-
Notifications
You must be signed in to change notification settings - Fork 7.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ambient cni node agent: Reconcile pod iptables rules on startup #53906
Open
bleggett
wants to merge
31
commits into
istio:master
Choose a base branch
from
bleggett:bleggett/ambient-cni-reconcile-pods-on-startup
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Ambient cni node agent: Reconcile pod iptables rules on startup #53906
bleggett
wants to merge
31
commits into
istio:master
from
bleggett:bleggett/ambient-cni-reconcile-pods-on-startup
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
istio-testing
added
the
do-not-merge/work-in-progress
Block merging of a PR because it isn't ready yet.
label
Nov 14, 2024
istio-testing
added
the
size/XXL
Denotes a PR that changes 1000+ lines, ignoring generated files.
label
Nov 14, 2024
bleggett
force-pushed
the
bleggett/ambient-cni-reconcile-pods-on-startup
branch
from
November 14, 2024 23:50
54e1131
to
23143de
Compare
bleggett
added
the
cherrypick/release-1.24
Set this label on a PR to auto-merge it to the release-1.24 branch
label
Nov 14, 2024
bleggett
force-pushed
the
bleggett/ambient-cni-reconcile-pods-on-startup
branch
from
November 15, 2024 00:03
23143de
to
ff9e813
Compare
Change-Id: I7053c7e8665c320b871be8649bab5c4d0c7fc3c6
Change-Id: Ib636985911338401aeefb9d03e8789af2b65e9c9
Change-Id: Id949704a143602c9b2ff59d35394088db186f4bc
istio-testing
added
the
needs-rebase
Indicates a PR needs to be rebased before being merged
label
Nov 15, 2024
Signed-off-by: Benjamin Leggett <[email protected]>
Signed-off-by: Benjamin Leggett <[email protected]>
bleggett
force-pushed
the
bleggett/ambient-cni-reconcile-pods-on-startup
branch
from
November 15, 2024 21:27
a3d557f
to
c72f0b9
Compare
istio-testing
removed
the
needs-rebase
Indicates a PR needs to be rebased before being merged
label
Nov 15, 2024
Signed-off-by: Benjamin Leggett <[email protected]>
bleggett
force-pushed
the
bleggett/ambient-cni-reconcile-pods-on-startup
branch
from
November 15, 2024 21:57
c72f0b9
to
d5313c5
Compare
Signed-off-by: Benjamin Leggett <[email protected]>
Signed-off-by: Benjamin Leggett <[email protected]>
Signed-off-by: Benjamin Leggett <[email protected]>
bleggett
changed the title
[WIP] Ambient cni node agent: Reconcile pod iptables rules on startup
Ambient cni node agent: Reconcile pod iptables rules on startup
Nov 19, 2024
istio-testing
removed
the
do-not-merge/work-in-progress
Block merging of a PR because it isn't ready yet.
label
Nov 19, 2024
bleggett
added
do-not-merge
Block automatic merging of a PR.
do-not-merge/hold
Block automatic merging of a PR.
and removed
do-not-merge
Block automatic merging of a PR.
labels
Nov 19, 2024
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
istio-testing
added
the
needs-rebase
Indicates a PR needs to be rebased before being merged
label
Nov 22, 2024
Will rebase when #53153 goes in. |
bleggett
added a commit
to bleggett/istio
that referenced
this pull request
Dec 20, 2024
Signed-off-by: Benjamin Leggett <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/ambient
Issues related to ambient mesh
cherrypick/release-1.24
Set this label on a PR to auto-merge it to the release-1.24 branch
do-not-merge/hold
Block automatic merging of a PR.
needs-rebase
Indicates a PR needs to be rebased before being merged
size/XXL
Denotes a PR that changes 1000+ lines, ignoring generated files.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please provide a description of this PR:
This depends on (and currently pulls in, as that's not merged yet) #53153, and fixes istio/ztunnel#1360
Most of the interesting bits are in that PR - this one just makes sure we run through all the "existing" ambient pods we find on ambient node agent startup, and run the iptables logic (which as of #53153 now support idempotency/reconciliation) on all of them.
This means that if you upgrade
istio-cni
it will make sure to rewrite all inpod iptables rules for pods (that would have been configured by the older version) to match what the current release expects.(also did minor reordering of
net.go
andserver.go
to be less confusing to navigate, apologies)Note
Note that this PR is targeting 1.25, and is defaulting this feature to ON.