-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify documentation and prevent activating Ingress and Gateway controllers if l7 proxy is disabled #22698
Comments
Should we split this up into the 4 above tasks and mark good-first-issues? You should find people to work on this in the community if we do that IMO. |
Hey there, would like to look into it. cc @pchaigno |
cilium/daemon/cmd/daemon_main.go Line 1490 in 13ee10a
isn't this is suppose to log a error if wireguard is enabled with L7proxy |
@amolkavitkar That's correct and this logic works, but the present issue is about the Ingress and Gateway controllers when the L7 proxy is disabled, not about WireGuard. WireGuard is just one of the reasons why the L7 proxy might be disabled. |
#18773 is another example of a similar behavior. |
This issue has been automatically marked as stale because it has not |
With #25215 merged, this one is resolved. As of 1.13, it's not possible to disable l7 proxy and enable Ingress or Gateway API, it will be rejected by Helm. |
reopening this as I think there's a typo in https://github.com/cilium/cilium/pull/25215/files: |
This issue is effectively an epic covering work to handle what happens when Ingress or Gateway API support is enabled when L7 proxy support has already been explicitly disabled (which is required for Wireguard support, but could also be done for other reasons).
When this happens, a few problems can arise:
The fact that the last one has all Cilium pods panic and crash seems pretty bad.
Actions to take here are at least:
The text was updated successfully, but these errors were encountered: