Use manual test to ensure iptables-* binaries are present #1880
Conversation
The sanity check in iptables-wrapper-installer.sh doesn't work for multi-arch images so we need to disable it.
thomasferrandiz
force-pushed
the
remove-no-sanity-check
branch
from
ea81746
to
d141df8
Compare
thomasferrandiz
changed the title
| @@ -33,6 +33,9 @@ COPY --from=build /build/dist/flanneld /opt/bin/flanneld | |||
| COPY dist/mk-docker-opts.sh /opt/bin/ | |||
| COPY --from=build /iptables-wrapper/iptables-wrapper-installer.sh / | |||
| COPY --from=build /iptables-wrapper/bin/iptables-wrapper / | |||
| # check manually that iptables-legacy and iptables-nft are present since | |||
| # iptables-wrapper-installer.sh sanity check doesn't work for multi-arch build | |||
There was a problem hiding this comment.
but if you look at the last line, it says --no-sanity-check, are we really doing the sanity check?
There was a problem hiding this comment.
no because it doesn't work.
Instead I use which to check that iptables-nft and iptables-legacy exist in the image
|
in a multi-arch build,
the script actually tries to run |
Thanks for the explanation. Do you think it still makes sense to keep it then? |
|
I wasn't clear above. |
The sanity check in
iptables-wrapper-installer.shis important in case a version of the base image for some arch doesn't include all the needed iptables-related files.But it fails for multi-arch build so we have to use a manual test.
Description
Todos
Release Note