Special thanks to @makhov and @jnummelin for contributing to this release!
Changelog
- fe3e8b0 - Bump to go 1.19 / alpine 3.16 <@mrueg>
- 8574163 - iptables mode selection fixed. iptables-wrapper script updated to the latest upstream version <@makhov>
The primary reason for this bug fix was to update Alpine to 3.16 so that we got a more recent version of the iptables user-space binaries in the kube-router container (iptables-1.8.8
). This helps address the issues found by @jnummelin in #1370 where iptables mark
attributes can be lost when the host's user-space version of iptables
is greater than the kube-router container's version.
As per the newly updated docs: https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md#requirements it is recommended that users who:
- use kube-router as a container deployment AND...
- operate iptables from the host's user-space tooling AND...
- utilize the network policy feature-set of kube-router (
--run-firewall
)
Keep the host's user-space tooling (e.g. iptables
, ipset
, ipvsadm
, etc.) in sync with the version contained in kube-router's container as much as possible to avoid potential problems with firewall rule data loss.
This will hold true, until there is some resolve to the upstream issue (https://bugzilla.netfilter.org/show_bug.cgi?id=1632) which would help us identify when there might be potential for conflict or loss in the future before writing rules.