Upgrading istio from 1.10.2 to 1.11.4, and we noticed the CNI daemonset.yaml removes hostNetwork: true
How would it apply iptables rules without the hostNetwork access?
It is a CNI plugin, so we just register on the node (via hostPath mount). Then k8s will call our binary in the host network for us. The pod itself does not actually call iptables rules, it just registers
1 Like