Egress Policies not updating anymore when no changes on CWNPs occur

metal-stack / firewall-controller

A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics

MIT License

47 stars 4 forks source link

Egress Policies not updating anymore when no changes on CWNPs occur #105

Closed Gerrit91 closed 3 years ago

Gerrit91 commented 3 years ago

Regression probably caused by https://github.com/metal-stack/firewall-controller/pull/96

Please consider adding more relevant fields to checksum calculation (firewall.spec.data field is a good candidate).

Gerrit91 commented 3 years ago

Also when removing a CWNP, the rules are not deleted anymore.

Gerrit91 commented 3 years ago

Also service type load balancer flow is broken.

majst01 commented 3 years ago

I very simple approach to ensure a reload occurs on any structural changes in the nftables file would be to create the checksum over the sorted file. Simply sort (line by line) the file before creating the checksum.

Gerrit91 commented 3 years ago

Fixed through #109 .