Ben Leggett
Ben Leggett
Either 1.24.3 or 1.25.0, whichever comes first. https://github.com/istio/istio/wiki/Istio-Release-1.25 is slated for next month.
`istioctl` should pull the charts from the Istio OCI repo like it does images, and then we can ditch manifest embeds, IMO. Should be able to fetch and override charts...
Specifically for ambient/istio-cni, in `cni/pkg/nodeagent/server.go` on startup of the node agent we - delete any leftover hostnode rules - recreate them It would be good to switch this to use...
> Before moving it to official review, I’ll prepare a write-up to explain the changes, limitation, improvements, and bug fixes in the commit, as quite a bit is going on...
> **Simple guidelines to dodge limitations:** > > 1. Avoid using non-jump rules in non-ISTIO chains, as these can be difficult (or rather impossible...) to clean if they are present...
Local + automated testing of this PR with https://github.com/istio/istio/pull/53906 on top seems good for cross-version upgrades
> Just to refresh my context: the bug in 1.24 that this is fixing is due to the extra iptables chains for DNS capture correct? If so, theoretically, no one...
> If we anticipate a lot of people onboarding to 1.24 to try ambient, I'm a bit worried about such a large PR/bug fix going into 1.24's first patch release...
/test unit-tests-arm64