nftables reloaded even if nothing changed

metal-stack / firewall-controller

A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics

MIT License

47 stars 4 forks source link

nftables reloaded even if nothing changed #100

Closed majst01 closed 1 year ago

majst01 commented 3 years ago

Jul 13 13:49:38 shoot--p6rjdq--devops01-firewall-bcfba ip[1307]: 2021-07-13T13:49:38.914+0200        INFO        controllers.Firewall        reconciling ips for        {"firewall": "firewall/firewall", "network": "a-network", "adding": {}, "removing": {}}
Jul 13 13:49:38 shoot--p6rjdq--devops01-firewall-bcfba systemd[1]: Reloading nftables.
Jul 13 13:49:38 shoot--p6rjdq--devops01-firewall-bcfba systemd[1]: Reloaded nftables.

GrigoriyMikhalkin commented 3 years ago

It should be solved by https://github.com/metal-stack/firewall-controller/pull/82. Nftables resolution is moved to CNWP controller and there's additional check if nftables rules changed.

majst01 commented 1 year ago

can be closed