Skip to content

[Forwardport] [NPM] fix: Update Iptables to Legacy (#3782) #3842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 18, 2025
Merged

[Forwardport] [NPM] fix: Update Iptables to Legacy (#3782) #3842

merged 1 commit into from
Jul 18, 2025

Conversation

@rayaisaiah
Copy link
Contributor

@rayaisaiah rayaisaiah commented Jul 17, 2025

Reason for Change:
Forwardport the bug fix made in #3782 to master branch.

Updates iptables to legacy fix crashloopbackoffs in CBL-Mariner/Linux nodepools.

Issue Fixed:
NPM's Ubuntu base image was recently updated to 24.04 from 20.04 as the older version was EOL (see: #3743). There was a behavioral change between the 2 Ubuntu versions that required NPM to specify legacy for its Iptables.

Error: failed to create dataplane with error Operation [BootupDataplane] failed with error code [999], full cmd [], full error failed to reset policy dataplane: Operation [BootupPolicyManager] failed with error code [999], full cmd [], full error failed to bootup policy manager: failed to detect iptables version: unable to locate which iptables version kube proxy is using

Requirements:

Notes:

@rayaisaiah
[NPM] fix: Update Iptables to Legacy (#3782)
2f4ccf6 
* added legacy

* typo

* updated tests

* updated for all tests
Copilot AI review requested due to automatic review settings July 17, 2025 20:55
@rayaisaiah rayaisaiah requested a review from a team as a code owner July 17, 2025 20:55
@rayaisaiah rayaisaiah requested a review from vakalapa July 17, 2025 20:55
@rayaisaiah
Copy link
Contributor Author

rayaisaiah commented Jul 17, 2025

/azp run Azure Container Networking PR

Copilot AI reviewed Jul 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the Azure Network Policy Manager (NPM) to use legacy iptables commands instead of default iptables, addressing crashloopbackoffs that occur when running on CBL-Mariner/Linux nodepools after the Ubuntu base image was updated from 20.04 to 24.04.

  • Updates iptables constant definitions to use legacy variants (iptables-legacy, iptables-legacy-save, iptables-legacy-restore)
  • Updates all test cases to reflect the new legacy iptables command usage
  • Ensures compatibility with the behavioral changes in Ubuntu 24.04's iptables implementation

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
npm/util/const.go Updates iptables constant definitions to use legacy variants
npm/pkg/dataplane/policies/testutils_linux.go Updates test utility commands to use legacy iptables
npm/pkg/dataplane/policies/chain-management_linux_test.go Updates all test cases to expect legacy iptables commands

@rayaisaiah
Copy link
Contributor Author

rayaisaiah commented Jul 17, 2025

/azp run NPM Conformance Tests

@rayaisaiah
Copy link
Contributor Author

rayaisaiah commented Jul 17, 2025

/azp run NPM Scale Test

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 17, 2025

Azure Pipelines successfully started running 1 pipeline(s).

1 similar comment
@azure-pipelines
Copy link

azure-pipelines bot commented Jul 17, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@rayaisaiah rayaisaiah added the npm Related to NPM. label Jul 17, 2025
@azure-pipelines
Copy link

azure-pipelines bot commented Jul 17, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@rayaisaiah
Copy link
Contributor Author

rayaisaiah commented Jul 17, 2025
edited
Loading

Scale: https://msazure.visualstudio.com/One/_build/results?buildId=130773105&view=results
Conformance: https://msazure.visualstudio.com/One/_build/results?buildId=130771246&view=results
Conformance Part 2: https://msazure.visualstudio.com/One/_build/results?buildId=130779470&view=results

@rayaisaiah rayaisaiah enabled auto-merge July 18, 2025 16:26
@rayaisaiah rayaisaiah added this pull request to the merge queue Jul 18, 2025
Merged via the queue into master with commit f2d2be5 Jul 18, 2025
28 of 33 checks passed
@rayaisaiah rayaisaiah deleted the isaiahraya/fowardport-fix-iptables-legacy-with-ubuntu2404 branch July 18, 2025 19:23
NihaNallappagari pushed a commit to NihaNallappagari/azure-container-networking that referenced this pull request Sep 4, 2025
@rayaisaiah @NihaNallappagari
[Forwardport] [NPM] fix: Update Iptables to Legacy (Azure#3782) (Azur…
2f2ff47 
…e#3842)

[NPM] fix: Update Iptables to Legacy (Azure#3782)

* added legacy

* typo

* updated tests

* updated for all tests
sivakami-projects pushed a commit that referenced this pull request Oct 23, 2025
@rayaisaiah
[Forwardport] [NPM] fix: Update Iptables to Legacy (#3782) (#3842)
85bfa33 
[NPM] fix: Update Iptables to Legacy (#3782)

* added legacy

* typo

* updated tests

* updated for all tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@matmerr matmerr matmerr approved these changes

@nddq nddq nddq approved these changes

@vakalapa vakalapa Awaiting requested review from vakalapa vakalapa is a code owner automatically assigned from Azure/acn-npm-reviewers

Assignees

No one assigned

Labels

linux npm Related to NPM.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rayaisaiah @matmerr @nddq