search

cloudnativelabs / kube-router

Kube-router, a turnkey solution for Kubernetes networking.
https://kube-router.io
Apache License 2.0
2.33k stars 471 forks source link

container image v2.1.0 is missing the iptables-legacy binaries #1641

Closed elchenberg closed 7 months ago

elchenberg commented 7 months ago

What happened?

Kube-router v2.1.0 uses iptables with the nftables backend even when the host is using iptables with the legacy backend.

What did you expect to happen?

Since the iptables-wrapper is installed in the container image I expected kube-router to use the same backend as the host system.

How can we reproduce the behavior you experienced?

  1. Have a host system with iptables-legacy and a Kubernetes cluster.
  2. Run iptables --version on the host. Example output: iptables v1.8.9 (legacy)
  3. Repeat the previous command in a kube-router container (kubectl --namespace kube-system exec daemonsets/kube-router -- iptables --version). Output: iptables v1.8.10 (nf_tables)

System Information (please complete the following information):

Additional context

When I downgrade kube-router to v2.0.1 the correct iptables backend is used.

According to the iptables-wrapper documentation the iptables-legacy package needs to be installed in containers that use an Alpine 3.19 base image: https://github.com/kubernetes-sigs/iptables-wrappers?tab=readme-ov-file#building-a-container-image-that-uses-iptables

aauren commented 7 months ago

Seems pretty straightforward. Feel free to raise a PR.