Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

egressgw: improve reconciliation for IP rules #26736

Merged
merged 2 commits into from Jul 17, 2023
Merged

egressgw: improve reconciliation for IP rules #26736

merged 2 commits into from Jul 17, 2023

Conversation

julianwiedmann
Copy link
Member

@julianwiedmann julianwiedmann commented Jul 10, 2023
edited

Follow-on to #26721. Also improve the reconciliation for IP rules when EgressGW is used with --install-egress-gateway-routes.

@julianwiedmann julianwiedmann added release-note/misc This PR makes changes that have no direct user impact. feature/egress-gateway Impacts the egress IP gateway feature. labels Jul 10, 2023
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann
egressgw: improve installation of IP rules
bf9e280 
route.ReplaceRule() internally fetches the whole set of IP rules in the
system. So calling addEgressIpRule() for every EgressGW-eligible endpoint
causes quite a bit of churn.

Instead fetch the rules just once per EgressGW policy (filtered for the
policy's routing table). Then check for each of the policy's endpoints
whether its IP rule already exists, and insert any rule that is missing.

Note that there is further potential for improvement here - ideally we
would fetch the whole rule set just once, dynamically filter it down to
each policy's routing table, and only match the policy's endpoints against
those specific rules.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
egressgw: improve error message in addEgressIpRoutes()
9490441 
The current message looks copy&pasted from the previous error case. Adjust
the text to describe what operation actually failed.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann changed the title 1.15 egressgw iprules egressgw: improve reconciliation for IP rules Jul 11, 2023
@julianwiedmann julianwiedmann marked this pull request as ready for review July 11, 2023 12:11
@julianwiedmann julianwiedmann requested a review from a team as a code owner July 11, 2023 12:11
@julianwiedmann julianwiedmann added the kind/enhancement This would improve or streamline existing functionality. label Jul 13, 2023
@julianwiedmann julianwiedmann merged commit c40d2db into cilium:main Jul 17, 2023
65 checks passed
@julianwiedmann julianwiedmann deleted the 1.15-egressgw-iprules branch July 17, 2023 05:28
@julianwiedmann julianwiedmann added the needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch label Jul 26, 2023
@nbusseneau nbusseneau mentioned this pull request Jul 26, 2023
Merged
6 tasks
@nbusseneau nbusseneau added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels Jul 26, 2023
@joestringer joestringer added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Jul 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gentoo-root gentoo-root gentoo-root approved these changes

@jibi jibi Awaiting requested review from jibi

Assignees
No one assigned
Labels
backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. feature/egress-gateway Impacts the egress IP gateway feature. kind/enhancement This would improve or streamline existing functionality. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@julianwiedmann @gentoo-root @joestringer @nbusseneau