datapath: Always include IP of cilium_host in list of local IPs #8839
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
test-me-please EDIT: The following test failed: None of the tests which this commit fixes failed. Rerunning with real fix that can be merged. |
Merged
Due to adding the cilium_host IP address as scope link, the IP was skipped in:
```
func (a *addressFamilyIPv4) LocalAddresses() ([]net.IP, error) {
```
This further lead for `func (d *Daemon) syncEndpointsAndHostIPs()` to not add
the host IP to the lxcmap and ipcache. In fact, due to not being in the list
but previously being added to the lxcmap. The IP even got removed from the
lxcmap.
Depending on the configuration of Cilium, it was possible for this IP to be
added to the ipcache via other means but it was no longer guaranteed.
As soon as policy was involved, the IP was mapped to world and no host and thus
subject to drops as well.
The most obvious side effect of this was that host <-> pod communication could
be affected which often manifested itself in failing readiness probes.
Fixes: #8781
Fixes: #8776
Fixes: #8775
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Thomas Graf <thomas@cilium.io>
vadorovsky
approved these changes
Aug 8, 2019
e77f2c6 to
53feecf
Compare
|
test-me-please |
This was referenced Aug 8, 2019
This was referenced Aug 12, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Due to adding the cilium_host IP address as scope link, the IP was skipped in:
This further lead for
func (d *Daemon) syncEndpointsAndHostIPs()to not addthe host IP to the lxcmap and ipcache. In fact, due to not being in the list
but previously being added to the lxcmap. The IP even got removed from the
lxcmap.
Depending on the configuration of Cilium, it was possible for this IP to be
added to the ipcache via other means but it was no longer guaranteed.
As soon as policy was involved, the IP was mapped to world and no host and thus
subject to drops as well.
The most obvious side effect of this was that host <-> pod communication could
be affected which often manifested itself in failing readiness probes.
Fixes: #8781
Fixes: #8776
Fixes: #8775
Signed-off-by: Martynas Pumputis m@lambda.lt
Signed-off-by: Thomas Graf thomas@cilium.io
This change is