Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns proxy: Only reuse DNS proxy port when it's free #25466

Merged
merged 1 commit into from May 31, 2023
Merged

dns proxy: Only reuse DNS proxy port when it's free #25466

merged 1 commit into from May 31, 2023

Conversation

anfernee
Copy link
Contributor

When cilium-agent starts, it will allocate a free port for proxy to use, if users don't speicify in config. It also tries to recover previous allocation from iptables rules, but the recover doesn't check if the port is already open by other processes on the host. This change will check the recovered port is free before assign it to DNS proxy.

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • If your commit description contains a Fixes: <commit-id> tag, then
    please add the commit author[s] as reviewer[s] to this issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Are you a user of Cilium? Please add yourself to the Users doc
  • Thanks for contributing!

Fixes: #22465

@anfernee anfernee requested review from a team as code owners May 15, 2023 23:18
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 15, 2023
@anfernee
envoy proxy: Only reuse DNS proxy port when it's free
08555a5 
When cilium-agent starts, it will allocate a free port for proxy to
use, if users don't speicify in config. It also tries to recover
previous allocation from iptables rules, but the recover doesn't check
if the port is already open by other processes on the host. This change
will check the recovered port is free before assign it to DNS proxy.

Fix cilium#22465

Signed-off-by: Yongkun Gui <ygui@google.com>
@pippolo84 pippolo84 added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label May 18, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 18, 2023
@pippolo84 pippolo84 added area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels May 18, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 18, 2023
@pippolo84 pippolo84 added the sig/agent Cilium agent related. label May 18, 2023
pippolo84
pippolo84 approved these changes May 18, 2023
View reviewed changes
Copy link
Member

@pippolo84 pippolo84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks 💯

@pippolo84
Copy link
Member

pippolo84 commented May 18, 2023
edited by maintainer-s-little-helper bot

/test

Job 'Cilium-PR-K8s-1.24-kernel-5.4' failed:

Click to show.

Test Name

K8sDatapathConfig Host firewall Check connectivity with IPv6 disabled

Failure Output

FAIL: Error creating resource /home/jenkins/workspace/Cilium-PR-K8s-1.24-kernel-5.4/src/github.com/cilium/cilium/test/k8s/manifests/host-policies.yaml: Cannot retrieve "cilium-pcxd2"'s policy revision: cannot get policy revision: ""

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.24-kernel-5.4/2252/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.24-kernel-5.4 so I can create one.

Then please upload the Jenkins artifacts to that issue.

Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed:

Click to show.

Test Name

K8sDatapathServicesTest Checks N/S loadbalancing With host policy Tests NodePort

Failure Output

FAIL: Can not connect to service "tftp://[fd04::12]:30918/hello" from outside cluster (1/10)

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/2389/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.26-kernel-net-next so I can create one.

Then please upload the Jenkins artifacts to that issue.

@jrajahalme jrajahalme changed the title envoy proxy: Only reuse DNS proxy port when it's free dns proxy: Only reuse DNS proxy port when it's free May 30, 2023
@jrajahalme jrajahalme requested a review from nebril May 30, 2023 07:46
@jrajahalme
Copy link
Member

/test-1.24-5.4

@jrajahalme
Copy link
Member

/test-1.26-net-next

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 30, 2023
@julianwiedmann julianwiedmann merged commit 6fec1b0 into cilium:main May 31, 2023
57 of 58 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nebril nebril nebril approved these changes

@pippolo84 pippolo84 pippolo84 approved these changes

@jrajahalme jrajahalme jrajahalme approved these changes

Assignees
No one assigned
Labels
area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. sig/agent Cilium agent related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

If proxy port is taken on node, cilium will crashloop
5 participants
@anfernee @pippolo84 @jrajahalme @nebril @julianwiedmann