Remove legacy iptables configuration from init scripts (#2834)

With newer version of k8s, anything using iptables could use iptables-wrappers to figure out the backend is legacy or nft. Force the iptable to use legacy is not necessary anymore. Signed-off-by: liyi huang <pdshly@gmail.com>
2025-12-25 17:12:50 +00:00 · 2025-11-02 22:30:16 -05:00 · 2025-11-02 22:30:16 -05:00 · 1843ff66b2
parent 4c71311fe2
commit 1843ff66b2
2 changed files with 0 additions and 20 deletions
--- a/builtin/capkk/roles/init/init-os/templates/init-os.sh
+++ b/builtin/capkk/roles/init/init-os/templates/init-os.sh
@ -256,13 +256,3 @@ EOF

 sync
 # echo 3 > /proc/sys/vm/drop_caches
-
-# Make sure the iptables utility doesn't use the nftables backend.
-{{- if .internal_ipv4 | empty | not }}
-update-alternatives --set iptables /usr/sbin/iptables-legacy >/dev/null 2>&1 || true
-{{- end }}
-{{- if .internal_ipv6 | empty | not }}
-update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy >/dev/null 2>&1 || true
-{{- end }}
-update-alternatives --set arptables /usr/sbin/arptables-legacy >/dev/null 2>&1 || true
-update-alternatives --set ebtables /usr/sbin/ebtables-legacy >/dev/null 2>&1 || true
--- a/builtin/core/roles/native/init/templates/init-os.sh
+++ b/builtin/core/roles/native/init/templates/init-os.sh
@ -203,13 +203,3 @@ sysctl -p

 sync
 echo 3 > /proc/sys/vm/drop_caches
-
-# Make sure the iptables utility doesn't use the nftables backend.
-{{- if .internal_ipv4 | empty | not }}
-update-alternatives --set iptables /usr/sbin/iptables-legacy >/dev/null 2>&1 || true
-{{- end }}
-{{- if .internal_ipv6 | empty | not }}
-update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy >/dev/null 2>&1 || true
-{{- end }}
-update-alternatives --set arptables /usr/sbin/arptables-legacy >/dev/null 2>&1 || true
-update-alternatives --set ebtables /usr/sbin/ebtables-legacy >/dev/null 2>&1 || true