Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: add note about AKS kube-apiserver entity #32464

Merged
merged 1 commit into from
May 16, 2024
Merged

Docs: add note about AKS kube-apiserver entity #32464

merged 1 commit into from
May 16, 2024

Conversation

darox
Copy link
Contributor

@darox darox commented May 10, 2024

Adds a note to the docs that kube-apiserver
entity is not available in AKS.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 10, 2024
@darox darox marked this pull request as ready for review May 10, 2024 12:49
@darox darox requested review from a team as code owners May 10, 2024 12:49
@darox darox requested review from doniacld and qmonnet May 10, 2024 12:49
networkop
networkop approved these changes May 10, 2024
View reviewed changes
Copy link
Contributor

@networkop networkop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgmt

qmonnet
qmonnet approved these changes May 10, 2024
View reviewed changes
Copy link
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks!

Is there an easy way to check whether the entity is available for a specific distribution?

@qmonnet qmonnet added area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. release-note/misc This PR makes changes that have no direct user impact. integration/cloud Related to integration with cloud environments such as AKS, EKS, GKE, etc. labels May 10, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 10, 2024
@qmonnet qmonnet added the sig/policy Impacts whether traffic is allowed or denied based on user-defined policies. label May 10, 2024
@darox
Copy link
Contributor Author

darox commented May 10, 2024

Looks good, thanks!

Is there an easy way to check whether the entity is available for a specific distribution?

No that I'm aware of. I will do some tests on EKS and GKE next week.

gandro
gandro reviewed May 13, 2024
View reviewed changes
Copy link
Member

@gandro gandro left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you clarify what you mean by "unavailable"? As far as I understand it, kube-apiserver works fine for egress traffic, even on AKS. But it won't work for ingress traffic (because of NAT) (ref #31711 (comment))

@darox
Copy link
Contributor Author

darox commented May 14, 2024
edited
Loading

Could you clarify what you mean by "unavailable"? As far as I understand it, kube-apiserver works fine for egress traffic, even on AKS. But it won't work for ingress traffic (because of NAT) (ref #31711 (comment))

You're absolutely right; the note should mention that only ingress statements with fromEntities: kube-apiserver are affected.

@darox darox force-pushed the add-aks-note-kube-apiserver-entity branch from 231ab10 to a662363 Compare May 15, 2024 12:47
@darox
Copy link
Contributor Author

darox commented May 15, 2024
edited
Loading

Could you clarify what you mean by "unavailable"? As far as I understand it, kube-apiserver works fine for egress traffic, even on AKS. But it won't work for ingress traffic (because of NAT) (ref #31711 (comment))

I tested against AKS, EKS and GKE and the behaviour is the same. kube-apiserver doesn't work for ingress traffic on GKE and AKS, but for egress traffic. For EKS I don't see any issues at all.

@darox
Docs: add note about kube-apiserver entity
26d4be4 
Adds a note to the docs that `kube-apiserver`
entity is not available for ingress traffic
in AKS, EKS and GKE.

Signed-off-by: darox <maderdario@gmail.com>
@darox darox force-pushed the add-aks-note-kube-apiserver-entity branch from a662363 to 26d4be4 Compare May 15, 2024 13:10
@gandro
Copy link
Member

gandro commented May 15, 2024

/test

@gandro gandro added this pull request to the merge queue May 16, 2024
Merged via the queue into cilium:main with commit 3989f02 May 16, 2024
61 checks passed
@gandro gandro added needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels May 16, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 16, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels May 16, 2024
@YutaroHayakawa YutaroHayakawa mentioned this pull request May 23, 2024
Merged
15 tasks
@YutaroHayakawa YutaroHayakawa added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels May 23, 2024
@YutaroHayakawa YutaroHayakawa mentioned this pull request May 24, 2024
Merged
12 tasks
@YutaroHayakawa YutaroHayakawa added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels May 24, 2024
@YutaroHayakawa YutaroHayakawa mentioned this pull request May 24, 2024
Merged
10 tasks
@YutaroHayakawa YutaroHayakawa added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels May 24, 2024
@github-actions github-actions bot added backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels May 25, 2024
This was referenced Jun 8, 2024
Merged
Merged
Merged
@gandro gandro mentioned this pull request Jun 10, 2024
Closed
3 tasks
@gandro gandro mentioned this pull request Jun 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@networkop networkop networkop approved these changes

@qmonnet qmonnet qmonnet approved these changes

@doniacld doniacld doniacld approved these changes

Assignees
No one assigned
Labels
area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. integration/cloud Related to integration with cloud environments such as AKS, EKS, GKE, etc. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies.
Projects
No open projects
cilium v1.13.17
Status: Released
cilium v1.14.12
Status: Released
cilium v1.15.6
Status: Released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@darox @gandro @networkop @qmonnet @doniacld @YutaroHayakawa