Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ambient cni node agent: Reconcile pod iptables rules on startup #53906

Open
wants to merge 31 commits into
base: master
Choose a base branch
from

Conversation

bleggett
Copy link
Contributor

@bleggett bleggett commented Nov 14, 2024

Please provide a description of this PR:

This depends on (and currently pulls in, as that's not merged yet) #53153, and fixes istio/ztunnel#1360

Most of the interesting bits are in that PR - this one just makes sure we run through all the "existing" ambient pods we find on ambient node agent startup, and run the iptables logic (which as of #53153 now support idempotency/reconciliation) on all of them.

This means that if you upgrade istio-cni it will make sure to rewrite all inpod iptables rules for pods (that would have been configured by the older version) to match what the current release expects.

(also did minor reordering of net.go and server.go to be less confusing to navigate, apologies)

Note

Note that this PR is targeting 1.25, and is defaulting this feature to ON.

@bleggett bleggett requested review from a team as code owners November 14, 2024 23:50
@istio-testing istio-testing added the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Nov 14, 2024
@istio-policy-bot istio-policy-bot added the area/ambient Issues related to ambient mesh label Nov 14, 2024
@istio-testing istio-testing added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Nov 14, 2024
@bleggett bleggett force-pushed the bleggett/ambient-cni-reconcile-pods-on-startup branch from 54e1131 to 23143de Compare November 14, 2024 23:50
@bleggett bleggett mentioned this pull request Nov 14, 2024
24 tasks
@bleggett bleggett added the cherrypick/release-1.24 Set this label on a PR to auto-merge it to the release-1.24 branch label Nov 14, 2024
@bleggett bleggett force-pushed the bleggett/ambient-cni-reconcile-pods-on-startup branch from 23143de to ff9e813 Compare November 15, 2024 00:03
@istio-testing istio-testing added the needs-rebase Indicates a PR needs to be rebased before being merged label Nov 15, 2024
@bleggett bleggett force-pushed the bleggett/ambient-cni-reconcile-pods-on-startup branch from a3d557f to c72f0b9 Compare November 15, 2024 21:27
@istio-testing istio-testing removed the needs-rebase Indicates a PR needs to be rebased before being merged label Nov 15, 2024
Signed-off-by: Benjamin Leggett <[email protected]>
@bleggett bleggett force-pushed the bleggett/ambient-cni-reconcile-pods-on-startup branch from c72f0b9 to d5313c5 Compare November 15, 2024 21:57
Signed-off-by: Benjamin Leggett <[email protected]>
Signed-off-by: Benjamin Leggett <[email protected]>
Signed-off-by: Benjamin Leggett <[email protected]>
@keithmattix keithmattix mentioned this pull request Nov 18, 2024
10 tasks
@bleggett bleggett changed the title [WIP] Ambient cni node agent: Reconcile pod iptables rules on startup Ambient cni node agent: Reconcile pod iptables rules on startup Nov 19, 2024
@istio-testing istio-testing removed the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Nov 19, 2024
@bleggett bleggett added do-not-merge Block automatic merging of a PR. do-not-merge/hold Block automatic merging of a PR. and removed do-not-merge Block automatic merging of a PR. labels Nov 19, 2024
@istio-testing
Copy link
Collaborator

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@istio-testing istio-testing added the needs-rebase Indicates a PR needs to be rebased before being merged label Nov 22, 2024
@bleggett
Copy link
Contributor Author

Will rebase when #53153 goes in.

bleggett added a commit to bleggett/istio that referenced this pull request Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ambient Issues related to ambient mesh cherrypick/release-1.24 Set this label on a PR to auto-merge it to the release-1.24 branch do-not-merge/hold Block automatic merging of a PR. needs-rebase Indicates a PR needs to be rebased before being merged size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
4 participants