Rejecting connections to node

[tomahzo]

What happened?

When the service starts, it doesn't fill ipset kube-router-local-ips, configured firewall rules then reject connections to node and kubernetes cluster is down.

What did you expect to happen?

Fill the ipset kube-router-local-ips and allow communication to node's ports.

How can we reproduce the behavior you experienced?

Steps to reproduce the behavior:

1. Do not have or have empty ipset kube-router-local-ips
2. Do not modify the ipset kube-router-local-ips by anything else
3. Deploy kube-router to kubernetes with --run-service-proxy and --run-firewall
4. Now the node should be unaccessible

System Information (please complete the following information)

• Kube-Router Version (kube-router --version): 2.6.1
• Kube-Router Parameters: --run-router=true --run-firewall=true --run-service-proxy=true
• Kubernetes Version (kubectl version) : 1.33.5
• Cloud Type: on premise
• Kubernetes Deployment Type: kubeadm
• Kube-Router Deployment Type: DaemonSet
• Cluster Size: 5 Nodes

Additional context

This is caused by last changes (2191414) in Pull Request(#1919), where just the serviceIPsIPSetName and serviceIPPortsSetName are refreshed, but not localIPsIPSetName.

[tomahzo]

Corrected additional context:

serviceIPsIPSetName and serviceIPPortsSetName are restored, but not localIPsIPSetName

[aauren]

Thanks for reporting this. I've been looking into this on and off for the last week and am realizing there is even more wrong with that commit than just this.

I also broke ipv6 support too. I'll go ahead and merge your PR now but I want to take a step back, invest in some holistic regression tests for the ipset logic and fix IPv6 before I cut a new release.