Skip to content

Update/old ambient redirect blog #17016

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Stevenjin8 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update/old ambient redirect blog #17016

Stevenjin8 wants to merge 1 commit into from

Conversation

@Stevenjin8
Copy link
Contributor

@Stevenjin8 Stevenjin8 commented Dec 2, 2025

Description

We have an old blog post detailing the ambient traffic redirection implementation (before inpod mode). We should add a warning telling users that we no longer configure host traffic.

Reviewers

  • Ambient
  • Docs
  • Installation
  • Networking
  • Performance and Scalability
  • Extensions and Telemetry
  • Security
  • Test and Release
  • User Experience
  • Developer Infrastructure
  • Localization/Translation

@Stevenjin8 Stevenjin8 requested a review from a team as a code owner December 2, 2025 15:59
@istio-testing istio-testing added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Dec 2, 2025
@Stevenjin8 Stevenjin8 force-pushed the update/old-ambient-redirect-blog branch from 8a6a06c to 487e8a7 Compare December 2, 2025 16:02
sridhargaddam
sridhargaddam reviewed Dec 2, 2025
View reviewed changes
content/en/blog/2023/traffic-for-ambient-and-sidecar/index.md
---

{{< warning >}}
Ambient redirection no longer configures the host network namespace as of Istio 1.21.
Copy link
Contributor

@sridhargaddam sridhargaddam Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Personally, I think we should add a note explaining that the approach in this blog post no longer applies to the current Istio release, since Ambient no longer uses GENEVE tunnels.

Copy link
Contributor

@sridhargaddam sridhargaddam Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... no longer configures the host network namespace as of Istio 1.21.

FWIW, in ambient mode, we do program some iptable/nftable rules on the host network namespace to support kubelet health-checks - https://github.com/istio/istio/tree/master/tools/istio-nftables/pkg#ambient-mode-specific-details

dhawton
dhawton reviewed Dec 2, 2025
View reviewed changes
Copy link
Member

@dhawton dhawton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we typically go and update old blogs, but will let TOC weigh-in here.

content/en/blog/2023/traffic-for-ambient-and-sidecar/index.md
Copy link
Member

@dhawton dhawton Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
See [ztunnel traffic redirection](/docs/ambient/architecture/traffic-redirection/) for details on the new approach.

ztunnel is lowercase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhawton dhawton dhawton left review comments

+1 more reviewer

@sridhargaddam sridhargaddam sridhargaddam left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

kind/docs size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Stevenjin8 @dhawton @sridhargaddam @istio-testing @istio-policy-bot