Skip to content

fix: create policy snapshot only for sdp #40785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 5, 2025
Merged

fix: create policy snapshot only for sdp #40785

merged 1 commit into from
Aug 5, 2025

Conversation

vipul-21
Copy link
Contributor

@vipul-21 vipul-21 commented Jul 29, 2025
edited
Loading

  • Only calculate the policy rules snapshot when the standalone dns proxy is enabled. This PR adds a flag that helps us check if SDP is enabled or not. Based on that flag we calculate the snapshot and send to the grpc server.
  • Also create the grpc sdp server only when the standalone dns proxy should be enabled

The enabled field indicates whether the standalone DNS proxy is enabled. This field is set to true only when ALL the following conditions are met:

Flag/Setting Required Value Description
EnableStandaloneDNSProxy true Feature flag to enable standalone DNS proxy
DaemonConfig.EnableL7Proxy true L7 proxy must be enabled as a prerequisite
DaemonConfig.ToFQDNsProxyPort > 0 Valid port for FQDN proxy
Config.StandaloneDNSProxyServerPort > 0 Valid port for standalone DNS proxy server

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jul 29, 2025
@github-actions github-actions bot added the sig/policy Impacts whether traffic is allowed or denied based on user-defined policies. label Jul 29, 2025
@vipul-21 vipul-21 marked this pull request as ready for review July 29, 2025 15:51
@vipul-21 vipul-21 requested review from a team as code owners July 29, 2025 15:51
@vipul-21 vipul-21 requested review from sayboras and tklauser July 29, 2025 15:51
@vipul-21 vipul-21 mentioned this pull request Jul 29, 2025
Open
@vipul-21 vipul-21 force-pushed the singhvipul/sdp_fix branch 2 times, most recently from f0716a5 to 1deeab7 Compare July 29, 2025 21:54
@joamaki joamaki added release-note/bug This PR fixes an issue in a previous release of Cilium. needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Jul 30, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jul 30, 2025
@tklauser
Copy link
Member

/test

@tklauser tklauser enabled auto-merge July 30, 2025 08:39
@vipul-21
Copy link
Contributor Author

CI investigation:
ci-gateway-api failing due to the reason: #40243, failure run: https://github.com/cilium/cilium/actions/runs/16617702167/job/47014216523

Will rebase as that should solve the ci-ginko (automatically trigger ci-gateway-api as well)

@vipul-21
fix: create policy snapshot only for sdp
441d730 
adds a flag that helps us check if SDP is enabled or not.
Based on that flag we calculate the snapshot and send to the grpc server.
Also, don't create sdp server when sdp is false

Signed-off-by: Vipul Singh <singhvipul@microsoft.com>
auto-merge was automatically disabled July 30, 2025 17:17

Head branch was pushed to by a user without write access

@vipul-21 vipul-21 force-pushed the singhvipul/sdp_fix branch from 1deeab7 to 441d730 Compare July 30, 2025 17:17
@vipul-21
Copy link
Contributor Author

/test

@vipul-21
Copy link
Contributor Author

vipul-21 commented Jul 30, 2025
edited
Loading

ci-clustermesh failing due to #39370, pipeline run: https://github.com/cilium/cilium/actions/runs/16629793128/job/47056007384

@vipul-21
Copy link
Contributor Author

/ci-clustermesh

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Aug 1, 2025
@joestringer joestringer added this pull request to the merge queue Aug 5, 2025
Merged via the queue into cilium:main with commit 30ded44 Aug 5, 2025
68 checks passed
@rastislavs rastislavs mentioned this pull request Aug 6, 2025
Merged
17 tasks
@rastislavs rastislavs added backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Aug 6, 2025
@github-actions github-actions bot added backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Aug 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tklauser tklauser tklauser approved these changes

@joamaki joamaki joamaki approved these changes

@sayboras sayboras sayboras approved these changes

Assignees
No one assigned
Labels
backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vipul-21 @tklauser @joamaki @sayboras @joestringer @rastislavs