Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use inject-proxy-sidecar and hostNetwork together will cause host iptables to be updated #1050

Closed
karataliu opened this issue Aug 11, 2023 · 1 comment
Closed

Use inject-proxy-sidecar and hostNetwork together will cause host iptables to be updated #1050

karataliu opened this issue Aug 11, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@karataliu
Copy link
Contributor

Describe the bug
If a pod uses both inject-proxy-sidecar and hostNetwork, the iptables on host will be updated. This might lead to strange behavior. Any call to the node IMDS will redirect to the wi proxy.

Suggest to call out in doc this is not supported.

Steps To Reproduce
Create a pod with both inject-proxy-sidecar and hostNetwork.

Expected behavior

Logs
Following entry will appear on host node:
-A OUTPUT -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j AZWI_PROXY_OUTPUT

Environment

  • Kubernetes version (use kubectl version):
  • Cloud provider or hardware configuration:
  • OS (e.g: cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Install tools:
  • Network plugin and version (if this is a network-related bug):
  • Others:

Additional context
@karataliu karataliu added the bug Something isn't working label Aug 11, 2023
@aramase
Copy link
Member

aramase commented Aug 23, 2023

closed with #1090

@aramase aramase closed this as completed Aug 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@karataliu @aramase