Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(transparent-proxy): deprecate argument 'redirect-inbound-port-v6' and introduce 'ip-family-mode' #8939

Merged
merged 35 commits into from
Mar 15, 2024
Merged

feat(transparent-proxy): deprecate argument 'redirect-inbound-port-v6' and introduce 'ip-family-mode' #8939

merged 35 commits into from
Mar 15, 2024

Conversation

jijiechen
Copy link
Member

fixes #4562

Checklist prior to review

  • Link to relevant issue as well as docs and UI issues
    Deprecate support for redirect-inbound-port-v6  #4562
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS
    • Confirmed
  • Tests (Unit test, E2E tests, manual test on universal and k8s)
    • Unit tests
    • Don't forget ci/ labels to run additional/fewer tests
  • Do you need to update UPGRADE.md?
    • Updated
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)
    • No need

@jijiechen
feat(transparent-proxy): deprecate redirect-inbound-port-v6
6bebbe3 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): change default inbound traffic redirect port…
00e6c53 
… of IPv6 traffic to 15006, the same as ipv4 redirection port

Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): support disable-ipv6 from pod annotations
0b4f5e6 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): fix tests and upgrade notice
dbf3024 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen jijiechen requested a review from a team as a code owner January 22, 2024 03:28
@jijiechen jijiechen requested review from slonka, jakubdyszkiewicz and lobkovilya and removed request for a team January 22, 2024 03:28
@jijiechen
Merge branch 'master' into deprecate-ipv6-inbound-redirect
8c28a1b 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): fix lint errors
016b529 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): fix failed tests
9503981 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): fix failed e2e tests: always set ipv6 inboun…
0714f11 
…d port onto dataplane objects

Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(injector): fixing failed tests
e9c12fc 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
bartsmykla
bartsmykla reviewed Jan 23, 2024
View reviewed changes
Copy link
Contributor

@bartsmykla bartsmykla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few suggestions around UPGRADE.md.

UPGRADE.md Outdated Show resolved Hide resolved
UPGRADE.md Outdated Show resolved Hide resolved
slonka
slonka reviewed Jan 23, 2024
View reviewed changes
Copy link
Contributor

@slonka slonka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one nitpick.

UPGRADE.md Outdated Show resolved Hide resolved
@jijiechen
Merge branch 'master' into deprecate-ipv6-inbound-redirect
91b18c7
@jijiechen
feat(transparent-proxy): introduce a new field 'ipv6_disabled' on dat…
ecd4564 
…aplane.proto

Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): generate ipv6 related xds according to port set
d36533b 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): support disable ipv6 in kuma-cni
e8ceebe
@jijiechen
feat(transparent-proxy): use ipv4 inbound redirect port when needed (…
ece62a5 
…passthrough user set value for ipv6 on injector)

Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): do not set default value for ipv6 inbound re…
99d6b9d 
…direct port at entry level, they will be handled at execution layer(cni/transparentproxy/xds)
@jijiechen
Merge branch 'master' into deprecate-ipv6-inbound-redirect
216f121
@jijiechen
feat(transparent-proxy): fixed failed tests; updated docs
de200cc 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen
feat(transparent-proxy): fix check errors
beb585d 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
jijiechen
jijiechen commented Jan 30, 2024
View reviewed changes
UPGRADE.md Show resolved Hide resolved
@jijiechen
feat(transparent-proxy): fixed data structure definition files
b0110a5 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
jakubdyszkiewicz
jakubdyszkiewicz approved these changes Mar 7, 2024
View reviewed changes
Copy link
Contributor

@jakubdyszkiewicz jakubdyszkiewicz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of this works of course, but if we can expose ipv4 and v6 on the same port wouldn't it be simpler to just change the default here?

        # Redirect port for inbound traffic.
        redirectPortInbound: 15006 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND
        # Redirect port for inbound traffic.
        redirectPortInboundV6: 15010 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6

so v6 and v4 is on the same port?

@jijiechen
Copy link
Member Author

jijiechen commented Mar 12, 2024
edited
Loading

wouldn't it be simpler to just change the default here?

Technically yes, but it needs people to configure it and they don't know what will be the side effects of doing so. So I guess poeple would normally not do this.
And we'll help them get rid of this unnecessary configuration item.
@jakubdyszkiewicz

@jijiechen
feat(transparent-proxy): introduce 'IPFamilyMode' on data plane to ma…
58a5b87 
…rk whether ipv6 traffic redirection should be enabled

Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@lahabana lahabana marked this pull request as draft March 12, 2024 08:31
@jijiechen
feat(transparent-proxy): fix failed unit tests
a8ae748 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen jijiechen force-pushed the deprecate-ipv6-inbound-redirect branch from 783a71b to 2659937 Compare March 13, 2024 05:03
@jijiechen
feat(transparent-proxy): fix golanglint errors
7712abd 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen jijiechen force-pushed the deprecate-ipv6-inbound-redirect branch from 2659937 to 7712abd Compare March 13, 2024 06:06
@jijiechen
feat(transparent-proxy): fix check errors
1fc16c4 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen jijiechen force-pushed the deprecate-ipv6-inbound-redirect branch from 8f58fec to 77f0c90 Compare March 13, 2024 07:32
@jijiechen
feat(transparent-proxy): fix failed e2e tests
063bc90 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen jijiechen force-pushed the deprecate-ipv6-inbound-redirect branch from 77f0c90 to 063bc90 Compare March 13, 2024 07:35
@jijiechen
feat(transparent-proxy): introduce 'unspecified' as default value of …
5ba800b 
…ipFamilyMode on dataplane

Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen jijiechen force-pushed the deprecate-ipv6-inbound-redirect branch 4 times, most recently from 60b6b5f to 9b079b6 Compare March 15, 2024 05:21
@jijiechen jijiechen force-pushed the deprecate-ipv6-inbound-redirect branch from 6adea22 to d44aee8 Compare March 15, 2024 08:09
@jijiechen jijiechen marked this pull request as ready for review March 15, 2024 08:11
@jijiechen
feat(transparent-proxy): shift the upgrade note into 2.7.x from 2.6.x
05ccf42 
Signed-off-by: Jay Chen <1180092+jijiechen@users.noreply.github.com>
@jijiechen jijiechen changed the title feat(transparent-proxy): deprecate argument 'redirect-inbound-port-v6' and introduce 'ipv6-enabled' feat(transparent-proxy): deprecate argument 'redirect-inbound-port-v6' and introduce 'ip-family-mode' Mar 15, 2024
@jijiechen jijiechen merged commit aa9e2a6 into kumahq:master Mar 15, 2024
36 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Apr 19, 2024
Merged
@jakubdyszkiewicz jakubdyszkiewicz mentioned this pull request Jun 17, 2024
Closed
@michaelbeaumont michaelbeaumont mentioned this pull request Jul 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slonka slonka slonka left review comments

@jakubdyszkiewicz jakubdyszkiewicz jakubdyszkiewicz approved these changes

@lobkovilya lobkovilya Awaiting requested review from lobkovilya lobkovilya is a code owner automatically assigned from kumahq/kuma-maintainers

@bartsmykla bartsmykla Awaiting requested review from bartsmykla

Assignees
No one assigned
Labels
ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Deprecate support for redirect-inbound-port-v6
4 participants
@jijiechen @slonka @jakubdyszkiewicz @bartsmykla