Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip node ipset updates if iptables masquerading is disabled #17871

Merged
merged 4 commits into from Jan 13, 2022
Merged

Skip node ipset updates if iptables masquerading is disabled #17871

merged 4 commits into from Jan 13, 2022

Conversation

pchaigno
Copy link
Member

@pchaigno pchaigno commented Nov 12, 2021
edited

First commit introduces a helper function, the second skips all updates/creation of the node ipset if iptables-based masquerading is not used.

Fixes: #17711.

@pchaigno pchaigno added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/bug This PR fixes an issue in a previous release of Cilium. labels Nov 12, 2021
@pchaigno pchaigno force-pushed the skip-node-ipset-no-masquerading branch 7 times, most recently from 31320e3 to 4f7bed0 Compare November 18, 2021 22:08
@pchaigno pchaigno marked this pull request as ready for review November 18, 2021 22:08
@pchaigno pchaigno requested review from a team November 18, 2021 22:08
@pchaigno pchaigno requested a review from a team as a code owner November 18, 2021 22:08
@pchaigno pchaigno marked this pull request as draft November 19, 2021 14:45
@pchaigno pchaigno force-pushed the skip-node-ipset-no-masquerading branch 2 times, most recently from 3a8961e to 6844b2e Compare December 13, 2021 18:54
@pchaigno pchaigno marked this pull request as ready for review December 13, 2021 21:13
@pchaigno
Copy link
Member Author

I had put this in draft mode for a while to focus on other things. Should be ready now and I addressed your review @jibi.

@pchaigno pchaigno requested a review from jibi December 13, 2021 21:14
twpayne
twpayne reviewed Dec 15, 2021
View reviewed changes
pkg/datapath/iptables/iptables.go Outdated Show resolved Hide resolved
pkg/datapath/iptables/iptables.go Show resolved Hide resolved
pkg/option/config.go Outdated Show resolved Hide resolved
qmonnet
qmonnet approved these changes Jan 10, 2022
View reviewed changes
pkg/datapath/iptables/iptables.go Outdated Show resolved Hide resolved
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 10, 2022
@qmonnet qmonnet added the dont-merge/bad-bot To prevent MLH from marking ready-to-merge. label Jan 10, 2022
@pchaigno pchaigno removed the dont-merge/bad-bot To prevent MLH from marking ready-to-merge. label Jan 13, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.11.1 Jan 13, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 13, 2022
@aditighag aditighag merged commit 76551df into cilium:master Jan 13, 2022
@pchaigno pchaigno deleted the skip-node-ipset-no-masquerading branch January 14, 2022 08:16
@aditighag aditighag mentioned this pull request Jan 14, 2022
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.10 in 1.11.1 Jan 14, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.10 in 1.11.1 Jan 14, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Backport pending to v1.10 in 1.11.1 Jan 18, 2022
@aditighag
Copy link
Member

Backporting for this PR was skipped - #18488 (comment). @pchaigno Please check if the needs-backport/1.11 label needs to be removed from the PR.

@pchaigno
Copy link
Member Author

pchaigno commented Feb 8, 2022

I've checked the code to try and understand how #18488 (comment) could happen, but I don't see any error. We also haven't had that error pop up in CI (or nobody reported it). So I'm going to try and label this for backport again.

@aanm aanm mentioned this pull request Feb 10, 2022
Closed
This was referenced Feb 11, 2022
Merged
Merged
@jibi jibi mentioned this pull request Feb 14, 2022
Merged
@jibi jibi added backport-pending/1.11 backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. and removed needs-backport/1.11 labels Feb 14, 2022
@joestringer joestringer mentioned this pull request Feb 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twpayne twpayne twpayne left review comments

@jibi jibi jibi approved these changes

@qmonnet qmonnet qmonnet approved these changes

Assignees

@twpayne twpayne

Labels
backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Skip node ipset updates if iptables masquerading is disabled
5 participants
@pchaigno @qmonnet @aditighag @twpayne @jibi