Fix array append

keithmattix · keithmattix · commit e849c68638c1 · 2022-04-28T15:16:24.000-05:00
Signed-off-by: Keith Mattix II &lt;keithmattix2@gmail.com&gt;
diff --git a/pkg/injector/init_container_test.go b/pkg/injector/init_container_test.go
@@ -138,12 +138,12 @@ EOF
 -A OSM_PROXY_INBOUND -p tcp -j OSM_PROXY_IN_REDIRECT
 -A OSM_PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
 -A OSM_PROXY_OUT_REDIRECT -p tcp --dport 15000 -j ACCEPT
--A OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner 1500 -j DNAT --to-destination $POD_IP
 -A OUTPUT -p tcp -j OSM_PROXY_OUTBOUND
 -A OSM_PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1500 -j OSM_PROXY_IN_REDIRECT
 -A OSM_PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1500 -j RETURN
 -A OSM_PROXY_OUTBOUND -m owner --uid-owner 1500 -j RETURN
 -A OSM_PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
+-I OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner 1500 -j DNAT --to-destination $POD_IP
 -A OSM_PROXY_OUTBOUND -j OSM_PROXY_OUT_REDIRECT
 COMMIT
 EOF
diff --git a/pkg/injector/iptables.go b/pkg/injector/iptables.go
@@ -101,7 +101,7 @@ func generateIptablesCommands(proxyMode configv1alpha2.LocalProxyMode, outboundI
 		// For envoy -> local service container proxying, send traffic to pod IP instead of localhost
 		// *Note: it is important to use the insert option '-I' instead of the append option '-A' to ensure the
 		// DNAT to the pod ip for envoy -> localhost traffic happens before the rule that redirects traffic to the proxy
-		iptablesOutboundStaticRules = append(cmds, fmt.Sprintf("-I OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner %d -j DNAT --to-destination $POD_IP", constants.EnvoyUID))
+		cmds = append(cmds, fmt.Sprintf("-I OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner %d -j DNAT --to-destination $POD_IP", constants.EnvoyUID))
 	}
 
 	// Ignore outbound traffic in specified interfaces
diff --git a/pkg/injector/iptables_test.go b/pkg/injector/iptables_test.go
@@ -112,12 +112,12 @@ EOF
 -A OSM_PROXY_INBOUND -p tcp -j OSM_PROXY_IN_REDIRECT
 -A OSM_PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
 -A OSM_PROXY_OUT_REDIRECT -p tcp --dport 15000 -j ACCEPT
--A OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner 1500 -j DNAT --to-destination $POD_IP
 -A OUTPUT -p tcp -j OSM_PROXY_OUTBOUND
 -A OSM_PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1500 -j OSM_PROXY_IN_REDIRECT
 -A OSM_PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1500 -j RETURN
 -A OSM_PROXY_OUTBOUND -m owner --uid-owner 1500 -j RETURN
 -A OSM_PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
+-I OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner 1500 -j DNAT --to-destination $POD_IP
 -A OSM_PROXY_OUTBOUND -j OSM_PROXY_OUT_REDIRECT
 COMMIT
 EOF
diff --git a/tests/e2e/e2e_client_server_connectivity_test.go b/tests/e2e/e2e_client_server_connectivity_test.go

Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ func generateIptablesCommands(proxyMode configv1alpha2.LocalProxyMode, outboundI`
`101`	`101`	`// For envoy -> local service container proxying, send traffic to pod IP instead of localhost`
`102`	`102`	`// *Note: it is important to use the insert option '-I' instead of the append option '-A' to ensure the`
`103`	`103`	`// DNAT to the pod ip for envoy -> localhost traffic happens before the rule that redirects traffic to the proxy`
`104`		`- iptablesOutboundStaticRules = append(cmds, fmt.Sprintf("-I OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner %d -j DNAT --to-destination $POD_IP", constants.EnvoyUID))`
	`104`	`+ cmds = append(cmds, fmt.Sprintf("-I OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner %d -j DNAT --to-destination $POD_IP", constants.EnvoyUID))`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`// Ignore outbound traffic in specified interfaces`