From 6328e5fb801f0485f8cce391348141ab7984ad19 Mon Sep 17 00:00:00 2001 From: Charles Pretzer Date: Wed, 18 Sep 2019 23:21:22 +0200 Subject: [PATCH 1/4] Update Dockerfile to use buster Signed-off-by: Charles Pretzer --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f777c5bd..a5b11ad2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ARG TARGETARCH RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -o /out/linkerd2-proxy-init -mod=readonly -ldflags "-s -w" -v ## package runtime -FROM --platform=$TARGETPLATFORM debian:stretch-20190812-slim +FROM --platform=$TARGETPLATFORM debian:buster-20190910-slim RUN apt-get update \ && apt-get install -y --no-install-recommends \ iptables \ From 90564a2a04258a41fa20754b94952bde9fc44031 Mon Sep 17 00:00:00 2001 From: Charles Pretzer Date: Tue, 16 Jun 2020 17:50:14 -0700 Subject: [PATCH 2/4] Update base image to buster-20200514-slim Signed-off-by: Charles Pretzer --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a5b11ad2..49bbd75a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ARG TARGETARCH RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -o /out/linkerd2-proxy-init -mod=readonly -ldflags "-s -w" -v ## package runtime -FROM --platform=$TARGETPLATFORM debian:buster-20190910-slim +FROM --platform=$TARGETPLATFORM debian:buster-20200514-slim RUN apt-get update \ && apt-get install -y --no-install-recommends \ iptables \ From 507950a5e3f99aefb141a9658a4e71a2a2601611 Mon Sep 17 00:00:00 2001 From: Charles Pretzer Date: Wed, 17 Jun 2020 21:22:14 -0700 Subject: [PATCH 3/4] Use iptables-legacy for the init container Signed-off-by: Charles Pretzer --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 49bbd75a..17e7c41c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,9 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends \ iptables \ procps \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && update-alternatives --set iptables /usr/sbin/iptables-legacy \ + && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy COPY LICENSE /linkerd/LICENSE COPY --from=golang /out/linkerd2-proxy-init /usr/local/bin/proxy-init ENTRYPOINT ["/usr/local/bin/proxy-init"] From 73ca66d6492f59c2e71effa09342042800796cb6 Mon Sep 17 00:00:00 2001 From: Charles Pretzer Date: Tue, 14 Jul 2020 09:52:14 -0700 Subject: [PATCH 4/4] Add volumes and volumeMount keys to test yaml Signed-off-by: Charles Pretzer --- .../iptables/iptablestest-lab.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/integration_test/iptables/iptablestest-lab.yaml b/integration_test/iptables/iptablestest-lab.yaml index 3f5969f7..16400545 100644 --- a/integration_test/iptables/iptablestest-lab.yaml +++ b/integration_test/iptables/iptablestest-lab.yaml @@ -83,6 +83,12 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: false runAsUser: 0 + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock + volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock --- apiVersion: v1 kind: Service @@ -132,6 +138,12 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: false runAsUser: 0 + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock + volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock --- apiVersion: v1 kind: Pod @@ -188,3 +200,9 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: false runAsUser: 0 + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock + volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock