Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NfTables chain does not get updated with latest KubeSpan peer when allowDownPeerBypass: true #8498

Closed
Tracked by #8481
utkuozdemir opened this issue Mar 27, 2024 · 0 comments · Fixed by #8538
Closed
Tracked by #8481

NfTables chain does not get updated with latest KubeSpan peer when allowDownPeerBypass: true #8498

utkuozdemir opened this issue Mar 27, 2024 · 0 comments · Fixed by #8538
Assignees
@smira

Comments

@utkuozdemir
Copy link
Member

Bug Report

Description

When KubeSpan is enabled with allowDownPeerBypass: true, kubespan.ManagerController does not update the NfTablesChains resources to include the IPs of the newly joined peer.

It seems to be caused by the combination of:

Environment

  • Talos version: 1.6.4
  • Kubernetes version: 1.28.6
  • Platform: Metal
@smira smira mentioned this issue Apr 1, 2024
Closed
@smira smira self-assigned this Apr 1, 2024
smira added a commit to smira/talos that referenced this issue Apr 3, 2024
@smira
fix: always update firewall rules (kubespan)
5e81758 
Fixes siderolabs#8498

Before KubeSpan was reimplemented to use resources for firewall rules,
the update was happening always, but it got moved to a wrong section of
the controller which gets executed on resource updates, but ignores
updates of the peer statuses.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
@smira smira mentioned this issue Apr 3, 2024
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 5, 2024
smira added a commit to smira/talos that referenced this issue Jul 22, 2024
@smira
fix: always update firewall rules (kubespan)
67c76e8 
Fixes siderolabs#8498

Before KubeSpan was reimplemented to use resources for firewall rules,
the update was happening always, but it got moved to a wrong section of
the controller which gets executed on resource updates, but ignores
updates of the peer statuses.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit e7d8041)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@smira smira

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: always update firewall rules (kubespan) smira/talos
2 participants
@smira @utkuozdemir