Skip to content

fix(driver): bypass Istio ambient inbound capture for sandbox pods#13

Merged
pdettori merged 1 commit into
mvpfrom
fix/istio-ambient-bypass
Jun 8, 2026
Merged

fix(driver): bypass Istio ambient inbound capture for sandbox pods#13
pdettori merged 1 commit into
mvpfrom
fix/istio-ambient-bypass

Conversation

@pdettori

@pdettori pdettori commented Jun 8, 2026

Copy link
Copy Markdown
Member

Summary

  • Annotates all sandbox pods with ambient.istio.io/bypass-inbound-capture: "true" so Istio ambient mode does not intercept inbound traffic to the pod's internal proxy port

Root Cause

On OpenShift with Istio ambient mesh (HBONE mode), ztunnel intercepts inbound TCP and re-originates connections from the pod's main IP (10.128.x.x) instead of preserving the sandbox veth source address (10.200.0.2). This breaks the proxy's /proc/net/tcp-based identity resolution — peer_addr() returns ztunnel's address, and the port lookup in the sandbox network namespace's TCP table finds nothing.

The sidecar-mode annotation (traffic.sidecar.istio.io/excludeInboundPorts) has no effect in ambient mode — only ambient.istio.io/bypass-inbound-capture works.

On Kind (upstream Istio 1.28), ztunnel already preserves source IPs through the REDIRECT, so this annotation is a harmless no-op there.

Test plan

  • go test ./internal/driver/ passes (updated existing annotation test)
  • Build new driver image and deploy to OpenShift
  • Verify sandbox egress policy works (identity resolution succeeds)
  • Verify Kind behavior unchanged

Fixes: kagenti/kagenti#1855

Assisted-By: Claude Code

On OpenShift with Istio ambient mesh (HBONE mode), ztunnel intercepts
inbound TCP to the pod and re-originates connections from the pod's
main IP instead of preserving the sandbox veth source address. This
breaks the proxy's /proc/net/tcp-based identity resolution because
peer_addr() returns ztunnel's address, not the sandbox's 10.200.0.2.

Always annotate sandbox pods with:
  ambient.istio.io/bypass-inbound-capture: "true"

This tells Istio ambient to skip inbound interception, preserving
the original source address on the veth pair so identity resolution
can correlate sockets to sandbox processes.

The sidecar-mode annotation (traffic.sidecar.istio.io/excludeInboundPorts)
has no effect in ambient mode.

Fixes: kagenti/kagenti#1855

Assisted-By: Claude (Anthropic AI) <noreply@anthropic.com>
Signed-off-by: Paolo Dettori <dettori@us.ibm.com>

@pdettori pdettori left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review (automated)

Clean, minimal fix that adds a single Istio ambient annotation to bypass inbound capture on sandbox pods. The root cause explanation is excellent — documents the ztunnel HBONE source-address rewriting behavior and why the sidecar-mode annotation doesn't help.

Areas reviewed: Go, Tests, Commit conventions, PR format, Security
Commits: 1 commit, signed-off ✓
CI status: all passing (Build, DCO, Lint, Test)

No issues found. LGTM.

@pdettori pdettori merged commit 0243521 into mvp Jun 8, 2026
4 checks passed
@pdettori pdettori deleted the fix/istio-ambient-bypass branch June 8, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant