Helm: enforce routing mode when either gke.enabled or aksbyocni.enabled are set #29674
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Historically, the Cilium helm chart allowed to override the routing mode
leveraged in combination with {gke,aksbyocni}.enabled. This is no longer
possible since aff16b2 ("Change routing-mode and tunnel interaction.").
According to the Cilium documentation [1,2], this appears to be the
correct behavior, as the routing mode must be respectively set to native
and tunnel in these cases. Hence, let's validate that users didn't
configure a different routing mode, to avoid falling back silently,
which may be confusing.
[1]: https://docs.cilium.io/en/stable/network/concepts/routing/#id6
[2]: https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/#install-cilium (AKS tab)
Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
giorio94
added
release-note/misc
|
/test |
|
@youngnick Friendly ping 🙏 |
giorio94
added
the
needs-backport/1.15
youngnick
approved these changes
Dec 20, 2023
maintainer-s-little-helper
bot
added
the
ready-to-merge
pippolo84
added
backport-pending/1.15
pippolo84
added
backport-pending/1.14
github-actions
bot
added
backport-done/1.14
aanm
added
backport-done/1.15
gentoo-root
moved this from Needs backport from main
to Backport done to v1.14
in 1.14.6
aanm
moved this from Needs backport from main
to Backport done to v1.15
in v1.15.0-rc.1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Historically, the Cilium helm chart allowed to override the routing mode leveraged in combination with {gke,aksbyocni}.enabled. This is no longer possible since aff16b2 ("Change routing-mode and tunnel interaction.").
According to the Cilium documentation [1,2], this appears to be the correct behavior, as the routing mode must be respectively set to native and tunnel in these cases. Hence, let's validate that users didn't configure a different routing mode, to avoid falling back silently, which may be confusing.
aff16b2 could be considered a breaking change. However, it got backported to v1.14, and we haven't sees bug reports (at least AFAIK) about the behavioral difference. Which means that users are not overriding the routing mode in these cases, as documented. Still, better being pedantic and prevent possible issues (our CI was affected, as apparently we were overriding the routing mode in the external workloads workflow, and it took a while to discover the underlying cause).
I'm marking this PR for backport to v1.14 for consistency with the above commit which introduced the behavioral change.
Related: #27841 (comment)
[1]: https://docs.cilium.io/en/stable/network/concepts/routing/#id6
[2]: https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/#install-cilium (AKS tab)