daemon: Rename host-reachable services to socket LB #20369
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b181ca8 to
0028485
Compare
borkmann
reviewed
Jul 1, 2022
| @@ -365,8 +365,13 @@ func initializeFlags() { | |||
| flags.Bool(option.BPFSocketLBHostnsOnly, false, "Skip socket LB for services when inside a pod namespace, in favor of service LB at the pod interface. Socket LB is still used when in the host namespace. Required by service mesh (e.g., Istio, Linkerd).") | |||
| option.BindEnv(option.BPFSocketLBHostnsOnly) | |||
|
|
|||
| flags.Bool(option.EnableSocketLB, false, "Enable socket-based LB for E/W traffic") | |||
| option.BindEnv(option.EnableSocketLB) | |||
There was a problem hiding this comment.
But why even add a new one? Can't we just hide/deprecate the existing one and then fold everything implicitly behind the KPR setting to simplify the user experience?
There was a problem hiding this comment.
My reasoning is that folks might still want to opt out from the socket LB. Removing the flag would make it impossible.
There was a problem hiding this comment.
Considering we now have --bpf-lb-sock-hostns-only what would be the use case for disabling socket-level LB? Also, if we deprecate it, we give one release for users to tell us that they are actually using it.
(I don't have a strong opinion on this, but generally in favor of reducing the number of datapath options.)
There was a problem hiding this comment.
There are still some rough edges with the socket LB (e.g., the stale backend for connected UDP).
|
/test |
e949d58 to
9948cce
Compare
|
/test-1.24-net-next |
|
/test-1.24-net-next |
|
/test Job 'Cilium-PR-K8s-GKE' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment |
|
/test-gke |
1 similar comment
|
/test-gke |
borkmann
approved these changes
Jul 13, 2022
|
|
This was referenced Jul 14, 2022
qmonnet
pushed a commit
that referenced
this pull request
Jul 28, 2022
Note: This commit was first submitted via #20244 and merged to a feature branch. This new version of the commit is similar, but rebased on the master branch, and addresses the conflicts with the following PRs: - #19379 (File requirements-aks.rst split into two files) - #20369 (File host-services.rst removed) - #19760 (New files under gettingstarted/servicemesh) - #20228 (New files under gettingstarted/clustermesh) - #20439 (New files under gettingstarted/clustermesh) - #20428 (New refs to update in troubleshooting_servicemesh.rst) - #20260 (One ref moved to troubleshooting_clustermesh.rst) This commit also updates CODEOWNERS to reflect the updated paths. This is part of a reorganisation of Cilium's docs (GSoD project). Signed-off-by: Yoyo Wu <yoyo19980720@126.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
qmonnet
pushed a commit
that referenced
this pull request
Aug 1, 2022
Note: This commit was first submitted via #20244 and merged to a feature branch. This new version of the commit is similar, but rebased on the master branch, and addresses the conflicts with the following PRs: - #19379 (File requirements-aks.rst split into two files) - #20369 (File host-services.rst removed) - #19760 (New files under gettingstarted/servicemesh) - #20228 (New files under gettingstarted/clustermesh) - #20439 (New files under gettingstarted/clustermesh) - #20428 (New refs to update in troubleshooting_servicemesh.rst) - #20260 (One ref moved to troubleshooting_clustermesh.rst) This commit also updates CODEOWNERS to reflect the updated paths, and fixed a minor issue from the feature branch [0]. [0] #20681 (comment) This is part of a reorganisation of Cilium's docs (GSoD project). Signed-off-by: Yoyo Wu <yoyo19980720@126.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
nathanjsweet
pushed a commit
that referenced
this pull request
Aug 2, 2022
Note: This commit was first submitted via #20244 and merged to a feature branch. This new version of the commit is similar, but rebased on the master branch, and addresses the conflicts with the following PRs: - #19379 (File requirements-aks.rst split into two files) - #20369 (File host-services.rst removed) - #19760 (New files under gettingstarted/servicemesh) - #20228 (New files under gettingstarted/clustermesh) - #20439 (New files under gettingstarted/clustermesh) - #20428 (New refs to update in troubleshooting_servicemesh.rst) - #20260 (One ref moved to troubleshooting_clustermesh.rst) This commit also updates CODEOWNERS to reflect the updated paths, and fixed a minor issue from the feature branch [0]. [0] #20681 (comment) This is part of a reorganisation of Cilium's docs (GSoD project). Signed-off-by: Yoyo Wu <yoyo19980720@126.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
dezmodue
pushed a commit
to dezmodue/cilium
that referenced
this pull request
Aug 10, 2022
Note: This commit was first submitted via cilium#20244 and merged to a feature branch. This new version of the commit is similar, but rebased on the master branch, and addresses the conflicts with the following PRs: - cilium#19379 (File requirements-aks.rst split into two files) - cilium#20369 (File host-services.rst removed) - cilium#19760 (New files under gettingstarted/servicemesh) - cilium#20228 (New files under gettingstarted/clustermesh) - cilium#20439 (New files under gettingstarted/clustermesh) - cilium#20428 (New refs to update in troubleshooting_servicemesh.rst) - cilium#20260 (One ref moved to troubleshooting_clustermesh.rst) This commit also updates CODEOWNERS to reflect the updated paths, and fixed a minor issue from the feature branch [0]. [0] cilium#20681 (comment) This is part of a reorganisation of Cilium's docs (GSoD project). Signed-off-by: Yoyo Wu <yoyo19980720@126.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
brb
added a commit
to cilium/cilium-cli
that referenced
this pull request
Aug 10, 2022
The terminology and friends were deprecated in v1.12, and they will be removed in v1.13: cilium/cilium#20369. Use "Socket LB" everywhere instead. Signed-off-by: Martynas Pumputis <m@lambda.lt>
tklauser
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
Aug 10, 2022
The terminology and friends were deprecated in v1.12, and they will be removed in v1.13: cilium/cilium#20369. Use "Socket LB" everywhere instead. Signed-off-by: Martynas Pumputis <m@lambda.lt>
aditighag
pushed a commit
to aditighag/cilium-cli
that referenced
this pull request
Apr 21, 2023
The terminology and friends were deprecated in v1.12, and they will be removed in v1.13: cilium/cilium#20369. Use "Socket LB" everywhere instead. Signed-off-by: Martynas Pumputis <m@lambda.lt>
michi-covalent
pushed a commit
to michi-covalent/cilium
that referenced
this pull request
May 30, 2023
The terminology and friends were deprecated in v1.12, and they will be removed in v1.13: cilium#20369. Use "Socket LB" everywhere instead. Signed-off-by: Martynas Pumputis <m@lambda.lt>
wigust
added a commit
to kitnil/dotfiles
that referenced
this pull request
Sep 21, 2024
This commit applies a Cilium configuration based on 3 issues: [Services are inaccessible from KubeVirt VMs when using kube-proxy free configuration · Issue #14563 · cilium/cilium] (cilium/cilium#14563) > # Services are inaccessible from KubeVirt VMs when using kube-proxy free > configuration #14563 Kubevirt has a layered networking stack that is > described > [here](https://github.com/kubevirt/kubevirt/blob/master/docs/devel/networking.md). As > Daniel Borkman kindly described > [here](https://cilium.slack.com/archives/C1MATJ5U5/p1610058107366400?thread_ts=1609804735.250100&cid=C1MATJ5U5), > "the east-west based load-balancing is basically realised through BPF > attaching to socket hooks e.g. connect(2) and then doing the service xlation > once at connect time from there. This means there is no packet-based NAT > involved. To get this to work, we'd need to compile in the old-style service > translation in bpf\_lxc to catch untranslated service requests on a > per-packet basis (cc [@martynas](https://github.com/martynas)). This would > get ClusterIP translation working for kubevirt case containers at least (and > therefore resolve your DNS issues)." [datapath: Add a new option to skip socket lb when in pod ns by brb · Pull Request #17154 · cilium/cilium] (cilium/cilium#17154) > Diff from previous PR (cannot push to the fork's branch, so opening a new PR instead): > > - Explicitly enable bpf\_lxc LB if the bypass is enabled (previously, the > ifdef was not checking whether the bypass macro was defined). > - Rename the bypass macro to `ENABLE_SOCKET_LB_HOST_ONLY`. > - Rename the helm var from `loadBalancer.hostNamespaceOnly` to > `hostServices.hostNamespaceOnly`. > - Minor doc improvements. [daemon: Rename host-reachable services to socket LB by brb · Pull Request #20369 · cilium/cilium] (cilium/cilium#20369) > Rename "host-reachable services" to "socket LB". The "host-reachable > services" terminology will be completely removed in v1.13.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Quoting @pchaigno
Rename "host-reachable services" to "socket LB". The "host-reachable services" terminology will be completely removed in v1.13.