Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1720677

Summary: [Backport][OCP4.1] Fix panic in kube-proxy when iptables-save prints to stderr
Product: OpenShift Container Platform Reporter: Michal Minar <miminar>
Component: NetworkingAssignee: Jacob Tanenbaum <jtanenba>
Status: CLOSED ERRATA QA Contact: zhaozhanqi <zzhao>
Severity: high Docs Contact:
Priority: medium    
Version: 4.1.0CC: aos-bugs, bbennett, bmeng, cdc, maschmid, mifiedle, mluksa, rcarrata, rdiazgav, sponnaga, wsun
Target Milestone: ---   
Target Release: 4.1.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: 4.1.6
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The Openshift service proxy incorrectly handled output when both iptables and nftables rules are in use. Consequence: When using istio or other tools that install legacy iptables rules, openshift-sdn on the node would crashloop. Fix: openshift-sdn was updated to correctly handle iptables output in mixed mode. Result: Containers can once again install legacy iptables rules.
 Story Points: ---
Clone Of: 1711158 Environment:
Last Closed: 2019-07-23 18:12:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1711158    
Bug Blocks:    

Comment 1 Michal Minar 2019-06-14 14:10:23 UTC 
Opened per cdc 's suggestion.

Blocks validation of SAP Data Hub 2.5.1 release on OCP 4.1.
One of its pods requires iptable_nat kernel module loaded to modify the iptables rules. This works on OCP 3.x releases.

Copy&pasting the referenced fix [1] that needs to be backported to 4.1.z to make it publicly visible.

[1] https://github.com/kubernetes/kubernetes/pull/78428
Comment 3 zhaozhanqi 2019-07-05 08:09:59 UTC 
verified this bug on 4.1.0-0.nightly-2019-07-03-205519

1) when deploying the istio according to steps https://bugzilla.redhat.com/show_bug.cgi?id=1711158#c9
2) check the openshift-sdn pod are working well and no panic logs found
Comment 5 errata-xmlrpc 2019-07-23 18:12:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1766