Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v1.13] hubble-relay: deprecate peer svc through local unix domain socket #23442

Merged
merged 2 commits into from
Jan 31, 2023
Merged

[v1.13] hubble-relay: deprecate peer svc through local unix domain socket #23442

merged 2 commits into from
Jan 31, 2023

Conversation

kaworu
Copy link
Member

@kaworu kaworu commented Jan 30, 2023

v1.13 backport PR of #23407

@kaworu kaworu added kind/cleanup This includes no functional changes. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. kind/backports This PR provides functionality previously merged into master. sig/hubble Impacts hubble server or relay area/helm Impacts helm charts and user deployment experience labels Jan 30, 2023
@kaworu kaworu requested a review from a team as a code owner January 30, 2023 07:55
@maintainer-s-little-helper maintainer-s-little-helper bot added the backport/1.13 This PR represents a backport for Cilium 1.13.x of a PR that was merged to main. label Jan 30, 2023
@kaworu kaworu force-pushed the pr/kaworu/1.13/relay/deprecate-peer-svc-through-local-unix-domain-socket branch from 1355370 to 50ed811 Compare January 30, 2023 08:17
@kaworu kaworu requested a review from aanm January 30, 2023 11:38
@aanm aanm added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 31, 2023
@kaworu
doc: don't notice about Hubble standalone mode.
aab27b7 
Hubble server has been integrated into the Cilium agent since v1.9,
released Nov 10th 2020.

Some doc fixes and improvements on the way.

Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu
hubble: deprecate relay peer-svc through unix domain socket
7be3b2d 
Since Cilium v1.12 Hubble Relay has been connecting to the Hubble Peer
service through the hubble-peer Kubernetes Service (i.e. TCP) by
default. The ability to query the Peer Service through the local UNIX
domain socket for Relay has been kept for compatibility reasons and as a
fallback solution, but we should move away from sharing socket through
Pods as it has potential security implications.

This patch deprecate disabling the hubble-peer Kubernetes Service as it
will be the only option once the local UNIX domain support for the Peer
Service in Hubble Relay is removed.

Signed-off-by: Alexandre Perrin <alex@isovalent.com>
@kaworu kaworu force-pushed the pr/kaworu/1.13/relay/deprecate-peer-svc-through-local-unix-domain-socket branch from 50ed811 to 7be3b2d Compare January 31, 2023 10:39
@kaworu kaworu added the release-blocker/1.13 This issue will prevent the release of the next version of Cilium. label Jan 31, 2023
@qmonnet qmonnet merged commit 8ebc2ba into cilium:v1.13 Jan 31, 2023
@kaworu kaworu deleted the pr/kaworu/1.13/relay/deprecate-peer-svc-through-local-unix-domain-socket branch January 31, 2023 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rolinh rolinh rolinh approved these changes

@aanm aanm aanm approved these changes

@qmonnet qmonnet qmonnet approved these changes

@michi-covalent michi-covalent michi-covalent approved these changes

Assignees
No one assigned
Labels
area/helm Impacts helm charts and user deployment experience backport/1.13 This PR represents a backport for Cilium 1.13.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. kind/cleanup This includes no functional changes. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-blocker/1.13 This issue will prevent the release of the next version of Cilium. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. sig/hubble Impacts hubble server or relay
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@kaworu @rolinh @aanm @qmonnet @michi-covalent