Extract tunnel options to simplify override, and inject them through hive #29051
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
giorio94
added
kind/cleanup
|
/test |
giorio94
force-pushed
the
mio/tunnel-config-cell
branch
from
ec18ab2
to
7a6ed14
Compare
|
/test |
|
Marking ready for review, to start gathering feedback. Please ignore the first commit, as it is a stripped down version of #29053, which should be merged first. |
giorio94
requested review from
ysksuzuki,
christarazi,
derailed,
jschwinger233 and
lmb
jschwinger233
approved these changes
Nov 9, 2023
julianwiedmann
approved these changes
Nov 9, 2023
julianwiedmann
added
the
upgrade-impact
ysksuzuki
reviewed
Nov 9, 2023
ysksuzuki
approved these changes
Nov 9, 2023
giorio94
force-pushed
the
mio/tunnel-config-cell
branch
from
7a6ed14
to
e1f729b
Compare
|
Rebased onto main and dropped the temporary commit. Additionally added a new commit extending the upgrade notes to document the behavioral difference with respect to Cilium configured in native routing mode with DSR Geneve enabled. |
giorio94
removed
the
dont-merge/blocked
|
/test |
giorio94
force-pushed
the
mio/tunnel-config-cell
branch
from
e1f729b
to
7ee3b3a
Compare
|
Fixed a test failing due to a mismatch of integer types. |
|
/ci-runtime |
|
/test |
Certain features (e.g., egress gateway, high-scale ipcache, ...) require the configuration of the tunnel device also then the primary routing mode is set to native routing, as some traffic may need to flow through it. Currently, every affected code path needs ad-hoc checks, which is getting more and more complex with the addition of new features. This commit consolidates the tunnel-related options, that is protocol, port, device name and whether it requires MTU adaptation, into a single struct, initialized based on the user configuration and the requests of additional features, and propagated through hive. Specifically, different modules can now request the configuration of the tunnel device (regardless of the primary routing mode) through the injection of the appropriate enabler object. Additional validation constraints can be specified if a given feature is compatible only with a specific encapsulation protocol. This change introduces a small functional difference, because now the tunnel protocol flag is always respected, and no longer defaulted to geneve when Cilium is configured in native routing mode, and DSR Geneve is enabled. This prevents causing unexpected tunnel changes when turning on/off other features (DSR Geneve in this case). The primary routing mode is still represented by the TunnelingEnabled() function, both to reduce the scope of this change and because it is currently accessed also before the initialization of the hive. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
Historically, the tunnel protocol was defaulted to geneve when Cilium was configured in native routing mode and DSR Geneve was enabled. This is no longer the case since the last commit, and the tunnel protocol flag is now always respected (possibly triggering an error if incompatible), so that we don't cause unexpected tunnel changes when turning on/off other features. Hence, let's document in the upgrade notes that users now need to explicitly configure the tunnel protocol to geneve when using DSR Geneve. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
giorio94
force-pushed
the
mio/tunnel-config-cell
branch
from
7ee3b3a
to
1397972
Compare
|
Rebased onto main to fix conflict |
|
/test |
qmonnet
approved these changes
Nov 14, 2023
maintainer-s-little-helper
bot
added
the
ready-to-merge
Note that Marco wrote up a draft for how we could do auto-selection of the tunnel protocol in some scenarios: #29267. Let's continue any discussion there. |
julianwiedmann
added a commit
to julianwiedmann/cilium
that referenced
this pull request
Feb 19, 2024
Reflect the config change from cilium#29051 in the kubeproxy-free docs for DSR-Geneve. Fixes: cilium#30845 Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Certain features (e.g., egress gateway, high-scale ipcache, ...) require
the configuration of the tunnel device also then the primary routing
mode is set to native routing, as some traffic may need to flow through
it. Currently, every affected code path needs ad-hoc checks, which is
getting more and more complex with the addition of new features.
This commit consolidates the tunnel-related options, that is protocol,
port, device name and whether it requires MTU adaptation, into a single
struct, initialized based on the user configuration and the requests of
additional features, and propagated through hive. Specifically, different
modules can now request the configuration of the tunnel device (regardless
of the primary routing mode) through the injection of the appropriate
enabler object. Additional validation constraints can be specified if a
given feature is compatible only with a specific encapsulation protocol.
This change introduces a small functional difference, because now the
tunnel protocol flag is always respected, and no longer defaulted to
geneve when Cilium is configured in native routing mode, and DSR
Geneve is enabled. This prevents causing unexpected tunnel changes
when turning on/off other features (DSR Geneve in this case).
The primary routing mode is still represented by the TunnelingEnabled()
function, both to reduce the scope of this change and because it is
currently accessed also before the initialization of the hive.
Fixes: #25769
Depends on: #29053