make sure we clean up the ISTIO_OUTPUT chain #52881
Conversation
Signed-off-by: Daniel Hawton <daniel@hawton.org>
|
😊 Welcome @dhawton! This is either your first contribution to the Istio istio repo, or it's been You can learn more about the Istio working groups, Code of Conduct, and contribution guidelines Thanks for contributing! Courtesy of your friendly welcome wagon. |
istio-testing
added
the
size/S
Signed-off-by: Daniel Hawton <daniel@hawton.org>
dhawton
force-pushed
the
fix-vm-iptables
branch
from
0919fb0 to
7b5ee6d
Compare
| @@ -81,7 +81,7 @@ func removeOldChains(cfg *config.Config, ext dep.Dependencies, iptV *dep.Iptable | |||
| } | |||
|
|
|||
| // Must be last, the others refer to it | |||
| chains = []string{constants.ISTIOREDIRECT, constants.ISTIOINREDIRECT} | |||
| chains = []string{constants.ISTIOREDIRECT, constants.ISTIOINREDIRECT, constants.ISTIOOUTPUT} | |||
There was a problem hiding this comment.
Yeah this is one of those cases where we shouldn't be duplicating basic iptables state across separate install and cleanup binaries, really.
There is no real benefit to it and it's just another thing to keep in sync.
This is one other thing #50328 helps with.
There was a problem hiding this comment.
Agreed. I saw that PR but seems like more discussions are occurring so this should resolve the issue for now and we can iterate a better procedure.
|
/retest |
istio-testing
added
size/M
|
/cherry-pick release-1.23 |
|
@dhawton: new pull request created: #52882 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This comment was marked as resolved.
This comment was marked as resolved.
my bad that i thought i used 1.22 rpm file but it was 1.23, this issue isnt present in 1.22 |
* upstream/master: waypoint: add telemetry metrics configuration support and fix Telemetry selection (istio#52748) Automator: update ztunnel@master in istio/istio@master (istio#52892) validation: fix error casing on workload group (istio#52891) This ~sort of worked because of globals munging, (istio#52890) hbone: log transport errors (istio#52886) ambient: initial status writing (istio#51945) Install: Makes Waypoint Affinity Configurable (istio#52885) pilot: fix to ensure we only use mesh config after it is initialized (istio#52820) ambient: enhance DNS capture (istio#52867) add omit empty for labels in ads connections (istio#52884) Idempotency for istio-iptables apply flow (istio#50328) make sure we clean up the ISTIO_OUTPUT chain (istio#52881) Automator: update proxy@master in istio/istio@master (istio#52880)
Please provide a description of this PR:
Running
pilot-agent istio-clean-iptableswould leave the ISTIO_OUTPUT chain in existance that was added by #50915.Tests covered by #52860
Fixes #52835
cc: @howardjohn