-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
daemon: Add --derive-masquerade-ip-addr-from-device opt #17230
Conversation
f95c18b
to
7cca3ec
Compare
test-gke |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, minor comments
If this is supposed to be "hidden" for now, does it make sense to mark this as "minor release change"? I'd expect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but not sure I understand the motivation:
This is a workaround for an environment which uses ECMP for outgoing traffic and it has a dedicated device which IP addr should be used for the masquerading. The workaround is relevant until #17158 has been resolved (thus, we hide the flag).
#17158 describes a case where a device as multiple global scope IP addresses. This new flag still won't address that since we're only selecting the first global scope IP address of the passed device. What am I missing?
Also, what's the link with ECMP? Do you mean egress traffic from pods can egress the node on multiple native devices, but it should always be SNATed to the same IP address?
7cca3ec
to
0ae690c
Compare
The configuration I'm talking about is |
test-net-next |
Job 'Cilium-PR-K8s-1.16-net-next' has 1 failure but they might be new flake since it also hit 1 known flake: #17060 (94.00) |
test-net-next |
0ae690c
to
dbeb2a6
Compare
The new option is used to specify a device which globally scoped IP addr should be used for BPF-based masquerading. This is a workaround for an environment which uses ECMP for outgoing traffic via multiple devices and it has a dedicated device which IP addr should be used for the masquerading. The workaround is relevant until #17158 has been resolved (thus, we hide the flag). Signed-off-by: Martynas Pumputis <m@lambda.lt>
test-net-next |
Job 'Cilium-PR-K8s-1.16-net-next' failed and has not been observed before, so may be related to your PR: Click to show.Test Name
Failure Output
If it is a flake, comment |
CI hit:
Considering that this is the fix for the customer and it got ACK-ed by the reviewers, marking as ready-to-merge. |
The new option is used to specify a device which globally scoped IP addr
should be used for BPF-based masquerading.
This is a workaround for an environment which uses ECMP for outgoing
traffic and it has a dedicated device which IP addr should be used for
the masquerading. The workaround is relevant until
#17158 has been resolved (thus,
we hide the flag).