chore(deps): upgrade kuma-net to version with iptables output chain f…

…ix (kumahq#5513) Signed-off-by: Łukasz Dziedziak <lukidzi@gmail.com>
michaelbeaumont · Aug 17, 2023 · 8ac6026 · 8ac6026
1 parent 37b41f0
commit 8ac6026
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 15 deletions.
diff --git a/app/kumactl/cmd/install/testdata/install-transparent-proxy.excludedports.txt b/app/kumactl/cmd/install/testdata/install-transparent-proxy.excludedports.txt
@@ -4,9 +4,9 @@
 -N KUMA_MESH_INBOUND_REDIRECT
 -N KUMA_MESH_OUTBOUND_REDIRECT
 -A PREROUTING -p tcp -j KUMA_MESH_INBOUND
--A OUTPUT -p tcp --dport 1900,1902,1000-2000 -m owner --uid-owner 103,104,106-108 -j RETURN
--A OUTPUT -p tcp --dport 2900,2902,3000-5000 -m owner --uid-owner 203,204,206-208 -j RETURN
--A OUTPUT -p udp --dport 3900,3902,4000-6000 -m owner --uid-owner 303,304,306-308 -j RETURN
+-I OUTPUT 1 -p tcp --dport 1900,1902,1000-2000 -m owner --uid-owner 103,104,106-108 -j RETURN
+-I OUTPUT 2 -p tcp --dport 2900,2902,3000-5000 -m owner --uid-owner 203,204,206-208 -j RETURN
+-I OUTPUT 3 -p udp --dport 3900,3902,4000-6000 -m owner --uid-owner 303,304,306-308 -j RETURN
 -A OUTPUT -p tcp -j KUMA_MESH_OUTBOUND
 -A KUMA_MESH_INBOUND -p tcp -j KUMA_MESH_INBOUND_REDIRECT
 -A KUMA_MESH_OUTBOUND -s (.*) -o (.*) -j RETURN

diff --git a/go.mod b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/gruntwork-io/terratest v0.40.24
 	github.com/hoisie/mustache v0.0.0-20160804235033-6375acf62c69
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/kumahq/kuma-net v0.8.6
+	github.com/kumahq/kuma-net v0.8.10
 	github.com/kumahq/protoc-gen-kumadoc v0.3.1
 	github.com/lib/pq v1.10.7
 	github.com/miekg/dns v1.1.50

diff --git a/go.sum b/go.sum
@@ -915,8 +915,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ktrysmt/go-bitbucket v0.6.4/go.mod h1:9u0v3hsd2rqCHRIpbir1oP7F58uo5dq19sBYvuMoyQ4=
 github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a h1:szFGMVdySxtKAjCxO3JUncfr1JGWOIlQaqWnrTUJsBc=
 github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA=
-github.com/kumahq/kuma-net v0.8.6 h1:/luArNTn/3LfQxK00D0FpAP3Shf5BkbXCqCfsGQcJ9s=
-github.com/kumahq/kuma-net v0.8.6/go.mod h1:aqhBHsY3LQCTvBOr7oU1r2hwjTn9vhXUKDJXJokkSCM=
+github.com/kumahq/kuma-net v0.8.10 h1:0Hd6dNYPbsSCe6YQFGG6796tFUB6gw0QiCOXqSDGZAA=
+github.com/kumahq/kuma-net v0.8.10/go.mod h1:kFh8+bzRAUMdMVCfXU8apDMcBxwWDzOxImlEEJ/4cy4=
 github.com/kumahq/protoc-gen-kumadoc v0.3.1 h1:tY2dGQJTYVGkhxAHN154fddcWDRy55Pl4+oLT+FhsHo=
 github.com/kumahq/protoc-gen-kumadoc v0.3.1/go.mod h1:F+c9RjgKlv1Q3UEoPJCtMJw8Fd+X5PfG5jlkTSfZOMA=
 github.com/lahabana/terratest v0.42.0-preview h1:67gUui/cTYaOo8VNqj16c32kjOIl9B6oLEJvyr+V7Rc=

diff --git a/pkg/transparentproxy/transparentproxy_experimental.go b/pkg/transparentproxy/transparentproxy_experimental.go
@@ -170,7 +170,8 @@ func (tp *ExperimentalTransparentProxy) Setup(tpConfig *config.TransparentProxyC
 				ExcludePortsForUIDs: excludePortsForUIDs,
 			},
 			DNS: kumanet_config.DNS{
-				Enabled:            tpConfig.RedirectAllDNSTraffic,
+				Enabled:            tpConfig.RedirectDNS,
+				CaptureAll:         tpConfig.RedirectAllDNSTraffic,
 				Port:               agentDNSListenerPort,
 				ConntrackZoneSplit: !tpConfig.SkipDNSConntrackZoneSplit,
 			},

diff --git a/tools/releases/distros.sh b/tools/releases/distros.sh
@@ -29,7 +29,7 @@ BUILD_INFO=$("${SCRIPT_DIR}/../releases/version.sh")
 KUMA_VERSION=$(echo "$BUILD_INFO" | cut -d " " -f 1)
 [ -z "$KUMA_CONFIG_PATH" ] && KUMA_CONFIG_PATH=pkg/config/app/kuma-cp/kuma-cp.defaults.yaml
 CTL_NAME="kumactl"
-[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.6"
+[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.10"
 
 function get_ebpf_programs() {
   local arch=$1

diff --git a/tools/releases/dockerfiles/Dockerfile.kuma-init b/tools/releases/dockerfiles/Dockerfile.kuma-init
@@ -1,10 +1,7 @@
-ARG BASE_IMAGE_ARCH=amd64
-# When updatinng image version, remember to update it in tools/releases/distros.sh as well
-ARG EBPF_IMAGE=kumahq/kuma-net-ebpf:0.8.6
-
-FROM --platform=linux/$BASE_IMAGE_ARCH $EBPF_IMAGE as ebpf
-FROM --platform=linux/$BASE_IMAGE_ARCH ubuntu:jammy
-
+# When updatinng image version, remember to update it in tools/releases/distros.sh and enterprise version
+FROM kumahq/kuma-net-ebpf:0.8.10 as ebpf
+# until there is a distroless iptables image we have to use something else
+FROM ubuntu:jammy
 ARG ARCH
 
 RUN apt-get update && \