istio
21 строка · 1.0 Кб
1apiVersion: release-notes/v22kind: bug-fix3area: traffic-management4issue:5- 357336releaseNotes:7- |8**Fixed** an issue causing mTLS errors for traffic on port 22, by including port 22 in iptables by default.9upgradeNotes:11- title: Port 22 iptables capture changes12content: |13In previous versions, port 22 was excluded from iptables capture. This mitigates risk of getting locked out of a VM14when using Istio on VMs. This configuration was hardcoded into the iptables logic, meaning there was no way to15capture traffic on port 22.16The iptables logic now no longer has special logic on port 22. Instead, the `istioctl x workload entry configure`18command will automatically configure `ISTIO_LOCAL_EXCLUDE_PORTS` to include port 22. This means that VM users will19continue to have port 22 excluded, while Kubernetes users will have port 22 included now.20If this behavior is undesirable, the port can be explicitly opted out in Kubernetes with the `traffic.sidecar.istio.io/excludeInboundPorts` annotation.