New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Daemon: fix hardcode envoy listener addr #17281
Conversation
test-me-please Job 'Cilium-PR-K8s-1.21-kernel-4.9' failed and has not been observed before, so may be related to your PR: Click to show.Test Name
Failure Output
If it is a flake, comment Job 'Cilium-PR-K8s-1.16-net-next' failed and has not been observed before, so may be related to your PR: Click to show.Test Name
Failure Output
If it is a flake, comment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, one question below, thanks!
@@ -414,7 +419,7 @@ func (s *XDSServer) AddMetricsListener(port uint16, wg *completion.WaitGroup) { | |||
Address: &envoy_config_core.Address_SocketAddress{ | |||
SocketAddress: &envoy_config_core.SocketAddress{ | |||
Protocol: envoy_config_core.SocketAddress_TCP, | |||
Address: "::", | |||
Address: listenerAddr, | |||
Ipv4Compat: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose having Ipv4Compat: true
is harmless when listening on an IPv4 is address?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your time @jrajahalme . I have just checked the related code of envoy about ipv4Compat, and here's the only usage of socket_address.ipv4_compat, that means IPv4Compat only affect for ipv6 connection. Here's the code:
https://github.com/envoyproxy/envoy/blob/main/source/common/network/utility.cc#L137
Added a release note to the description. |
/test |
it looks a little bit suspicious the same test failed in 2 different CI runs. Are we sure this isn't a real failure? |
Without this patch, NetworkPolicy with Envoy would failed if AF_INET6 address family not supported, and Envoy would report error like: ``` xdsDetail="Error adding/updating listener(s) cilium-http-egress:14978: IPv6 addresses are not supported on this machine: [::]:14978\n" xdsNonce=196 xdsStreamID=1 xdsTypeURL=type.googleapis.com/envoy.config.listener.v3.Listener ``` Fixes: cilium#17156 Signed-off-by: Zhang Qiang <qiangzhang@qiyi.com>
/test |
Without this patch, NetworkPolicy with Envoy would failed if
AF_INET6 address family not supported, and Envoy would report
error like:
Fixes: #17156
Signed-off-by: Zhang Qiang qiangzhang@qiyi.com
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: #issue-number