install: Disable kube-proxy-replacement by default #15422
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tgraf
added
release-note/minor
maintainer-s-little-helper
bot
assigned joestringer and kaworu and unassigned joestringer
joestringer
approved these changes
Mar 23, 2021
brb
approved these changes
Mar 23, 2021
|
@pchaigno might have some concerns regarding the complexity issue which we hit once the socket-lb is disabled on newer kernels. |
Ok. If we do that now, the default installation will likely fail for all users on 5.4+ until we fix the complexity issue. We don't have an obvious fix for the complexity issue. |
tgraf
added a commit
to cilium/cilium-cli
that referenced
this pull request
Mar 23, 2021
Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
nathanjsweet
approved these changes
Mar 25, 2021
kaworu
approved these changes
Mar 26, 2021
|
Let's put this into draft mode until #14726 is resolved. |
tgraf
force-pushed
the
pr/tgraf/disable-host-services
branch
from
7e19a95
to
b69284c
Compare
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.10
in 1.10.0-rc2
maintainer-s-little-helper
bot
moved this from Backport pending to v1.10
to Needs backport from master
in 1.10.0-rc2
maintainer-s-little-helper
bot
moved this from Backport pending to v1.10
to Needs backport from master
in 1.10.0-rc2
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.10
in 1.10.0-rc2
This was referenced May 14, 2021
Closed
maintainer-s-little-helper
bot
moved this from Backport pending to v1.10
to Backport done to v1.10
in 1.10.0-rc2
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
May 27, 2021
Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 1, 2021
Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 1, 2021
Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 1, 2021
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 2, 2021
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 7, 2021
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 7, 2021
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 9, 2021
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
pchaigno
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 9, 2021
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
aditighag
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Jun 10, 2021
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
aditighag
pushed a commit
to aditighag/cilium-cli
that referenced
this pull request
Apr 21, 2023
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium/cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
michi-covalent
pushed a commit
to michi-covalent/cilium
that referenced
this pull request
May 30, 2023
We keep kube-proxy-replacement enabled in the external workload test because that test requires host-reachable services and we want to keep the same LB configuration for cluster pods and for the external VM. Related: cilium#15422 Signed-off-by: Thomas Graf <thomas@cilium.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The default value of "probe" is not ideal. It leads to a situation where
users are unaware who is performing the load-balancing. This can be
desirable for some and undesirable for others. A couple of
examples:
in kube-proxy replacement mode but the kernel requirement disables
the feature automatically.
Istio. Because of a the probe nature, a kernel upgrade in a cluster
can lead to sudden issues with Istio without any additional action by
the user.
It is generally preferred for users to take an explicit action to enable
kube-proxy and set it to strict so the cilium-agent fails if the mode is
not available.