Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm: Disable BPF masquerading in v1.10+ #17824

Merged
merged 1 commit into from Nov 17, 2021
Merged

helm: Disable BPF masquerading in v1.10+ #17824

merged 1 commit into from Nov 17, 2021

Conversation

pchaigno
Copy link
Member

@pchaigno pchaigno commented Nov 8, 2021

In Cilium v1.10, we disabled kube-proxy-replacement by default but left BPF masquerading enabled. Since the latter requires the former, the default installation results in a warning.

This pull request fixes the warning by disabling BPF masquerading as well on new v1.10+ deployments.

Fixes: #15422.

@pchaigno pchaigno added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. area/helm Impacts helm charts and user deployment experience needs-backport/1.10 labels Nov 8, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.10.6 Nov 8, 2021
@pchaigno pchaigno force-pushed the disable-bpf-masquerade-by-default branch 2 times, most recently from c656d01 to b70e353 Compare November 9, 2021 18:51
@pchaigno
Copy link
Member Author

pchaigno commented Nov 9, 2021

/test

@pchaigno pchaigno marked this pull request as ready for review November 11, 2021 14:21
@pchaigno pchaigno requested a review from a team as a code owner November 11, 2021 14:21
@pchaigno pchaigno requested review from a team, kaworu and nathanjsweet November 11, 2021 14:21
@pchaigno pchaigno requested review from aanm and removed request for nathanjsweet November 16, 2021 08:54
@pchaigno
helm: Disable BPF masquerading in v1.10+
3ef072c 
In Cilium v1.10, we disabled kube-proxy-replacement by default but left
BPF masquerading enabled. Since the latter requires the former, the
default installation results in a warning.

This commit fixes the warning by disabling BPF masquerading as well on
new v1.10+ deployments.

Fixes: 5412142 ("install: Disable kube-proxy-replacement by default")
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno force-pushed the disable-bpf-masquerade-by-default branch from b70e353 to 3ef072c Compare November 16, 2021 18:36
@pchaigno pchaigno requested a review from aanm November 16, 2021 18:37
@pchaigno
Copy link
Member Author

The new push only adds a comment. The tests were previously all green with the exception of k8s-1.21-kernel-4.19 which was failing with known flake #17353. Marking ready to merge.

@pchaigno pchaigno added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 16, 2021
@ti-mo ti-mo merged commit dc40b2c into cilium:master Nov 17, 2021
@pchaigno pchaigno deleted the disable-bpf-masquerade-by-default branch November 17, 2021 09:20
@gandro gandro mentioned this pull request Nov 23, 2021
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.10 in 1.10.6 Nov 23, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.10 in 1.10.6 Nov 23, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.10 to Backport done to v1.10 in 1.10.6 Nov 30, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.10 to Backport done to v1.10 in 1.10.6 Nov 30, 2021
@joestringer joestringer mentioned this pull request Dec 10, 2021
Merged
@stevo-f3
Copy link

stevo-f3 commented Jan 2, 2022

@pchaigno FYI 1.10 docs mention bpf.masquerade is on by default https://docs.cilium.io/en/v1.10/concepts/networking/masquerading/#ebpf-based

@pchaigno
Copy link
Member Author

pchaigno commented Jan 3, 2022

@stevo-f3 Nice catch! Do you want to send a pull request to fix it? We can then backport the fix to all stable branches.

@pchaigno pchaigno mentioned this pull request Jan 10, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaworu kaworu kaworu approved these changes

@aanm aanm aanm approved these changes

Assignees
No one assigned
Labels
area/helm Impacts helm charts and user deployment experience ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.10.6
Backport done to v1.10
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@pchaigno @stevo-f3 @kaworu @aanm @gandro @nathanjsweet @ti-mo @qmonnet