datapath: Add a new option to skip socket lb when in pod ns #17154

brb · 2021-08-12T16:03:28Z

Diff from previous PR (cannot push to the fork's branch, so opening a new PR instead):

Explicitly enable bpf_lxc LB if the bypass is enabled (previously, the ifdef was not checking whether the bypass macro was defined).
Rename the bypass macro to ENABLE_SOCKET_LB_HOST_ONLY.
Rename the helm var from loadBalancer.hostNamespaceOnly to hostServices.hostNamespaceOnly.
Minor doc improvements.

Supersedes #13882.

brb · 2021-08-12T19:14:11Z

test-net-next

brb · 2021-08-13T11:37:56Z

test-me-please

brb · 2021-08-13T14:39:21Z

test-runtime

brb · 2021-08-24T08:48:12Z

test-me-please

Job 'Cilium-PR-K8s-1.16-net-next' has 3 failures but they might be new flakes since it also hit 1 known flakes: #17060 (88.47)

brb · 2021-09-30T07:59:53Z

net-next hit #12511. Marking as ready to merge.

Use the same condition in defining the label 'skip_policy_enforcement' as for jumping to it. Otherwise we could jump to a nonexisting label given a suitable datapath configuration. This does not seem possible now, as ENABLE_HOST_SERVICES_FULL should not be defined if ENABLE_SOCKET_LB_HOST_ONLY is defined. However, as the conditions for defining ENABLE_PER_PACKET_LB evolve, this would become a compilation bug. Fixes: #17154 Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>

Use the same condition in defining the label 'skip_policy_enforcement' as for jumping to it. Otherwise we could jump to a nonexisting label given a suitable datapath configuration. This does not seem possible now, as ENABLE_HOST_SERVICES_FULL should not be defined if ENABLE_SOCKET_LB_HOST_ONLY is defined. However, as the conditions for defining ENABLE_PER_PACKET_LB evolve, this would become a compilation bug. Fixes: cilium#17154 Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>

Use the same condition in defining the label 'skip_policy_enforcement' as for jumping to it. Otherwise we could jump to a nonexisting label given a suitable datapath configuration. This does not seem possible now, as ENABLE_HOST_SERVICES_FULL should not be defined if ENABLE_SOCKET_LB_HOST_ONLY is defined. However, as the conditions for defining ENABLE_PER_PACKET_LB evolve, this would become a compilation bug. Fixes: #17154 Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>

[ upstream commit 6e2ce4a ] Use the same condition in defining the label 'skip_policy_enforcement' as for jumping to it. Otherwise we could jump to a nonexisting label given a suitable datapath configuration. This does not seem possible now, as ENABLE_HOST_SERVICES_FULL should not be defined if ENABLE_SOCKET_LB_HOST_ONLY is defined. However, as the conditions for defining ENABLE_PER_PACKET_LB evolve, this would become a compilation bug. Fixes: #17154 Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>

maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 12, 2021

brb force-pushed the pr/brb/fix-istio-disable-socket-lb branch from 8233676 to f7d126b Compare August 13, 2021 10:13

brb mentioned this pull request Aug 13, 2021

datapath: Istio and Linkerd do not work with socket-LB #16583

Closed

brb force-pushed the pr/brb/fix-istio-disable-socket-lb branch from f7d126b to 490607a Compare August 24, 2021 08:19

brb changed the title ~~WIP: fix istio socket-lb~~ datapath: Adds a new option to skip socket lb when in pod ns Aug 24, 2021

brb added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. sig/loadbalancing labels Aug 24, 2021

maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 24, 2021

brb force-pushed the pr/brb/fix-istio-disable-socket-lb branch from 490607a to 6d54696 Compare August 24, 2021 08:35

brb changed the title ~~datapath: Adds a new option to skip socket lb when in pod ns~~ datapath: Add a new option to skip socket lb when in pod ns Aug 24, 2021

brb requested a review from Weil0ng August 24, 2021 08:35

maintainer-s-little-helper bot assigned Weil0ng Aug 24, 2021

brb marked this pull request as ready for review August 24, 2021 08:48

brb requested review from a team August 24, 2021 08:48

brb requested review from a team as code owners August 24, 2021 08:48

brb requested review from a team August 24, 2021 08:48

brb requested a review from a team as a code owner August 24, 2021 08:48

brb requested review from joamaki, tklauser and qmonnet August 24, 2021 08:48

maintainer-s-little-helper bot assigned joamaki Aug 24, 2021

brb added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Sep 30, 2021

glibsm merged commit f7303af into master Sep 30, 2021

glibsm deleted the pr/brb/fix-istio-disable-socket-lb branch September 30, 2021 16:12

glibsm added backport-pending/1.10 and removed needs-backport/1.10 labels Oct 4, 2021

maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.10 in 1.10.5 Oct 4, 2021

glibsm mentioned this pull request Oct 4, 2021

v1.10 backports 2021-10-04 #17531

Merged

brb mentioned this pull request Oct 11, 2021

mTLS is not working without kube-proxy? istio/istio#35531

Closed

joestringer added backport-done/1.10 and removed backport-pending/1.10 labels Oct 13, 2021

maintainer-s-little-helper bot moved this from Backport pending to v1.10 to Backport done to v1.10 in 1.10.5 Oct 13, 2021

joestringer mentioned this pull request Oct 13, 2021

Prepare for release v1.10.5 #17606

Merged

brb mentioned this pull request Oct 18, 2021

Networking breaks when using cilium with strict kube-proxy replacement istio/istio#27619

Closed

brb mentioned this pull request Nov 10, 2021

Services are inaccessible from KubeVirt VMs when using kube-proxy free configuration #14563

Closed

brb mentioned this pull request Jan 4, 2022

eBPF masq breaks ClusterIP access on Kata/gVisor #15626

Closed

cortopy mentioned this pull request Jan 14, 2022

TLS handshake timeout in identity pod linkerd/linkerd2#7460

Closed

1 task

brb mentioned this pull request Feb 22, 2022

Cilium kube-proxy free doesn't run with konnectivity service #18871

Closed

2 tasks

jrajahalme mentioned this pull request Mar 10, 2022

Bpf fix conditional compilation #19104

Merged

mateiidavid mentioned this pull request Oct 24, 2022

GRPC load balancing doesn't work with Calico linkerd/linkerd2#9674

Closed

lwj5 mentioned this pull request Sep 6, 2023

VM cannot connect to k8s service without kube-proxy kubevirt/kubevirt#10388

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

datapath: Add a new option to skip socket lb when in pod ns #17154

datapath: Add a new option to skip socket lb when in pod ns #17154

brb commented Aug 12, 2021 •

edited

brb commented Aug 12, 2021

brb commented Aug 13, 2021

brb commented Aug 13, 2021

brb commented Aug 24, 2021 •

edited by maintainer-s-little-helper bot

brb commented Sep 30, 2021

datapath: Add a new option to skip socket lb when in pod ns #17154

datapath: Add a new option to skip socket lb when in pod ns #17154

Conversation

brb commented Aug 12, 2021 • edited

brb commented Aug 12, 2021

brb commented Aug 13, 2021

brb commented Aug 13, 2021

brb commented Aug 24, 2021 • edited by maintainer-s-little-helper bot

brb commented Sep 30, 2021

brb commented Aug 12, 2021 •

edited

brb commented Aug 24, 2021 •

edited by maintainer-s-little-helper bot