules to obsoleteRules in setIptables function (link, link)
  • Call cleanObsoleteIptablesRules function to delete obsolete rules and chains from the obsolete mode in setIptables function (link)
  • Rename deleteLegacySnatRules function to deleteObsoleteSnatRules and use ipt parameter instead of iptables map from controller to delete obsolete snat rules (link, link)

@zhangzujian zhangzujian marked this pull request as ready for review May 6, 2023 03:45
@zhangzujian zhangzujian requested a review from oilbeater May 6, 2023 03:45
@zhangzujian zhangzujian merged commit 87c6868 into kubeovn:release-1.11 May 6, 2023
@zhangzujian zhangzujian deleted the iptables-mode branch May 6, 2023 05:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oilbeater oilbeater oilbeater approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zhangzujian @oilbeater