Istio 1.18 and Ambient Mesh Support for Talos Kubernetes about talos HOT 4 OPEN

attempt to install Istio Ambient on Talos fails, and this may have to do with the way the Istio-CNI leverages IPtables for redirection of traffic towards the ztunnel and Talos disallows any node-level network reconfiguration.

Hey Marino 👋 ,

Talos doesn't prevent modifications using iptables. I think it could be ztunnel tried to load a module? Talos doesn;t allow loading modules by K8s workloads. Could you also provide the logs of the failed pod/daemonset?

from talos.

Do you know what CNI Talos k8s is using? also does this work with default profile?

from talos.

Do you know what CNI Talos k8s is using?

talos uses flannel by default, but it can be disabled to install a cni of choice

also does this work with default profile?

not sure I get that, you mean K8s pod security profiles/seccomp profiles?

from talos.

attempt to install Istio Ambient on Talos fails, and this may have to do with the way the Istio-CNI leverages IPtables for redirection of traffic towards the ztunnel and Talos disallows any node-level network reconfiguration.

Hey Marino 👋 ,

Talos doesn't prevent modifications using iptables. I think it could be ztunnel tried to load a module? Talos doesn;t allow loading modules by K8s workloads. Could you also provide the logs of the failed pod/daemonset?

Do you know what CNI Talos k8s is using?

talos uses flannel by default, but it can be disabled to install a cni of choice

also does this work with default profile?

not sure I get that, you mean K8s pod security profiles/seccomp profiles?

Hi Noel!! How are you? Great to hear from you 😄 !!!

Lin is referring to the Istio installation profiles such as Default and Ambient, which proceed to install the necessary components of Istio.

Let me see if I can dig into some logs and share what I find.

from talos.