New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix compilation error when enabling Wireguard and XDP #25734
Conversation
It seems that we need to exclude cilium_wg0 from the target devices when XDP acceleration is enabled
|
f26de3e
to
f606c6a
Compare
/test |
f606c6a
to
6a02e5c
Compare
/test |
ConformanceKindEnvoyDaemonSet seems to be stabilized by #26260 |
6a02e5c
to
f2a7f10
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ysksuzuki Good work. Some nits for clarity, otherwise LGTM. Approving to unblock with the understanding that changes are required prior to merge.
N/S Loadbalancer traffic won't be encrypted when an intermediate node redirects | ||
a request to another node where a selected backend is running, | ||
with the following configuration: | ||
|
||
- LoadBalancer & NodePort XDP Acceleration | ||
- Direct Server Return (DSR) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Edits for clarity, use present tense, use clear, plain language
N/S Loadbalancer traffic won't be encrypted when an intermediate node redirects | |
a request to another node where a selected backend is running, | |
with the following configuration: | |
- LoadBalancer & NodePort XDP Acceleration | |
- Direct Server Return (DSR) | |
N/S load balancer traffic isn't encrypted when an intermediate node redirects | |
a request to a different node with the following backend configuration: | |
- LoadBalancer & NodePort XDP Acceleration | |
- Direct Server Return (DSR) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your comment! I have updated the doc accordingly.
f2a7f10
to
b4b18ca
Compare
K8sUpstreamNetConformance is unstable. It has been reported here |
/test |
/ci-multicluster |
1 similar comment
/ci-multicluster |
I don't see any jenkins jobs. Do we no longer run the Jenkins jobs? |
Noup, they got moved to the new |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Great! It's a tremendous boost to development productivity, isn't it? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, as far as you reached an agreement with @brb.
b4b18ca
to
edb7e8f
Compare
This commit fixes the compilation failure of bpf_xdp.o when enabling Wireguard with XDP by adding a guard for Wireguard and XDP. Also, it shows a warning message to alert users about certain traffic(between an intermediate node and a backend node) not being encrypted. Fixes: cilium#25354 Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
/test |
Hit #25816 |
/ci-multicluster |
This PR fixes the compilation failure of bpf_xdp.o when enabling Wireguard with XDP by adding a guard for Wireguard and XDP. Also, it shows a warning message to alert users about certain traffic(between an intermediate node and a backend node)
not being encrypted.
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.
Fixes: #25354