Unblock ip6 tables to allow ipv6 traffic#11916
Unblock ip6 tables to allow ipv6 traffic#11916rshriram merged 7 commits intoistio:release-1.1from sbezverk:ip6tables_whitebox_mode
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sbezverk If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
with this PR istio-init shows: |
|
CI failure seems unrelated, appreciate if somebody could restart this CI test. |
tools/deb/istio-iptables.sh
Outdated
There was a problem hiding this comment.
To be safe, let's remove this for now - I think it is safe if the user sets that explicitly, but attempting to guess is hard to test.
There was a problem hiding this comment.
If we remove it here then I need a way to flag it somehow to the code.
costinm
left a comment
costinm
left a comment
There was a problem hiding this comment.
looks good if you remove the guessing. Seems pretty safe and useful - but maybe 1.1.1 ?
|
We should mention in the release notes that this is not fully supported/tested - we will need some tests before it moves even to alpha. |
tools/deb/istio-iptables.sh
Outdated
There was a problem hiding this comment.
“else" is missing here
else
# User has specified a non-empty list of ports to be redirected to Envoy.
for port in ${INBOUND_PORTS_INCLUDE}; do
ip6tables -t nat -A ISTIO_INBOUND -p tcp --dport "${port}" -j ISTIO_IN_REDIRECT
done
fi
fi
There was a problem hiding this comment.
Not sure how it happened but my code has that else.. so it should be ok.
Signed-off-by: Serguei Bezverkhi <[email protected]>
Signed-off-by: Serguei Bezverkhi <[email protected]>
Signed-off-by: Serguei Bezverkhi <[email protected]>
Signed-off-by: Serguei Bezverkhi <[email protected]>
Signed-off-by: Serguei Bezverkhi <[email protected]>
Signed-off-by: Serguei Bezverkhi <[email protected]>
Signed-off-by: Serguei Bezverkhi <[email protected]>
|
@sbezverk: The following tests failed, say
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
6 participants
Signed-off-by: Serguei Bezverkhi [email protected]
Currently ip6tables block ipv6 traffic which makes impossible to test/develop anything with ipv6. This PR temporarily allows ipv6 traffic to unblock development and testing of ipv6 based services.