Skip to content

ci: update allowed iptables patterns yaml to conform to aks #4192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
QxBytes merged 1 commit into from
Jan 26, 2026
Merged

ci: update allowed iptables patterns yaml to conform to aks #4192

QxBytes merged 1 commit into from
Jan 26, 2026
+24 −76

Conversation

@QxBytes
Copy link
Contributor

@QxBytes QxBytes commented Jan 8, 2026

Reason for Change:

The allowed iptables yaml in ebpf host routing aks should match this test, so updating the yamls here.

Issue Fixed:

See above.

Requirements:

Notes:
ACN PR: https://msazure.visualstudio.com/One/_build/results?buildId=148765048&view=results

@QxBytes QxBytes self-assigned this Jan 8, 2026
@QxBytes QxBytes added cilium Related to Cilium. ci Infra or tooling. labels Jan 8, 2026
@QxBytes QxBytes marked this pull request as ready for review January 9, 2026 17:08
@QxBytes QxBytes requested a review from a team as a code owner January 9, 2026 17:08
@QxBytes QxBytes requested review from apontejaj and Copilot January 9, 2026 17:08
@QxBytes QxBytes changed the title ci: update allowed iptables patterns to conform to upstream ci: update allowed iptables patterns yaml to conform to aks Jan 9, 2026
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the allowed iptables patterns configuration files for Cilium v1.17 and v1.18 ebpf host routing to conform with upstream specifications. The changes simplify and modernize the iptables rule patterns.

Key changes:

  • Restructured YAML to move ConfigMap metadata to the top (standard Kubernetes format)
  • Removed numerous kubernetes-specific comment patterns that are no longer needed
  • Added new global patterns for KUBE-FIREWALL and IP-MASQ-AGENT chain matching
  • Updated the raw section from empty to include localdns NOTRACK rules

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
test/integration/manifests/cilium/v1.18/ebpf/common/allowed-iptables-patterns.yaml Updated iptables patterns for Cilium v1.18 to match upstream specifications
test/integration/manifests/cilium/v1.17/ebpf/common/allowed-iptables-patterns.yaml Updated iptables patterns for Cilium v1.17 to match upstream specifications

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@QxBytes
Copy link
Contributor Author

QxBytes commented Jan 26, 2026

/azp run Azure Container Networking PR

@azure-pipelines
Copy link

azure-pipelines bot commented Jan 26, 2026

Azure Pipelines successfully started running 1 pipeline(s).

@QxBytes QxBytes enabled auto-merge January 26, 2026 17:12
@QxBytes QxBytes added this pull request to the merge queue Jan 26, 2026
Merged via the queue into master with commit 64aff63 Jan 26, 2026
117 of 121 checks passed
@QxBytes QxBytes deleted the alew/update-ebpf-iptables-monitor branch January 26, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vipul-21 vipul-21 vipul-21 approved these changes

@camrynl camrynl camrynl approved these changes

@apontejaj apontejaj Awaiting requested review from apontejaj apontejaj is a code owner automatically assigned from Azure/azure-sdn-members

Assignees

@QxBytes QxBytes

Labels

ci Infra or tooling. cilium Related to Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@QxBytes @vipul-21 @camrynl