| kata-irc-bot | <bergwolf> Sorry for the late reply, so in your use case, there will be a node agent monitoring the pod netns and call kata-runtime to copy the iptables to the guest. Am I understanding it correctly? | 08:43 |
|---|---|---|
| kata-irc-bot | <bergwolf> IMO, it makes sense to enable kata-runtime to be able to modify the guest iptables rules to enable such specific use case. | 08:43 |
| kata-irc-bot | <bergwolf> For a more general use case where kube-proxy is involved, I think it makes sense to let shimv2 monitor the pod netns instead. I'm fine to proceed with your PR to enable a specific use case, and I look forward to further improvement in this area to enable more general use cases. | 08:47 |
| kata-irc-bot | <eric.ernst> Sure. In our case, the node agent doesn't modify the netns - it just reconciles by calling the shim directly (pods netns isn't ever updated) | 13:00 |
| *** noahm_ is now known as noahm | 15:42 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!