kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.
https://kuma.io/install
Apache License 2.0
3.68k stars 334 forks source link

Add option to `install transparent-proxy` to exclude multiple uids from redirects #10672

Open slonka opened 5 months ago

slonka commented 5 months ago

Description

Coming from: https://github.com/kumahq/kuma-website/pull/1782/files#r1598101940

Currently we only have --kuma-dp-uid to exclude traffic in redirection rules that end up like this:

-A KUMA_MESH_OUTBOUND -m owner --uid-owner 0 -j RETURN

we could have a switch to exclude other uids. An alternative is to have traffic.kuma.io/exclude-inbound-ports-for-uids

lahabana commented 5 months ago

Isn't this just: --exclude-outbound-ports-for-uids ?

https://github.com/kumahq/kuma/blob/eccfafaacb9d3758b9d6b55f65338af1185af748/app/kumactl/cmd/install/install_transparent_proxy.go#L222

slonka commented 5 months ago

But it's about inbound, we don't have --exclude-inbound-ports-for-uids - right?

Automaat commented 5 months ago

https://github.com/kumahq/kuma-website/issues/1831

github-actions[bot] commented 2 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.