Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hubble-relay: deprecate peer svc through local unix domain socket #23407

Merged
merged 2 commits into from Jan 31, 2023
Merged

hubble-relay: deprecate peer svc through local unix domain socket #23407

merged 2 commits into from Jan 31, 2023

Conversation

kaworu
Copy link
Member

@kaworu kaworu commented Jan 27, 2023

As suggested here, requested by @aanm.

@kaworu kaworu added kind/cleanup This includes no functional changes. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. sig/hubble Impacts hubble server or relay area/helm Impacts helm charts and user deployment experience labels Jan 27, 2023
@kaworu kaworu marked this pull request as ready for review January 27, 2023 13:41
@kaworu kaworu requested review from a team as code owners January 27, 2023 13:41
@kaworu kaworu force-pushed the pr/kaworu/relay/deprecate-peer-svc-through-local-unix-domain-socket branch from cade90c to 1bea450 Compare January 27, 2023 13:48
@kaworu kaworu marked this pull request as draft January 27, 2023 14:00
rolinh
rolinh approved these changes Jan 30, 2023
View reviewed changes
Copy link
Member

@rolinh rolinh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given v1.13 is not out, let's backport this documentation change/deprecation notice to v1.13 so that we can remove the unix domain socket support in Relay quicker (approve offline by @aanm).

Documentation/operations/upgrade.rst Outdated Show resolved Hide resolved
install/kubernetes/cilium/README.md Outdated Show resolved Hide resolved
install/kubernetes/cilium/values.yaml Outdated Show resolved Hide resolved
install/kubernetes/cilium/values.yaml.tmpl Outdated Show resolved Hide resolved
@rolinh rolinh added the needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch label Jan 30, 2023
@kaworu kaworu force-pushed the pr/kaworu/relay/deprecate-peer-svc-through-local-unix-domain-socket branch from 1bea450 to 8a2f4d2 Compare January 30, 2023 07:49
@kaworu kaworu marked this pull request as ready for review January 30, 2023 07:53
@kaworu kaworu removed the needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch label Jan 30, 2023
@kaworu kaworu mentioned this pull request Jan 30, 2023
Merged
@kaworu kaworu force-pushed the pr/kaworu/relay/deprecate-peer-svc-through-local-unix-domain-socket branch from 8a2f4d2 to cbc6f60 Compare January 30, 2023 08:18
@kaworu
Copy link
Member Author

kaworu commented Jan 30, 2023

Travis-CI hit #23314

sayboras
sayboras approved these changes Jan 30, 2023
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✔️

qmonnet
qmonnet approved these changes Jan 30, 2023
View reviewed changes
Documentation/internals/hubble.rst Outdated Show resolved Hide resolved
@kaworu
doc: don't notice about Hubble standalone mode.
9e48328 
Hubble server has been integrated into the Cilium agent since v1.9,
released Nov 10th 2020.

Some doc fixes and improvements on the way.

Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu
hubble: deprecate relay peer-svc through unix domain socket
7af198e 
Since Cilium v1.12 Hubble Relay has been connecting to the Hubble Peer
service through the hubble-peer Kubernetes Service (i.e. TCP) by
default. The ability to query the Peer Service through the local UNIX
domain socket for Relay has been kept for compatibility reasons and as a
fallback solution, but we should move away from sharing socket through
Pods as it has potential security implications.

This patch deprecate disabling the hubble-peer Kubernetes Service as it
will be the only option once the local UNIX domain support for the Peer
Service in Hubble Relay is removed.

Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu kaworu force-pushed the pr/kaworu/relay/deprecate-peer-svc-through-local-unix-domain-socket branch from cbc6f60 to 7af198e Compare January 31, 2023 10:38
@kaworu kaworu added the area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. label Jan 31, 2023
@kaworu
Copy link
Member Author

kaworu commented Jan 31, 2023

Doc change only, no need for a full CI run so marking this one as ready-to-merge.

@kaworu kaworu added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 31, 2023
@qmonnet qmonnet merged commit 66ea2f9 into cilium:master Jan 31, 2023
@kaworu kaworu deleted the pr/kaworu/relay/deprecate-peer-svc-through-local-unix-domain-socket branch January 31, 2023 15:53
@kaworu kaworu mentioned this pull request Feb 2, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rolinh rolinh rolinh approved these changes

@aanm aanm aanm approved these changes

@sayboras sayboras sayboras approved these changes

@qmonnet qmonnet qmonnet approved these changes

@michi-covalent michi-covalent michi-covalent approved these changes

@nathanjsweet nathanjsweet Awaiting requested review from nathanjsweet

Assignees
No one assigned
Labels
area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/helm Impacts helm charts and user deployment experience kind/cleanup This includes no functional changes. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. sig/hubble Impacts hubble server or relay
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@kaworu @rolinh @aanm @sayboras @qmonnet @michi-covalent