fix(vpn): use image with iptables

bacchus-snu · Oct 19, 2024 · 4da3d19 · 4da3d19
1 parent e409956
commit 4da3d19
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/argocd/waiter/bacchus-vpn/kustomization.yaml b/argocd/waiter/bacchus-vpn/kustomization.yaml
@@ -12,8 +12,8 @@ labels:
     includeSelectors: true
 
 images:
-  - name: busybox
-    newTag: '1.37'
+  - name: alpine
+    newTag: '3.20'
   - name: kubectl
     newName: bitnami/kubectl
     newTag: '1.30'

diff --git a/argocd/waiter/bacchus-vpn/statefulset.yaml b/argocd/waiter/bacchus-vpn/statefulset.yaml
@@ -17,15 +17,16 @@ spec:
     spec:
       initContainers:
         - name: network-setup
-          image: busybox # replaced by kustomize
+          image: alpine # replaced by kustomize
           command:
             - sh
             - -c
             - |
                 # enable ip forwarding
                 sysctl -w net.ipv4.ip_forward=1
                 # clamp MSS to PMTU
-                iptables -A iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+                apk add iptables
+                iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
           securityContext:
             privileged: true
         - name: envoy-patch

diff --git a/argocd/waiter/lab-vpn/deployment.yaml b/argocd/waiter/lab-vpn/deployment.yaml
@@ -19,15 +19,16 @@ spec:
     spec:
       initContainers:
         - name: sysctl-forward
-          image: busybox:1.36
+          image: alpine # replaced by kustomize
           command:
             - sh
             - -c
             - |
                 # enable ip forwarding
                 sysctl -w net.ipv4.ip_forward=1
                 # clamp MSS to PMTU
-                iptables -A iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+                apk add iptables
+                iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
           securityContext:
             privileged: true
       containers:

diff --git a/argocd/waiter/lab-vpn/kustomization.yaml b/argocd/waiter/lab-vpn/kustomization.yaml
@@ -4,8 +4,8 @@ resources:
   - secret.yaml
 
 images:
-  - name: busybox
-    newTag: '1.37'
+  - name: alpine
+    newTag: '3.20'
   - name: lab-vpn
     newName: ghcr.io/bacchus-snu/lab-vpn
     digest: sha256:38876c845d270b2c3d1957db122f4647ebb8f77de48bccf4902372f78014e99f