New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
envoy: Use embedded proxylib from cilium-proxy image #26101
Conversation
/test |
/test |
e5603f6
to
d789db3
Compare
/test |
/test |
@sayboras as mentioned, it's possible to remove the currently documented limitation in the docs https://github.com/cilium/cilium/blob/main/Documentation/security/network/proxy/envoy.rst?plain=1#L61 🎉 |
Now that cilium/proxy#232 has merged we can update this to newest main references :-) |
Thanks, let me make an update shortly 👍 |
6ba3676
to
2de923d
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM on docs!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor nits, seems like a straightforward migration to me.
proxylib/Makefile
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we still have proxylib documentation that needs to be updated for this change? If so, please fix that up as well. Doesn't need to block this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
noted and thanks, I will send the follow-up PR on docs 👍
The same proxylib library is now available in cilium/proxy container. The image is built from https://github.com/cilium/proxy/actions/runs/5354917649/jobs/9712555724. Relates: cilium/proxy#232 Signed-off-by: Tam Mach <tam.mach@cilium.io>
/test |
This module is moved to cilium/proxy as part of the below PR, the main reason is to make sure that cilium/proxy container image is fully self-contained, and has no dependency with cilium/cilium. cilium/proxy#232 Signed-off-by: Tam Mach <tam.mach@cilium.io>
This module can be imported directly from cilium/proxy now Signed-off-by: Tam Mach <tam.mach@cilium.io>
The mentioned limitation is no longer true, as the dedicated proxy image is shipped with proxylib for Go Extension support now. Signed-off-by: Tam Mach <tam.mach@cilium.io>
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good from my code owners
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - thanks Tam (also for removing the limitation)!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
This is to make sure that related docs is pointing to cilium/proxy repo. Relates: cilium#26101 Signed-off-by: Tam Mach <tam.mach@cilium.io>
This is to make sure that related docs is pointing to cilium/proxy repo. Relates: #26101 Signed-off-by: Tam Mach <tam.mach@cilium.io>
Description
The goal is to address one known limitation of the dedicated envoy proxy mode. Please refer to individual commit for more details.
Testing
Testing was done with the existing conformance-ginkgo job, the kafka-related policy tests are passed as per below: