-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update cilium docs with note about eni and bpf nodeport #8551
Update cilium docs with note about eni and bpf nodeport #8551
Conversation
Hi @olemarkus. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
|
||
As of Kops 1.18 you can safely enable Cilium NodePort. | ||
|
||
In this mode, the cluster is fully functional without kube-proxy, with Cilium replacing kube-proxy's NodePort implementation using BPF. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this mode, the cluster is fully functional without kube-proxy, with Cilium replacing kube-proxy's NodePort implementation using BPF. | |
In this mode the cluster is fully functional without kube-proxy, with Cilium replacing kube-proxy's NodePort implementation using BPF. |
976e409
to
e0ed5a7
Compare
|
||
##### Enabling BPF NodePort | ||
|
||
As of Kops 1.18 you can safely enable Cilium NodePort. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm skeptical of the value of documenting in which version each feature was added. This should just state what NodePort is and how one can enable it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought this would be the most helpful since Kops doesn't have versioned docs. If this goes in, it would reference features that doesn't exists.
$ kops update cluster myclustername.mydns.io --yes | ||
As of Kops 1.18, you can have Cilium provision AWS managed adresses and attach them directly to Pods much like Lyft VPC and AWS VPC. See [the Cilium docs for more information](https://docs.cilium.io/en/v1.6/concepts/ipam/eni/) | ||
|
||
When using ENI IPAM you need to disable masquerading in Cilium as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When using ENI IPAM you need to disable masquerading in Cilium as well. | |
When using ENI IPAM you need to disable masquerading in Cilium unless you have no NAT/internet gateway to masquerade the ENI addresses to external networks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR went in with forcing masquerading to be disabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That seems unfortunate. I had thought we had discovered a use case for not forcing it.
c29907b
to
011991d
Compare
011991d
to
cd29da7
Compare
This looks good to me, we can always iterate on it in future PRs /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: olemarkus, rifelpet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
No description provided.