Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daemon: Handle ClusterIP svc if kube-proxy-replacement=disabled #10651

Merged
merged 1 commit into from
Mar 20, 2020
Merged

daemon: Handle ClusterIP svc if kube-proxy-replacement=disabled #10651

merged 1 commit into from
Mar 20, 2020

Conversation

brb
Copy link
Member

@brb brb commented Mar 20, 2020
edited

We got a few reports from confused users saying that setting
"--kube-proxy-replacement" to "disabled" disabled ClusterIP
services handling done by Cilium regardless whether
"--disable-k8s-services" was set to "false".

This is an expected behavior for us, but probably less expected
for users who previously had the ClusterIP handling enabled by default
due to "--disable-k8s-services" defaulting to "false".

To minimize the confusion, handle ClusterIP services with the old
mechanism (pre-v1.6) even if the "--kube-proxy-replacement" is set to
"disabled". Once we deprecate the "--disable-k8s-services" flag (in v1.9),
we can disable handling of all types of services with the former flag.

Keep Cluster IP service handling when accessed from pods when kubeProxyReplacement is set to "disabled" (pre-v1.6 behavior).

@brb
daemon: Handle ClusterIP svc if kube-proxy-replacement=disabled
07879a9 
We got a few reports from confused users saying that setting
"--kube-proxy-replacement" to "disabled" disabled ClusterIP
services handling done by Cilium regardless whether
"--disable-k8s-services" was set to "false".

This is an expected behavior for us, but probably less expected
for users who previously had the ClusterIP handling enabled by default
due to "--disable-k8s-services" defaulting to "false".

To minimize the confusion, handle ClusterIP services with the old
mechanism (pre-v1.6) even if the "--kube-proxy-replacement" is set to
"disabled". Once we deprecate the "--disable-k8s-services" flag (in v1.9),
we can disable handling of all types of services with the former flag.

Signed-off-by: Martynas Pumputis <m@lambda.lt>
@brb brb added pending-review area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/daemon Impacts operation of the Cilium daemon. release-note/misc This PR makes changes that have no direct user impact. labels Mar 20, 2020
@brb brb requested review from borkmann and a team March 20, 2020 14:01
@brb brb requested a review from a team as a code owner March 20, 2020 14:01
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.8.0 Mar 20, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.7.2 Mar 20, 2020
@brb
Copy link
Member Author

brb commented Mar 20, 2020

test-me-please

@brb
Copy link
Member Author

brb commented Mar 20, 2020

test-docs-please

@aanm
Copy link
Member

aanm commented Mar 20, 2020

@brb please add a user-friendly release note

@coveralls
Copy link

Coverage Status

Coverage increased (+0.03%) to 45.607% when pulling 07879a9 on pr/brb/fix-disable-k8s-services into 1fb5ffe on master.

@aanm aanm added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. and removed release-note/misc This PR makes changes that have no direct user impact. labels Mar 20, 2020
@brb
Copy link
Member Author

brb commented Mar 20, 2020

test-me-please

@joestringer joestringer merged commit 17c5fdc into master Mar 20, 2020
1.8.0 automation moved this from In progress to Merged Mar 20, 2020
@joestringer joestringer deleted the pr/brb/fix-disable-k8s-services branch March 20, 2020 18:14
@joestringer joestringer mentioned this pull request Mar 20, 2020
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.7 in 1.7.2 Mar 20, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.7 to Backport done to v1.7 in 1.7.2 Mar 23, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.7 to Backport done to v1.7 in 1.7.2 Mar 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@borkmann borkmann borkmann approved these changes

@joestringer joestringer joestringer approved these changes

@aanm aanm aanm approved these changes

Assignees
No one assigned
Labels
area/daemon Impacts operation of the Cilium daemon. area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.7.2
Backport done to v1.7
1.8.0
  
Merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@brb @aanm @coveralls @borkmann @joestringer @christarazi