ci: fix cilium chaining with underlay networking

[zhangzujian]

Pull Request

• Make sure you have followed Kube-OVN Code Style.

What type of this PR

Examples of user facing changes:

• Features
• Bug fixes
• Docs
• Tests

Which issue(s) this PR fixes

Fixes #(issue-number)

[gemini-code-assist]

Hello @zhangzujian, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request addresses an issue with Cilium chaining when using underlay networking in Kube-OVN. The change adds a rule to the raw table in iptables to ensure proper traffic handling. Specifically, it adds a PREROUTING rule to the raw table, similar to the existing rule added to the filter table.

Highlights

• Bug Fix: Fixes an issue where Cilium chaining was not working correctly with underlay networking.
• iptables Rule: Adds a new iptables rule to the raw table's PREROUTING chain to handle traffic correctly.

Changelog

• Makefile
  • Added a new iptables rule to the raw table's PREROUTING chain.
  • Ensured that the iptables rule is added only if it doesn't already exist.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

The packets flow,
Through chains of iptables,
Underlay fixed.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request addresses an issue with Cilium chaining when using underlay networking. The change adds a new iptables rule to the raw table to ensure proper traffic handling. Overall, the change seems reasonable, but I have a few suggestions to improve clarity and maintainability.

Summary of Findings

• Missing context for iptables rule: The commit message and description lack context on why the new iptables rule is needed. Adding this context would improve the understandability of the change.
• Duplicated command in add_docker_iptables_rule definition: The add_docker_iptables_rule definition contains a duplicated command for the filter table. This could be simplified.

Merge Readiness

The code change appears to address the described issue. However, adding more context to the commit message and simplifying the duplicated command would improve the overall quality of the code. I am unable to approve this pull request, and other reviewers should also review this code before merging. I recommend addressing the medium severity issue before merging.

[coveralls]

Pull Request Test Coverage Report for Build 14919283708

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 2 unchanged lines in 1 file lost coverage.
• Overall coverage decreased (-0.005%) to 21.718%

---

Files with Coverage Reduction	New Missed Lines	%
pkg/ovs/ovn-nb-logical_router_route.go	2	74.6%

Totals
Change from base Build 14917728580:	-0.005%
Covered Lines:	10253
Relevant Lines:	47209

---

💛 - Coveralls