Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue with ipset or iptables chain removal during NodeNetworkPolicy updates or deletions #6707

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix issue with ipset or iptables chain removal during NodeNetworkPolicy updates or deletions #6707

wants to merge 1 commit into from

Conversation

hongliangl
Copy link
Contributor

@hongliangl hongliangl commented Sep 30, 2024
edited
Loading

Fix #6706

This commit addresses an issue where stale ipset or iptables chain is
not deleted during NodeNetworkPolicy updates or deletions. The root cause
is that the ipset or iptables chain is still referenced by other iptables
rules during the deletion or update attempt. The fix ensures proper order
of ipset and iptables synchronization.

@hongliangl hongliangl changed the title Fix that when destroying ipset when updating NodeNetworkPolicy Fix that when destroying ipset when updating/deleting NodeNetworkPolicy Sep 30, 2024
@hongliangl hongliangl added this to the Antrea v2.2 release milestone Sep 30, 2024
@hongliangl hongliangl added action/backport Indicates a PR that requires backports. action/release-note Indicates a PR that should be included in release notes. labels Sep 30, 2024
@antoninbas
Copy link
Contributor

@hongliangl please fix the commit title / PR title (it's not a correct sentence), and add a commit message that explains what the issue was and what your change is doing.

@hongliangl
Copy link
Contributor Author

@hongliangl please fix the commit title / PR title (it's not a correct sentence), and add a commit message that explains what the issue was and what your change is doing.

Will do.

@hongliangl
Fix issue with ipset or iptables chain removal during NodeNetworkPoli…
87da3fe 
…cy updates or deletions

This commit addresses an issue where stale ipset or iptables chain is
not deleted during NodeNetworkPolicy updates or deletions. The root cause
is that the ipset or iptables chain is still referenced by other iptables
rules during the deletion or update attempt. The fix ensures proper order
of ipset and iptables synchronization.

Signed-off-by: Hongliang Liu <[email protected]>
@hongliangl hongliangl changed the title Fix that when destroying ipset when updating/deleting NodeNetworkPolicy Fix issue with ipset or iptables chain removal during NodeNetworkPolicy updates or deletions Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnqn tnqn Awaiting requested review from tnqn

@antoninbas antoninbas Awaiting requested review from antoninbas

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
action/backport Indicates a PR that requires backports. action/release-note Indicates a PR that should be included in release notes.
Projects
None yet
Milestone
Antrea v2.2 release
Development

Successfully merging this pull request may close these issues.

Error destroying ipset when deleting NodeNetworkPolicy
2 participants
@hongliangl @antoninbas