Split --tunnel flag to allow setting a tunneling protocol for a subset of traffic
#24561
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
e5a2559 to
82d6f6a
Compare
brb
added a commit
that referenced
this pull request
May 12, 2023
Unfortunately, 93baa34 was ran against the latest Cilium, so it didn't catch v1.13 specific issues (limitations). This commit fixes: * Use --tunnel instead of --tunnelProtocol. The latter was only introduced in v1.14 [1]. * Disable IPv6 for IPsec configuration. * Downgrade CLI to v0.13.2 until [2] has been resolved. * Remove external CIDRs, as they are not needed for v0.13.2 CLI. * Disable L7 if EGW or WG is enabled (v1.13 limitation). * Remove host-to-host encryption configurations (v1.13 doesn't support it). [1]: #24561 [2]: cilium/cilium-cli#1627 Fixes: 93baa34 ("ci-e2e: backport changes in conformance-e2e into v1.13 tests") Signed-off-by: Martynas Pumputis <m@lambda.lt>
aanm
pushed a commit
that referenced
this pull request
May 12, 2023
Unfortunately, 93baa34 was ran against the latest Cilium, so it didn't catch v1.13 specific issues (limitations). This commit fixes: * Use --tunnel instead of --tunnelProtocol. The latter was only introduced in v1.14 [1]. * Disable IPv6 for IPsec configuration. * Downgrade CLI to v0.13.2 until [2] has been resolved. * Remove external CIDRs, as they are not needed for v0.13.2 CLI. * Disable L7 if EGW or WG is enabled (v1.13 limitation). * Remove host-to-host encryption configurations (v1.13 doesn't support it). [1]: #24561 [2]: cilium/cilium-cli#1627 Fixes: 93baa34 ("ci-e2e: backport changes in conformance-e2e into v1.13 tests") Signed-off-by: Martynas Pumputis <m@lambda.lt>
jibi
added a commit
to cilium/cilium-cli
that referenced
this pull request
May 24, 2023
make the feature detection logic compatible with the new flag introduced in v1.14 in [1] [1] cilium/cilium#24561 Signed-off-by: Gilberto Bertin <jibi@cilium.io>
jibi
added a commit
to cilium/cilium-cli
that referenced
this pull request
May 24, 2023
make the feature detection logic compatible with the new flag introduced in v1.14 in [1] [1] cilium/cilium#24561 Signed-off-by: Gilberto Bertin <jibi@cilium.io>
tklauser
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
May 24, 2023
make the feature detection logic compatible with the new flag introduced in v1.14 in [1] [1] cilium/cilium#24561 Signed-off-by: Gilberto Bertin <jibi@cilium.io>
michi-covalent
pushed a commit
to michi-covalent/cilium
that referenced
this pull request
May 30, 2023
make the feature detection logic compatible with the new flag introduced in v1.14 in [1] [1] cilium#24561 Signed-off-by: Gilberto Bertin <jibi@cilium.io>
brb
added a commit
to cilium/cilium-cli
that referenced
this pull request
May 31, 2023
Also, detect it from routingMode if set. The latter was introduced by [1]. [1]: cilium/cilium#24561 Signed-off-by: Martynas Pumputis <m@lambda.lt>
tklauser
pushed a commit
to cilium/cilium-cli
that referenced
this pull request
May 31, 2023
Also, detect it from routingMode if set. The latter was introduced by [1]. [1]: cilium/cilium#24561 Signed-off-by: Martynas Pumputis <m@lambda.lt>
2 tasks
Did anyone ever get to this? I'm still getting pre-1.14 helm values with the latest CLI version. |
PhilipSchmid
added a commit
to PhilipSchmid/cilium
that referenced
this pull request
Sep 28, 2023
- Improved description for tunnel, tunnelProtocol, routingMode flags to make it clearer for users to know the possible values. - Added deprecation note for the tunnel flag to be in line with the v1.14.0 release notes and cilium#24561. Signed-off-by: Philip Schmid <philip.schmid@isovalent.com>
lmb
pushed a commit
that referenced
this pull request
Sep 28, 2023
- Improved description for tunnel, tunnelProtocol, routingMode flags to make it clearer for users to know the possible values. - Added deprecation note for the tunnel flag to be in line with the v1.14.0 release notes and #24561. Signed-off-by: Philip Schmid <philip.schmid@isovalent.com>
sayboras
pushed a commit
to sayboras/cilium
that referenced
this pull request
Oct 2, 2023
[ upstream commit dde4722 ] - Improved description for tunnel, tunnelProtocol, routingMode flags to make it clearer for users to know the possible values. - Added deprecation note for the tunnel flag to be in line with the v1.14.0 release notes and cilium#24561. Signed-off-by: Philip Schmid <philip.schmid@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
aanm
pushed a commit
that referenced
this pull request
Oct 3, 2023
[ upstream commit dde4722 ] - Improved description for tunnel, tunnelProtocol, routingMode flags to make it clearer for users to know the possible values. - Added deprecation note for the tunnel flag to be in line with the v1.14.0 release notes and #24561. Signed-off-by: Philip Schmid <philip.schmid@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
gandro
pushed a commit
to gandro/cilium
that referenced
this pull request
Oct 19, 2023
[ upstream commit dde4722 ] - Improved description for tunnel, tunnelProtocol, routingMode flags to make it clearer for users to know the possible values. - Added deprecation note for the tunnel flag to be in line with the v1.14.0 release notes and cilium#24561. Signed-off-by: Philip Schmid <philip.schmid@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Jussi Maki <jussi@isovalent.com>
michi-covalent
pushed a commit
that referenced
this pull request
Jul 16, 2024
Previously, the tunneling mode was specified through an extra config, which caused the CLI to override it with the autodetected value, causing a conflict (as the tunnel option is now deprecated). Let's fix this issue explicitly setting the routingMode (#24561). Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
michi-covalent
pushed a commit
that referenced
this pull request
Aug 5, 2024
[ cherry-picked from cilium/cilium-cli repository ] Previously, the tunneling mode was specified through an extra config, which caused the CLI to override it with the autodetected value, causing a conflict (as the tunnel option is now deprecated). Let's fix this issue explicitly setting the routingMode (#24561). Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Aug 16, 2024
[ cherry-picked from cilium/cilium-cli repository ] Previously, the tunneling mode was specified through an extra config, which caused the CLI to override it with the autodetected value, causing a conflict (as the tunnel option is now deprecated). Let's fix this issue explicitly setting the routingMode (#24561). Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
jonasbadstuebner
added a commit
to jonasbadstuebner/cilium
that referenced
this pull request
Nov 28, 2024
Previously the tunnel-protocol was limited to VXLAN, when enabling aksbyocni. As discussed in cilium#36226 (comment) this seems to be a leftover from when there was just one flag called "tunnel" that combined routing-mode and tunnel-protocol. This patch makes it possible to configure any tunnel-protocol with aksbyocni.enabled: true. Related: cilium#24561 Signed-off-by: Jonas Badstübner <jonas@jb.software>
jonasbadstuebner
added a commit
to jonasbadstuebner/cilium
that referenced
this pull request
Nov 28, 2024
Previously the tunnel-protocol was limited to VXLAN, when enabling aksbyocni. As discussed in cilium#36226 (comment) this seems to be a leftover from when there was just one flag called "tunnel" that combined routing-mode and tunnel-protocol. This patch makes it possible to configure any tunnel-protocol with aksbyocni.enabled: true. Related: cilium#24561 Signed-off-by: Jonas Badstübner <jonas@jb.software>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Nov 28, 2024
Previously the tunnel-protocol was limited to VXLAN, when enabling aksbyocni. As discussed in #36226 (comment) this seems to be a leftover from when there was just one flag called "tunnel" that combined routing-mode and tunnel-protocol. This patch makes it possible to configure any tunnel-protocol with aksbyocni.enabled: true. Related: #24561 Signed-off-by: Jonas Badstübner <jonas@jb.software>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request splits the
--tunnelflag into two new flags to allow setting the tunneling protocol independently of the default routing mode (tunneling or native). This is useful for e.g. the egress gateway where users may want to use GENEVE instead of VXLAN but can't today.Summary:
--tunnelflag with the new flags.--tunnelflag.Test runs for the three issue_comment workflows modified in this PR: