[Forwardport] [NPM] fix: Update Iptables to Legacy (#3782) #3842
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* added legacy * typo * updated tests * updated for all tests
|
/azp run Azure Container Networking PR |
There was a problem hiding this comment.
Pull Request Overview
This PR updates the Azure Network Policy Manager (NPM) to use legacy iptables commands instead of default iptables, addressing crashloopbackoffs that occur when running on CBL-Mariner/Linux nodepools after the Ubuntu base image was updated from 20.04 to 24.04.
- Updates iptables constant definitions to use legacy variants (
iptables-legacy,iptables-legacy-save,iptables-legacy-restore) - Updates all test cases to reflect the new legacy iptables command usage
- Ensures compatibility with the behavioral changes in Ubuntu 24.04's iptables implementation
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| npm/util/const.go | Updates iptables constant definitions to use legacy variants |
| npm/pkg/dataplane/policies/testutils_linux.go | Updates test utility commands to use legacy iptables |
| npm/pkg/dataplane/policies/chain-management_linux_test.go | Updates all test cases to expect legacy iptables commands |
|
/azp run NPM Conformance Tests |
|
/azp run NPM Scale Test |
|
Azure Pipelines successfully started running 1 pipeline(s). |
1 similar comment
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Azure Pipelines successfully started running 1 pipeline(s). |
matmerr
approved these changes
Jul 17, 2025
nddq
approved these changes
Jul 18, 2025
rayaisaiah
deleted the
isaiahraya/fowardport-fix-iptables-legacy-with-ubuntu2404
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for Change:
Forwardport the bug fix made in #3782 to master branch.
Updates iptables to
legacyfix crashloopbackoffs inCBL-Mariner/Linuxnodepools.Issue Fixed:
NPM's Ubuntu base image was recently updated to
24.04from20.04as the older version was EOL (see: #3743). There was a behavioral change between the 2 Ubuntu versions that required NPM to specifylegacyfor its Iptables.Error: failed to create dataplane with error Operation [BootupDataplane] failed with error code [999], full cmd [], full error failed to reset policy dataplane: Operation [BootupPolicyManager] failed with error code [999], full cmd [], full error failed to bootup policy manager: failed to detect iptables version: unable to locate which iptables version kube proxy is usingRequirements:
Notes: