Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change traffic-agent's target port to podIP instead of localhost. #3675

Merged
merged 6 commits into from
Aug 26, 2024
Merged

Change traffic-agent's target port to podIP instead of localhost. #3675

merged 6 commits into from
Aug 26, 2024

Commits on Aug 25, 2024

  1. Let traffic-agent route traffic to pod-IP instead of 127.0.0.1. 

    Routing traffic to localhost will effectively bypass any injected
sidecar that modifies the iptables for incoming traffic. This commit
mitigates that problem by routing to the pod-IP instead.

The fix currently applies when the intercepted service's `targetPort`
is symbolic. More work is needed in our init-container to also enable
this for numeric ports.

Signed-off-by: Thomas Hallgren <[email protected]>
    @thallgren
    thallgren committed Aug 25, 2024
    Configuration menu
    Copy the full SHA
    ad1daef View commit details
    Browse the repository at this point in the history

Commits on Aug 26, 2024

  1. Make it possible to push test images individually. 

    Signed-off-by: Thomas Hallgren <[email protected]>
    @thallgren
    thallgren committed Aug 26, 2024
    Configuration menu
    Copy the full SHA
    ce6cce7 View commit details
    Browse the repository at this point in the history

  2. Add a LISTEN_ADDRESS to the echo-server test app. 

    So that the echo-server can listen to the IP of the host rather than
just localhost.

Signed-off-by: Thomas Hallgren <[email protected]>
    @thallgren
    thallgren committed Aug 26, 2024
    Configuration menu
    Copy the full SHA
    df58013 View commit details
    Browse the repository at this point in the history

  3. Fix correct setting of pullPolicy for traffic-agent in integration tests 

    Signed-off-by: Thomas Hallgren <[email protected]>
    @thallgren
    thallgren committed Aug 26, 2024
    Configuration menu
    Copy the full SHA
    8946c63 View commit details
    Browse the repository at this point in the history

  4. Ensure that LOG_LEVEL is set correct in the injected init-container 

    Signed-off-by: Thomas Hallgren <[email protected]>
    @thallgren
    thallgren committed Aug 26, 2024
    Configuration menu
    Copy the full SHA
    bca5efc View commit details
    Browse the repository at this point in the history

  5. Change traffic-agent's target port to podIP instead of localhost. 

    Using the IP of the pod means that an application now has a choice to
either bind to that IP or to localhost. Internally, it also meant that
we could implement a safer routing from the traffic-agent to the app-
container when numeric ports were used.

In detail, there's a huge difference between requests that the traffic-
agent performs on behalf of a client that wants to connect to the app,
and the forwarding it does to the app during times when no intercepts
are active. The former must be routed back to the agent, so that
potential intercepts are served correctly, whereas the latter must not
be routed back, because that would result in an endless loop.

Closes #3473

Signed-off-by: Thomas Hallgren <[email protected]>
    @thallgren
    thallgren committed Aug 26, 2024
    Configuration menu
    Copy the full SHA
    0252f7c View commit details
    Browse the repository at this point in the history