Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow sidecar to manage network interface #128

Merged
merged 5 commits into from
Sep 4, 2024
Merged

allow sidecar to manage network interface #128

merged 5 commits into from
Sep 4, 2024

Conversation

hown3d
Copy link

@hown3d hown3d commented Aug 11, 2024

What this PR does / why we need it:
This PR adds a flag manage-interface to the apiserver-proxy sidecar.

The g/g deploys the sidecar to add the kube-apiserver endpoint IP to the lo loopback device:
https://github.com/gardener/gardener/blob/726d9cf849807ae7e8b9f2c0362f8ee6570a1951/pkg/component/networking/apiserverproxy/apiserver_proxy.go#L307

With this flag we are able to mitigate this cilium issue, since we can choose an interface name that's picked up by cilium.

E.g. using dummy0 as interface name

kubectl -n kube-system exec cilium-nbtgj -- cilium-dbg statedb node-addresses
Defaulted container "cilium-agent" out of: cilium-agent, disable-rp-filter (init), config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)
Address                     NodePort   Primary   DeviceName
10.250.2.187                true       true      eth0
100.64.0.56                 false      true      cilium_host
fe80::b407:4cff:fe39:f6fa   false      true      cilium_host
100.83.126.209              true       true      dummy0

Release note:

allow sidecar to manage network interface via `manage-interface` flag

Lukas Hoehl added 2 commits August 8, 2024 23:01
add -manage-interface flag
e1dc4eb 
Signed-off-by: Lukas Hoehl <[email protected]>
add tests
bea48fa 
Signed-off-by: Lukas Hoehl <[email protected]>
@hown3d hown3d requested a review from a team as a code owner August 11, 2024 15:33
@gardener-robot gardener-robot added the needs/review Needs review label Aug 11, 2024
@gardener-robot
Copy link

@hown3d Thank you for your contribution.

@gardener-robot gardener-robot added the size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) label Aug 11, 2024
@gardener-robot-ci-3
Copy link
Contributor

Thank you @hown3d for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

ScheererJ
ScheererJ reviewed Aug 13, 2024
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for providing a way forward with regards to the cilium issue.

It is interesting how history seems to repeat itself as the apiserver-proxy at some time in the past used to create devices...

cmd/apiserver-proxy-sidecar/main.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
internal/netif/netif.go Outdated Show resolved Hide resolved
address feedback
ad06cbc 
Signed-off-by: Lukas Hoehl <[email protected]>
Lukas Hoehl added 2 commits August 13, 2024 18:16
adjust tests
2b5bf03 
Signed-off-by: Lukas Hoehl <[email protected]>
inline link attributes
58ba56e 
Signed-off-by: Lukas Hoehl <[email protected]>
@hown3d hown3d requested a review from ScheererJ August 13, 2024 16:21
@axel7born
Copy link
Contributor

/lgtm
I tested the change together with gardener/gardener-extension-networking-cilium#350
@ScheererJ I think, all your comments have been addressed. Do you want to have another look?

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels Sep 3, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Sep 3, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Sep 3, 2024
@ScheererJ
Copy link
Member

/lgtm

@ScheererJ ScheererJ merged commit e2ac7b7 into gardener:master Sep 4, 2024
6 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Sep 4, 2024
@hown3d hown3d mentioned this pull request Sep 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScheererJ ScheererJ ScheererJ approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@hown3d @gardener-robot @gardener-robot-ci-3 @axel7born @ScheererJ @gardener-robot-ci-1 @gardener-robot-ci-2