Skip to content

cilium: add option to configure service annotation-based dispatch #35064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 27, 2024
Merged

cilium: add option to configure service annotation-based dispatch #35064

merged 5 commits into from
Sep 27, 2024

Conversation

borkmann
Copy link
Member

(see commit desc)

@borkmann borkmann added area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. labels Sep 27, 2024
@borkmann
cilium: Extend openapi for annotation-based dispatch selection
4b722d9 
Add a new mode to Cilium's service handling which is similar to hybrid
SNAT/DSR but opts into DSR based on the user's annotation in the service
object.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
cilium: Undo optimizations to prep for per-service DSR/SNAT
52dc1d7 
The nodeport_uses_dsr{4,6}() will be extended in upcoming commit to also
pass in the service object. The latter is not available in below scenarios,
therefore remove them for now. This only affects when DSR was enabled before
which is not in majority of cases. Side-effect is that hybrid mode adds more
SNAT entries when it detects a conflict. We need to see if this can later be
resurrected through different means.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
cilium: Remove useless bpf-lb-dsr-l4-xlate option
3d27d6f 
Remove useless bpf-lb-dsr-l4-xlate as the non-default "backend" variant
never worked out in practive and noone ended up using it. "frontend" is
default and thus functionality-wise there are no changes.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann borkmann force-pushed the pr/svc-dispatch2 branch 5 times, most recently from 015b66c to 736c60a Compare September 27, 2024 14:37
@borkmann borkmann marked this pull request as ready for review September 27, 2024 14:39
@borkmann borkmann requested review from a team as code owners September 27, 2024 14:39
learnitall
learnitall approved these changes Sep 27, 2024
View reviewed changes
Copy link
Contributor

@learnitall learnitall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@borkmann
cilium: Add option to configure service annotation-based dispatch
d46e72e 
Add a new mode to Cilium's service handling which is similar to hybrid
SNAT/DSR but opts into DSR based on the user's annotation in the service
object. The following Cilium agent settings need to be set:

  --bpf-lb-mode=annotation
  --bpf-lb-acceleration=native
  --bpf-lb-dsr-dispatch=ipip
  --devices=xyz

By default this will use SNAT for service handling, unless a service is
specifically annotated to do otherwise:

  apiVersion: v1
  kind: Service
  metadata:
    name: service-red
    namespace: example
    labels:
      color: red
    annotations:
      "service.cilium.io/type": "LoadBalancer"
      "service.cilium.io/mode": "dsr"
  spec:
    type: LoadBalancer
    ports:
    - port: 1234

Then, for the service DSR with IPIP dispatching will be used instead.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
cilium: Add docs about service annotation-based dispatch
a9e43d6 
Add a small section into our KPR guide.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
Copy link
Member Author

/test

brb
brb approved these changes Sep 27, 2024
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@borkmann borkmann added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Sep 27, 2024
@borkmann borkmann merged commit 188352a into main Sep 27, 2024
261 of 262 checks passed
@borkmann borkmann deleted the pr/svc-dispatch2 branch September 27, 2024 22:49
@maintainer-s-little-helper maintainer-s-little-helper bot removed ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Sep 27, 2024
julianwiedmann
julianwiedmann reviewed Oct 2, 2024
View reviewed changes
Copy link
Member

@julianwiedmann julianwiedmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Late to the party, but trying to stay in the loop for when I need to touch it next :)

joamaki added a commit to joamaki/cilium that referenced this pull request May 14, 2025
@joamaki
loadbalancer: Port forwarding mode to new control-plane
eb04923 
This ports the service forwarding mode annotation to the new control-plane
(cilium#35064).

Signed-off-by: Jussi Maki <jussi@isovalent.com>
@joamaki joamaki mentioned this pull request May 14, 2025
Merged
joamaki added a commit to joamaki/cilium that referenced this pull request May 14, 2025
@joamaki
loadbalancer: Port forwarding mode to new control-plane
3b6aff2 
This ports the service forwarding mode annotation to the new control-plane
(cilium#35064).

Signed-off-by: Jussi Maki <jussi@isovalent.com>
joamaki added a commit to joamaki/cilium that referenced this pull request May 14, 2025
@joamaki
loadbalancer: Port forwarding mode to new control-plane
854f6fc 
This ports the service forwarding mode annotation to the new control-plane
(cilium#35064).

Signed-off-by: Jussi Maki <jussi@isovalent.com>
joamaki added a commit to joamaki/cilium that referenced this pull request May 15, 2025
@joamaki
loadbalancer: Port forwarding mode to new control-plane
72d3b78 
This ports the service forwarding mode annotation to the new control-plane
(cilium#35064).

Signed-off-by: Jussi Maki <jussi@isovalent.com>
joamaki added a commit to joamaki/cilium that referenced this pull request May 19, 2025
@joamaki
loadbalancer: Port forwarding mode to new control-plane
d9dd92b 
This ports the service forwarding mode annotation to the new control-plane
(cilium#35064).

Signed-off-by: Jussi Maki <jussi@isovalent.com>
github-merge-queue bot pushed a commit that referenced this pull request May 21, 2025
@joamaki
loadbalancer: Port forwarding mode to new control-plane
b4f9d17 
This ports the service forwarding mode annotation to the new control-plane
(#35064).

Signed-off-by: Jussi Maki <jussi@isovalent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julianwiedmann julianwiedmann julianwiedmann left review comments

@brb brb brb approved these changes

@mhofstetter mhofstetter Awaiting requested review from mhofstetter

@aspsk aspsk Awaiting requested review from aspsk

@joamaki joamaki Awaiting requested review from joamaki joamaki is a code owner automatically assigned from cilium/sig-k8s

@rgo3 rgo3 Awaiting requested review from rgo3 rgo3 is a code owner automatically assigned from cilium/loader

+1 more reviewer

@learnitall learnitall learnitall approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@borkmann @brb @learnitall @julianwiedmann