Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated backport of #2889: Revert "Create xtables.lock as a file if it doesn't already #2890

Merged
merged 1 commit into from
Nov 15, 2023
Merged

Automated backport of #2889: Revert "Create xtables.lock as a file if it doesn't already #2890

merged 1 commit into from
Nov 15, 2023

Conversation

skitt
Copy link
Member

@skitt skitt commented Nov 14, 2023

Backport of #2889 on release-0.16.

#2889: Revert "Create xtables.lock as a file if it doesn't already

For details on the backport process, see the backport requests page.

@skitt
Revert "Create xtables.lock as a file if it doesn't already exist"
f6b620a 
This reverts commit 93f8d3a.

The xtables.lock mount was fixed to specify its type: it must exist as
a file, or be created as a file.

xtables.lock is only used with legacy iptables. On platforms using
iptables-nft, the file isn't used and doesn't exist. As a result,
previous versions of Submariner created it as a directory (this is the
default behaviour for volume mounts in Kubernetes: if the mount
doesn't exist, it is created as a directory). When the volume mount
type is specified as a file, the existence of a directory causes the
mount to fail and the corresponding pod is never scheduled.

To avoid this, revert to the default behaviour. On systems where the
lock is important, it already exists so the directory isn't created
and the correct behaviour is guaranteed. On systems where the lock
isn't needed, it is created as a directory but that doesn't matter.

Future releases of Submariner will have to deal with this correctly,
and handle upgrades, ideally without mounting all of /run
permanently.

Signed-off-by: Stephen Kitt <[email protected]>
@skitt skitt requested a review from tpantelis as a code owner November 14, 2023 13:48
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr2890/skitt/automated-backport-of-#2889-origin-release-0.16
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@submariner-bot submariner-bot added the ready-to-test When a PR is ready for full E2E testing label Nov 15, 2023
@tpantelis tpantelis merged commit ba28f89 into submariner-io:release-0.16 Nov 15, 2023
47 checks passed
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr2890/skitt/automated-backport-of-#2889-origin-release-0.16]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sridhargaddam sridhargaddam sridhargaddam approved these changes

@dfarrell07 dfarrell07 dfarrell07 approved these changes

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@tpantelis tpantelis Awaiting requested review from tpantelis tpantelis is a code owner

Assignees
No one assigned
Labels
automated-backport ready-to-test When a PR is ready for full E2E testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@skitt @submariner-bot @dfarrell07 @sridhargaddam @tpantelis