Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cilium: bpf-based hostport implementation #10592

Merged
merged 3 commits into from Mar 18, 2020
Merged

cilium: bpf-based hostport implementation #10592

merged 3 commits into from Mar 18, 2020

Conversation

borkmann
Copy link
Member

@borkmann borkmann commented Mar 16, 2020
edited

See commit msg.

This change is Reviewable

@borkmann borkmann added wip sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. area/daemon Impacts operation of the Cilium daemon. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. labels Mar 16, 2020
@borkmann borkmann requested a review from a team March 16, 2020 16:09
@borkmann borkmann requested a review from a team as a code owner March 16, 2020 16:09
@borkmann borkmann requested a review from a team March 16, 2020 16:09
@borkmann borkmann requested review from a team as code owners March 16, 2020 16:09
@borkmann borkmann requested review from a team March 16, 2020 16:09
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.8.0 Mar 16, 2020
@borkmann borkmann force-pushed the pr/bpf-host-port branch 4 times, most recently from ae0add1 to 1da3d05 Compare March 16, 2020 21:39
@borkmann borkmann changed the title cilium: bpf-based hostport implementation [wip] cilium: bpf-based hostport implementation Mar 16, 2020
@borkmann
Copy link
Member Author

test-me-please

@borkmann borkmann requested a review from brb March 16, 2020 21:51
@coveralls
Copy link

coveralls commented Mar 16, 2020
edited

Coverage Status

Coverage decreased (-0.1%) to 45.597% when pulling 7616447 on pr/bpf-host-port into f6e4ad5 on master.

@borkmann
Copy link
Member Author

test-me-please

@borkmann
Copy link
Member Author

test-docs-please

@borkmann
Copy link
Member Author

test-docs-please

@borkmann
Copy link
Member Author

test-docs-please

@borkmann
Copy link
Member Author

test-me-please

@borkmann
Copy link
Member Author

test-docs-please

@borkmann
Copy link
Member Author

test-me-please

@borkmann
Copy link
Member Author

test-me-please

@borkmann
Copy link
Member Author

test-docs-please

@borkmann
Copy link
Member Author

test-me-please

@borkmann
Copy link
Member Author

test-docs-please

@borkmann
Copy link
Member Author

(prior docs test was green)

@borkmann
Copy link
Member Author

test-me-please

@borkmann
Copy link
Member Author

(prior travis ci was green, x86 is green here, arm64 flaky in unrelated spot)

@joestringer joestringer mentioned this pull request Mar 18, 2020
Closed
@borkmann
cilium, bpf: add native HostPort mapping support
399bbd6 
In order to use hostPort today, users can only consume it via deploying
Cilium through --set global.cni.chainingMode=portmap in order to then
have iptables set up for each pod that specifies a hostPort. We almost
have all the BPF infrastructure in place for natively supporting BPF
based hostPort. This work implements the hostPort feature as a service
mapping. It is part of the kube-proxy-free implementation since it
depends on NodePort infrastructure.

Example:

  # ./daemon/cilium-agent --identity-allocation-mode=crd --enable-ipv6=true --enable-ipv4=true --disable-envoy-version-check=true --tunnel=disabled --k8s-kubeconfig-path=$HOME/.kube/config --kube-proxy-replacement=strict --enable-l7-proxy=false

  # cat hostport.yaml
  apiVersion: v1
  kind: Pod
  metadata:
    name: nginx
  spec:
    containers:
      - name: nginx
        image: nginx
        ports:
          - containerPort: 80
            hostPort: 90
  # kubectl apply -f ./hostport.yaml
  pod/nginx created

  # ./cilium/cilium service list
  ID   Frontend            Service Type   Backend
  1    10.96.0.1:443       ClusterIP      1 => 192.168.178.29:6443
  2    10.96.0.10:53       ClusterIP      1 => 10.29.6.103:53
                                          2 => 10.29.24.228:53
  3    10.96.0.10:9153     ClusterIP      1 => 10.29.6.103:9153
                                          2 => 10.29.24.228:9153
  4    192.168.178.29:90   HostPort       1 => 10.29.245.35:80

From own node:

  # curl 192.168.178.29:90
  <!DOCTYPE html>
  <html>
  <head>
  [...]

From remote node:

  root@tank:~# curl 192.168.178.29:90
  <!DOCTYPE html>
  <html>
  <head>
  [...]

The HostPort implementation is a hybrid of ClusterIP and NodePort in
terms of implementation in that making it reachable on the own node is
just a single service map entry (as opposed to further exposing it via
loopback address, etc) and for external traffic the backend is always
local to the node and can be mapped from any port.

Fixes: #10359
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
cilium, helm, docs: update kube-proxy free's gsg to document HostPort
2391e53 
Document the new HostPort mapping feature under the advanced section and
add Helm support for it. I've also added a small setup validation as I
think it's quite useful.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
tests: add HostPort connectivity tests to k8sT service tests
7616447 
Add connectivity test cases from internal and external.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
Copy link
Member Author

test-me-please

@borkmann borkmann moved this from In progress (1.8) to Done in 1.9 kube-proxy removal & general dp optimization Mar 18, 2020
@borkmann borkmann merged commit ebd7392 into master Mar 18, 2020
1.8.0 automation moved this from In progress to Merged Mar 18, 2020
@borkmann borkmann deleted the pr/bpf-host-port branch March 18, 2020 22:58
@borkmann borkmann mentioned this pull request Mar 18, 2020
Closed
@brb brb mentioned this pull request Mar 27, 2020
Merged
@dghubble dghubble mentioned this pull request Jun 16, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

@tklauser tklauser tklauser left review comments

@joestringer joestringer joestringer approved these changes

@aanm aanm aanm approved these changes

Assignees
No one assigned
Labels
area/daemon Impacts operation of the Cilium daemon. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
No open projects
1.8.0
  
Merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@borkmann @coveralls @aanm @brb @tklauser @joestringer