search

kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.
https://kuma.io/install
Apache License 2.0
3.55k stars 327 forks source link

Add option to `install transparent-proxy` to exclude multiple uids from redirects #10672

Open slonka opened 5 days ago

slonka commented 5 days ago

Description

Coming from: https://github.com/kumahq/kuma-website/pull/1782/files#r1598101940

Currently we only have --kuma-dp-uid to exclude traffic in redirection rules that end up like this:

-A KUMA_MESH_OUTBOUND -m owner --uid-owner 0 -j RETURN

we could have a switch to exclude other uids. An alternative is to have traffic.kuma.io/exclude-inbound-ports-for-uids

lahabana commented 4 days ago

Isn't this just: --exclude-outbound-ports-for-uids ?

https://github.com/kumahq/kuma/blob/eccfafaacb9d3758b9d6b55f65338af1185af748/app/kumactl/cmd/install/install_transparent_proxy.go#L222

slonka commented 2 days ago

But it's about inbound, we don't have --exclude-inbound-ports-for-uids - right?

Automaat commented 1 day ago

https://github.com/kumahq/kuma-website/issues/1831