expose VXLAN and health ports as a flags #15956
Comments
errordeveloper
added
sig/datapath
errordeveloper
changed the title
errordeveloper
changed the title
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
stale
bot
added
the
stale
errordeveloper
changed the title
stale
bot
removed
the
stale
errordeveloper
added
the
pinned
|
I am looking into this now, and have a few questions about setup logic. Having looked at this line here: Lines 431 to 434 in 8876594 I am wondering if I have to pass I also found that there According to I am just trying to figure out how complex this logic will need to be, because (ideally) port number should be settable after the interface was created... |
Having looked at the source code briefly, it appears that it should be possible to use |
TODOs
|
This change makes it possible for user to set a custom port for Cilium heath-checks. Default port remains unchanged. Towards: #15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
This change makes it possible for user to set a custom port for VXLAN or Geneve. In order to anable that, the defaulting logic was introduced in the agent, so kernel defaults are no longer relied upon. Default ports remain unchanged. Towards: cilium#15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
This change makes it possible for user to set a custom port for VXLAN or Geneve. In order to anable that, the defaulting logic was introduced in the agent, so kernel defaults are no longer relied upon. Default ports remain unchanged. Towards: #15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
Default tunnel and health ports had been updated in OLM repo now (see cilium/cilium-olm@5fa5c16). Towards: cilium#15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
Default tunnel and health ports had been updated in OLM repo now (see cilium/cilium-olm@5fa5c16). Towards: #15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
@errordeveloper Did you follow-up with the small doc change? Just wondering if we can close this blocker issue here. |
|
[...]
@borkmann no, I haven't yet updated the docs regarding downtime on flag change... Maybe blocking label can be removed now? |
|
[...]
Ok, given it's just a small paragraph, do you have a chance to send the doc PR? Would be great if we could close/finalize this one here. |
Yeah, will try to do it in the next few days! |
Awesome, thanks Ilya! |
Towards: cilium#15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
This new version supports custom ports, so that now Cilium can be tested in any OpenShift cluster (see cilium/cilium#15956 & cilium/cilium-olm@5fa5c167ac5).
Towards: cilium#15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
Towards: #15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 858b5e2 ] Towards: cilium#15956 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Proposal / RFE
Is your feature request related to a problem?
When deploying Cilium on OpenShift user has to run custom script to modify security groups and enable Cilium ports. This step in the guide is quite error-prone.
OpenShift installer does make the IANA VXLAN port 4789 open, albeit Cilium uses default Linux VXLAN port 8472.
Additionally, having the ability to use a different port would make OpenShift CI setup work out of the box for all providers, presently (openshift/release#17380) Cilium job is enabled only in Azure (where the NSG rules are more permissive).
Also, the health port 4240 is not settable either, but OpenShift installations usually have ports 9900-9999 open and one of those can should be useable instead of 4240.
Describe the solution you'd like
Add a daemon flags and Helm chart values to set VXLAN and health ports, keep the default as is.
The text was updated successfully, but these errors were encountered: