Revert "gha: cleanup stale AWS-CNI iptables rules in EKS tunnel workf…

…low" This reverts commit bbebbfa. Let's revert the flush stale AWS-CNI iptables rules workaround, as this operation is now automatically handled by Cilium [1,2]. Since bumping the Cilium version used in the EKS workflows to one which includes all fixes (v1.14.6), this workaround has also started failing, as the stale rules attempted to be removed are no longer present. [1]: cilium/cilium#28697 [2]: cilium/cilium#29448 Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
cilium · Jan 30, 2024 · dc01eb0 · dc01eb0
1 parent 976322c
commit dc01eb0
Showing 1 changed file with 0 additions and 13 deletions.
diff --git a/.github/in-cluster-test-scripts/eks-tunnel.sh b/.github/in-cluster-test-scripts/eks-tunnel.sh
@@ -25,19 +25,6 @@ cilium status --wait
 # Make sure the 'aws-node' DaemonSet exists but has no scheduled pods
 [[ $(kubectl -n kube-system get ds/aws-node -o jsonpath='{.status.currentNumberScheduled}') == 0 ]]
 
-# Clean up stale AWS-CNI iptables rules, which break host to pod connectivity (cilium/cilium#25804)
-CLEANUP_CMD="\
-    iptables -t nat -F AWS-SNAT-CHAIN-0 && \
-    iptables -t nat -F AWS-SNAT-CHAIN-1 && \
-    iptables -t nat -F AWS-CONNMARK-CHAIN-0 && \
-    iptables -t nat -F AWS-CONNMARK-CHAIN-1"
-kubectl get pod \
-    -n kube-system \
-    -l app.kubernetes.io/name=cilium-agent \
-    -o custom-columns=name:metadata.name --no-headers \
-    | xargs -I{} kubectl exec {} -n kube-system -c cilium-agent \
-      -- sh -c "$CLEANUP_CMD"
-
 # Port forward Relay
 cilium hubble port-forward&
 sleep 10s