Skip to content

Commit

Permalink
Upgrade alpine, use iptables-legacy (#327)
Browse files Browse the repository at this point in the history
PR #307 bumps alpine to 3.19.0. Unfortunately that version defaults to
iptables-nft. This breaks an assumption in our Dockerfile and proxy-init
that the `iptables` binary is the legacy version.

Bump alpine to 3.19.0, modify the Dockerfile to continue installing
iptables-legacy, and modify the proxy-init command to default to
iptables-legacy.

Signed-off-by: Andrew Seigner <[email protected]>
  • Loading branch information
siggy authored Jan 25, 2024
1 parent fb9c51e commit 3d46473
Show file tree
Hide file tree
Showing 5 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on \
## Runtime
##

FROM --platform=$TARGETPLATFORM alpine:3.18.5 as runtime
RUN apk add iptables libcap && \
FROM --platform=$TARGETPLATFORM alpine:3.19.0 as runtime
RUN apk add iptables-legacy iptables libcap && \
touch /run/xtables.lock && \
chmod 0666 /run/xtables.lock

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile-cni-plugin
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ RUN --mount=type=cache,target=target \
just cni-repair-controller arch="$TARGETARCH" profile=release build && \
mv "target/$target/release/linkerd-cni-repair-controller" .

FROM --platform=$TARGETPLATFORM alpine:3.18.5 as runtime
FROM --platform=$TARGETPLATFORM alpine:3.19.0 as runtime
WORKDIR /linkerd
RUN apk add \
# For inotifywait
Expand Down
4 changes: 2 additions & 2 deletions cni-plugin/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -219,8 +219,8 @@ func cmdAdd(args *skel.CmdArgs) error {
SimulateOnly: conf.ProxyInit.Simulate,
NetNs: args.Netns,
UseWaitFlag: conf.ProxyInit.UseWaitFlag,
FirewallBinPath: "iptables",
FirewallSaveBinPath: "iptables-save",
FirewallBinPath: "iptables-legacy",
FirewallSaveBinPath: "iptables-legacy-save",
}

// Check if there are any overridden ports to be skipped
Expand Down
4 changes: 2 additions & 2 deletions proxy-init/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ func newRootOptions() *RootOptions {
TimeoutCloseWaitSecs: 0,
LogFormat: "plain",
LogLevel: "info",
FirewallBinPath: "iptables",
FirewallSaveBinPath: "iptables-save",
FirewallBinPath: "iptables-legacy",
FirewallSaveBinPath: "iptables-legacy-save",
}
}

Expand Down
4 changes: 2 additions & 2 deletions proxy-init/cmd/root_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ func TestBuildFirewallConfiguration(t *testing.T) {
ProxyUID: expectedProxyUserID,
SimulateOnly: false,
UseWaitFlag: false,
BinPath: "iptables",
SaveBinPath: "iptables-save",
BinPath: "iptables-legacy",
SaveBinPath: "iptables-legacy-save",
}

options := newRootOptions()
Expand Down

0 comments on commit 3d46473

Please sign in to comment.