New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
daemon: Fix fallback to iptables-based masquerading #12081
Conversation
Previously, when falling back to iptables-based masquerading, if a user had specified --egress-masquerade-interface, the agent considered it as part of BPF masquerading options. This made it obviously to fail. Fix: b7b962b ("daemon: Fallback to iptables if BPF masq cannot be enabled") Reported-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Martynas Pumputis <m@lambda.lt>
Please set the appropriate release note label. |
4 similar comments
Please set the appropriate release note label. |
Please set the appropriate release note label. |
Please set the appropriate release note label. |
Please set the appropriate release note label. |
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested on EKS and verified that this fixes #12078
test-me-please |
To avoid breaking existing guides, fallback to iptables-based masquerading if --egress-masquerade-interface is set. In v1.9, we plan to add a support for the flag which will make the transition from BPF to iptables -based masquerading transparent when the flag is set. Signed-off-by: Martynas Pumputis <m@lambda.lt>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, let's address the remaining connectivity check issue on EKS in a follow-up.
Previously, when falling back to iptables-based masquerading, if a user
had specified
--egress-masquerade-interface
, the agent considered itas part of BPF masquerading options. This made it obviously to fail.
Fix: b7b962b ("daemon: Fallback to iptables if BPF masq cannot be enabled")
Reported-by: Tobias Klauser tklauser@distanz.ch
Fix #12081
/cc @tklauser