Internal traffic policy #21871
Merged
Internal traffic policy #21871
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
gentoo-root
force-pushed
the
internal-traffic-policy
branch
3 times, most recently
from
2bdd0be
to
d16335d
Compare
gentoo-root
force-pushed
the
internal-traffic-policy
branch
3 times, most recently
from
20f300d
to
057aacb
Compare
This comment was marked as resolved.
This comment was marked as resolved.
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
gentoo-root
force-pushed
the
internal-traffic-policy
branch
from
72d2bd3
to
2ae3382
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
gandro
reviewed
Nov 14, 2022
There was a problem hiding this comment.
I'm very excited to see this land! 🎉
The renaming of trafficPolicy fields in the api/ subfolder (both Hubble and OpenAPI), as well as the monitor API might break external JSON parsers trying to read the field. For example, Hubble can export those events into a JSON file which are then read by external systems.
I don't think we should rename it without warning/deprecation. If we want to rename it, I would suggest adding a new field called externalTrafficPolicy, populate both the new and old one, and deprecate the old one. Later, we can then check if it is safe to remove the old field.
pchaigno
added
the
release-note/minor
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
pchaigno
added
release-note/major
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
pchaigno
added
the
sig/k8s
gentoo-root
force-pushed
the
internal-traffic-policy
branch
7 times, most recently
from
5404159
to
ed51820
Compare
gentoo-root
force-pushed
the
internal-traffic-policy
branch
3 times, most recently
from
6839886
to
5c82f5f
Compare
aditighag
pushed a commit
to aditighag/cilium
that referenced
this pull request
Jan 9, 2023
…uide [ upstream commit fda3667 ] Pull request cilium#21871 introduced a few minor behavioral changes and fixes. Document them in the upgrade guide for Cilium 1.13. Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com> Signed-off-by: Aditi Ghag <aditi@cilium.io>
aditighag
added
backport-pending/1.13
aditighag
pushed a commit
to aditighag/cilium
that referenced
this pull request
Jan 10, 2023
…uide [ upstream commit fda3667 ] Pull request cilium#21871 introduced a few minor behavioral changes and fixes. Document them in the upgrade guide for Cilium 1.13. Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com> Signed-off-by: Aditi Ghag <aditi@cilium.io>
aditighag
added
backport-done/1.13
joestringer
moved this from Needs backport from master
to Backport done to v1.13
in 1.13.0-rc5
7 tasks
sayboras
added a commit
to sayboras/cilium
that referenced
this pull request
Feb 27, 2023
As L7 LB service is having dummy endpoint (e.g. 192.192.192.192), the in-cluster traffic will be dropped due to no healthy backend. This commit is to make sure that the proper exclusion rule is done. Relates: cilium#21871 Fixes: 38959d4 Signed-off-by: Tam Mach <tam.mach@cilium.io>
YutaroHayakawa
pushed a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Mar 6, 2023
[ upstream commit f5fdb67 ] As L7 LB service is having dummy endpoint (e.g. 192.192.192.192), the in-cluster traffic will be dropped due to no healthy backend. This commit is to make sure that the proper exclusion rule is done. Relates: cilium#21871 Fixes: 38959d4 Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
julianwiedmann
pushed a commit
to julianwiedmann/cilium
that referenced
this pull request
Mar 7, 2023
As L7 LB service is having dummy endpoint (e.g. 192.192.192.192), the in-cluster traffic will be dropped due to no healthy backend. This commit is to make sure that the proper exclusion rule is done. Relates: cilium#21871 Fixes: 38959d4 Signed-off-by: Tam Mach <tam.mach@cilium.io>
YutaroHayakawa
pushed a commit
that referenced
this pull request
Mar 8, 2023
[ upstream commit f5fdb67 ] As L7 LB service is having dummy endpoint (e.g. 192.192.192.192), the in-cluster traffic will be dropped due to no healthy backend. This commit is to make sure that the proper exclusion rule is done. Relates: #21871 Fixes: 38959d4 Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
YutaroHayakawa
pushed a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Mar 17, 2023
…uide [ upstream commit fda3667 ] Pull request cilium#21871 introduced a few minor behavioral changes and fixes. Document them in the upgrade guide for Cilium 1.13. Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com> Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
julianwiedmann
pushed a commit
to julianwiedmann/cilium
that referenced
this pull request
Apr 11, 2023
As L7 LB service is having dummy endpoint (e.g. 192.192.192.192), the in-cluster traffic will be dropped due to no healthy backend. This commit is to make sure that the proper exclusion rule is done. Relates: cilium#21871 Fixes: 38959d4 Signed-off-by: Tam Mach <tam.mach@cilium.io>
julianwiedmann
pushed a commit
to julianwiedmann/cilium
that referenced
this pull request
Apr 13, 2023
As L7 LB service is having dummy endpoint (e.g. 192.192.192.192), the in-cluster traffic will be dropped due to no healthy backend. This commit is to make sure that the proper exclusion rule is done. Relates: cilium#21871 Fixes: 38959d4 Signed-off-by: Tam Mach <tam.mach@cilium.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Internal traffic policy = Local means that internal (East-West)
connections to the service should be handled by node-local backends
only. When external and internal traffic policies are different, the
existing implementation is extended to support filtering out non-local
backends for the internal scope. When both policies are both Local, only
the external scope is used (the same already happens when both policies
are Cluster), and it contains local backends only.
Fixes: #16071