Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daemon: Warn on disabling iptables #16611

Merged
merged 1 commit into from
Jun 22, 2021
Merged

daemon: Warn on disabling iptables #16611

merged 1 commit into from
Jun 22, 2021

Conversation

joestringer
Copy link
Member

I'm looking forward to a time when we no longer need to configure
iptables. However, for the moment there's a couple of minor features we
use to handle policy and forwarding correctly which rely on iptables.
Furthermore, even if all of this is implemented in eBPF, the user's
environment may still have iptables configured and this can then
interfere with the Cilium traffic handling, depending on how Cilium is
configured.

For now, it likely makes sense to warn users that disabling this flag
could lead to unexpected policy and forwarding behaviour. Once we've
resolved the linked issue, maybe we can think about reverting this to an
info message to account for the compatibility case mentioned above.

Related: #12879

@joestringer
daemon: Warn on disabling iptables
85c9dad 
I'm looking forward to a time when we no longer need to configure
iptables. However, for the moment there's a couple of minor features we
use to handle policy and forwarding correctly which rely on iptables.
Furthermore, even if all of this is implemented in eBPF, the user's
environment may still have iptables configured and this can then
interfere with the Cilium traffic handling, depending on how Cilium is
configured.

For now, it likely makes sense to warn users that disabling this flag
could lead to unexpected policy and forwarding behaviour. Once we've
resolved the linked issue, maybe we can think about reverting this to an
info message to account for the compatibility case mentioned above.

Signed-off-by: Joe Stringer <joe@cilium.io>
@joestringer joestringer requested review from a team and joamaki June 21, 2021 23:01
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 21, 2021
@joestringer joestringer added the release-note/misc This PR makes changes that have no direct user impact. label Jun 21, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 21, 2021
@pchaigno pchaigno added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 22, 2021
@christarazi christarazi merged commit ba4acfe into cilium:master Jun 22, 2021
@joestringer joestringer deleted the submit/warn-no-iptables branch August 25, 2022 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

@pchaigno pchaigno pchaigno approved these changes

@joamaki joamaki Awaiting requested review from joamaki

Assignees

@joamaki joamaki

Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@joestringer @brb @pchaigno @joamaki @christarazi