Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix native routing cidr missing flag in daemon #12180

Merged
merged 3 commits into from Jun 18, 2020
Merged

Fix native routing cidr missing flag in daemon #12180

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2258ff3
pkg/option: return error in case validation of IPv4NativeRoutingCIDR …
aanm Jun 18, 2020
2e59c93
daemon: add native-routing-cidr as part of the daemon flags
aanm Jun 18, 2020
ca64502
test: set nativeRoutingCIDR
aanm Jun 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions Documentation/cmdref/cilium-agent.md
View file
Open in desktop
Expand Up @@ -156,6 +156,7 @@ cilium-agent [flags]
--monitor-queue-size int Size of the event queue when reading monitor events
--mtu int Overwrite auto-detected MTU of underlying network
--nat46-range string IPv6 prefix to map IPv4 addresses to (default "0:0:0:0:0:FFFF::/96")
--native-routing-cidr string Allows to explicitly specify the CIDR for native routing. This value corresponds to the configured cluster-cidr.
--node-port-acceleration string BPF NodePort acceleration via XDP ("native", "disabled") (default "disabled")
--node-port-bind-protection Reject application bind(2) requests to service ports in the NodePort range (default true)
--node-port-mode string BPF NodePort mode ("snat", "dsr", "hybrid") (default "snat")
Expand Down
3 changes: 3 additions & 0 deletions daemon/cmd/daemon_main.go
View file
Open in desktop
Expand Up @@ -538,6 +538,9 @@ func init() {
flags.Bool(option.EnableHostFirewall, false, "Enable host network policies")
option.BindEnv(option.EnableHostFirewall)

flags.String(option.IPv4NativeRoutingCIDR, "", "Allows to explicitly specify the CIDR for native routing. This value corresponds to the configured cluster-cidr.")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not related to your PR, but why we didn't call the flag --cluster-cidr?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because it is not the cluster CIDR. The native routing space might be much larger, spanning multiple clusters or even non-k8s space.

option.BindEnv(option.IPv4NativeRoutingCIDR)

flags.String(option.LibDir, defaults.LibraryPath, "Directory path to store runtime build environment")
option.BindEnv(option.LibDir)

Expand Down
2 changes: 1 addition & 1 deletion pkg/option/config.go
View file
Open in desktop
Expand Up @@ -2073,7 +2073,7 @@ func (c *DaemonConfig) Validate() error {
}

if err := c.checkIPv4NativeRoutingCIDR(); err != nil {
return nil
return err
}

// Validate that the KVStore Lease TTL value lies between a particular range.
Expand Down
3 changes: 2 additions & 1 deletion test/helpers/kubectl.go
View file
Open in desktop
Expand Up @@ -116,7 +116,8 @@ var (
// We need CNP node status to know when a policy is being enforced
"config.enableCnpStatusUpdates": "true",

"global.hostFirewall": "true",
"global.hostFirewall": "true",
"global.nativeRoutingCIDR": "10.0.0.0/16",
}

flannelHelmOverrides = map[string]string{
Expand Down