chore(deps): upgrade kuma-net to version with iptables output chain f…

…ix (kumahq#5513) Signed-off-by: Łukasz Dziedziak <lukidzi@gmail.com>
michaelbeaumont · Aug 17, 2023 · 0aa0c5a · 0aa0c5a
1 parent d85d8ee
commit 0aa0c5a
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 12 deletions.
diff --git a/app/kumactl/cmd/install/testdata/install-transparent-proxy.excludedports.txt b/app/kumactl/cmd/install/testdata/install-transparent-proxy.excludedports.txt
@@ -4,9 +4,9 @@
 -N KUMA_MESH_INBOUND_REDIRECT
 -N KUMA_MESH_OUTBOUND_REDIRECT
 -A PREROUTING -p tcp -j KUMA_MESH_INBOUND
--A OUTPUT -p tcp --dport 1900,1902,1000-2000 -m owner --uid-owner 103,104,106-108 -j RETURN
--A OUTPUT -p tcp --dport 2900,2902,3000-5000 -m owner --uid-owner 203,204,206-208 -j RETURN
--A OUTPUT -p udp --dport 3900,3902,4000-6000 -m owner --uid-owner 303,304,306-308 -j RETURN
+-I OUTPUT 1 -p tcp --dport 1900,1902,1000-2000 -m owner --uid-owner 103,104,106-108 -j RETURN
+-I OUTPUT 2 -p tcp --dport 2900,2902,3000-5000 -m owner --uid-owner 203,204,206-208 -j RETURN
+-I OUTPUT 3 -p udp --dport 3900,3902,4000-6000 -m owner --uid-owner 303,304,306-308 -j RETURN
 -A OUTPUT -p tcp -j KUMA_MESH_OUTBOUND
 -A KUMA_MESH_INBOUND -p tcp -j KUMA_MESH_INBOUND_REDIRECT
 -A KUMA_MESH_OUTBOUND -s (.*) -o (.*) -j RETURN

diff --git a/pkg/transparentproxy/transparentproxy_experimental.go b/pkg/transparentproxy/transparentproxy_experimental.go
@@ -170,7 +170,8 @@ func (tp *ExperimentalTransparentProxy) Setup(tpConfig *config.TransparentProxyC
 				ExcludePortsForUIDs: excludePortsForUIDs,
 			},
 			DNS: kumanet_config.DNS{
-				Enabled:            tpConfig.RedirectAllDNSTraffic,
+				Enabled:            tpConfig.RedirectDNS,
+				CaptureAll:         tpConfig.RedirectAllDNSTraffic,
 				Port:               agentDNSListenerPort,
 				ConntrackZoneSplit: !tpConfig.SkipDNSConntrackZoneSplit,
 			},

diff --git a/tools/releases/distros.sh b/tools/releases/distros.sh
@@ -29,7 +29,7 @@ BUILD_INFO=$("${SCRIPT_DIR}/../releases/version.sh")
 KUMA_VERSION=$(echo "$BUILD_INFO" | cut -d " " -f 1)
 [ -z "$KUMA_CONFIG_PATH" ] && KUMA_CONFIG_PATH=pkg/config/app/kuma-cp/kuma-cp.defaults.yaml
 CTL_NAME="kumactl"
-[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.6"
+[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.10"
 
 function get_ebpf_programs() {
   local arch=$1

diff --git a/tools/releases/dockerfiles/Dockerfile.kuma-init b/tools/releases/dockerfiles/Dockerfile.kuma-init
@@ -1,10 +1,7 @@
-ARG BASE_IMAGE_ARCH=amd64
-# When updatinng image version, remember to update it in tools/releases/distros.sh as well
-ARG EBPF_IMAGE=kumahq/kuma-net-ebpf:0.8.6
-
-FROM --platform=linux/$BASE_IMAGE_ARCH $EBPF_IMAGE as ebpf
-FROM --platform=linux/$BASE_IMAGE_ARCH ubuntu:jammy
-
+# When updatinng image version, remember to update it in tools/releases/distros.sh and enterprise version
+FROM kumahq/kuma-net-ebpf:0.8.10 as ebpf
+# until there is a distroless iptables image we have to use something else
+FROM ubuntu:jammy
 ARG ARCH
 
 RUN apt-get update && \