Skip to content

docs: ipsec: mention dependency on transparent mode for DNS proxy #33062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 12, 2024
Merged

docs: ipsec: mention dependency on transparent mode for DNS proxy #33062

merged 1 commit into from
Jun 12, 2024

Conversation

julianwiedmann
Copy link
Member

For connections that are established by the DNS proxy, this is required to detect the original source IP and apply IPsec policy accordingly. The agent fatals if IPsec and L7 proxy are enabled, but the DNS proxy is not set to transparent mode.

@julianwiedmann
docs: ipsec: mention dependency on transparent mode for DNS proxy
e703f88 
For connections that are established by the DNS proxy, this is required to
detect the original source IP and apply IPsec policy accordingly. The agent
fatals if IPsec and L7 proxy are enabled, but the DNS proxy is not set to
transparent mode.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. release-note/misc This PR makes changes that have no direct user impact. needs-backport/1.13 feature/ipsec Relates to Cilium's IPsec feature labels Jun 11, 2024
@julianwiedmann julianwiedmann requested review from a team as code owners June 11, 2024 14:29
@julianwiedmann julianwiedmann requested a review from qmonnet June 11, 2024 14:29
@julianwiedmann
Copy link
Member Author

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 12, 2024
@julianwiedmann julianwiedmann added this pull request to the merge queue Jun 12, 2024
Merged via the queue into cilium:main with commit 26325a8 Jun 12, 2024
@julianwiedmann julianwiedmann deleted the 1.16-dns-proxy-docs-ipsec branch June 12, 2024 05:22
@giorio94 giorio94 mentioned this pull request Jun 12, 2024
Merged
4 tasks
@giorio94 giorio94 added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 labels Jun 12, 2024
@giorio94 giorio94 mentioned this pull request Jun 12, 2024
Merged
2 tasks
@giorio94 giorio94 added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 labels Jun 12, 2024
@giorio94 giorio94 mentioned this pull request Jun 12, 2024
Merged
1 task
@github-actions github-actions bot added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels Jun 13, 2024
This was referenced Jul 10, 2024
Closed
Merged
This was referenced Jul 10, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschwinger233 jschwinger233 jschwinger233 approved these changes

@qmonnet qmonnet qmonnet approved these changes

Assignees
No one assigned
Labels
area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. feature/ipsec Relates to Cilium's IPsec feature ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
1.13.17
Status: Backport done to v1.13
1.14.12
Status: Backport done to v1.14
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@julianwiedmann @jschwinger233 @qmonnet @giorio94