Skip to content

Revert upgrade to buster based on CNI test failure after merge#3486

Merged
cpretzer merged 1 commit intomasterfrom
cpretzer/revert-upgrade-to-buster
Sep 26, 2019
Merged

Revert upgrade to buster based on CNI test failure after merge#3486
cpretzer merged 1 commit intomasterfrom
cpretzer/revert-upgrade-to-buster

Conversation

@cpretzer
Copy link
Contributor

@cpretzer cpretzer commented Sep 26, 2019

Signed off by "Charles Pretzer" charles@buoyant.io

Tested locally and there were no failures.

@cpretzer cpretzer requested review from alpeb and siggy September 26, 2019 19:32
alpeb
alpeb approved these changes Sep 26, 2019
View reviewed changes
Copy link
Member

@alpeb alpeb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cpretzer Ah I guess this is related to the iptables issue @siggy mentioned in the other PR?

siggy
siggy approved these changes Sep 26, 2019
View reviewed changes
Copy link
Member

@siggy siggy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm pending ci 👍 🚢

@cpretzer cpretzer merged commit 8f83a56 into master Sep 26, 2019
@codeman9
Copy link
Contributor

codeman9 commented Sep 27, 2019
edited
Loading

Ah yes. We ran into something like this with our aws proxy. This page describes what happened: https://wiki.debian.org/nftables we ended up reverting buster to using iptables-legacy.

more specifically, our dockerfile has these lines:

RUN echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
RUN echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
RUN apt install -y iptables-persistent apt-utils
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy

olix0r added a commit that referenced this pull request Jun 3, 2020
@olix0r
Use buster-20200514-slim for proxy base image
f5b1983 
Our stretch images contain some libraries/utilities with CVEs. While we
can't yet upgrade all containers (see #3486), we can upgrade the proxy
image (which is the most widely deployed).
@olix0r olix0r mentioned this pull request Jun 3, 2020
Merged
olix0r added a commit that referenced this pull request Jun 3, 2020
@olix0r
Use buster-20200514-slim for proxy base image (#4542)
e2ba1bc 
Our stretch images contain some libraries/utilities with CVEs. While we
can't yet upgrade all containers (see #3486), we can upgrade the proxy
image (which is the most widely deployed).
@joakimr-axis joakimr-axis mentioned this pull request Jun 8, 2020
Merged
@olix0r olix0r deleted the cpretzer/revert-upgrade-to-buster branch October 13, 2020 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@siggy siggy siggy approved these changes

@alpeb alpeb alpeb approved these changes

Assignees

@cpretzer cpretzer

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cpretzer @codeman9 @siggy @alpeb