Add a RoutingMode option to cniConfig #6766
Conversation
This adds two routing modes for CIlium to use in the CNI configuration. Tunneled keeps the default geneve tunnel mode. Direct adds a no tunnel mode with native as routing mode Signed-off-by: Maartje Eyskens <[email protected]>
|
Hi @meyskens. Thanks for your PR. I'm waiting for a aws member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
github-actions
bot
added
area/docs
eks-distro-bot
added
the
size/M
|
Cc @jaxesn |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #6766 +/- ##
==========================================
- Coverage 75.67% 71.58% -4.09%
==========================================
Files 475 545 +70
Lines 38411 42362 +3951
==========================================
+ Hits 29066 30324 +1258
- Misses 7733 10345 +2612
- Partials 1612 1693 +81 ☔ View full report in Codecov by Sentry. |
pkg/networking/cilium/templater.go
Outdated
| @@ -237,6 +237,11 @@ func templateValues(spec *cluster.Spec, versionsBundle *cluster.VersionsBundle) | |||
| val["egressMasqueradeInterfaces"] = spec.Cluster.Spec.ClusterNetwork.CNIConfig.Cilium.EgressMasqueradeInterfaces | |||
| } | |||
|
|
|||
| if spec.Cluster.Spec.ClusterNetwork.CNIConfig.Cilium.RoutingMode == anywherev1.CiliumRoutingModeDirect { | |||
| val["tunnel"] = "disabled" | |||
| val["routingMode"] = "native" | |||
There was a problem hiding this comment.
EKS-A uses Cilium v1.12 and will be transitioning to v1.13. Neither of these have the routingMode option so I don't think this will be successful.
Should we also expose ipv4NativeRoutingCIDR from the EKS-A API? Its not totally clear to me what that option does. From the docs:
Allows to explicitly specify the IPv4 CIDR for native routing. When specified, Cilium assumes networking for this CIDR is preconfigured and hands traffic destined for that range to the Linux network stack without applying any SNAT. Generally speaking, specifying a native routing CIDR implies that Cilium can depend on the underlying networking stack to route packets to their destination. To offer a concrete example, if Cilium is configured to use direct routing and the Kubernetes CIDR is included in the native routing CIDR, the user must configure the routes to reach pods, either manually or by setting the auto-direct-node-routes flag.
I'm struggling to make sense of the example.
There was a problem hiding this comment.
You're right the flag only got added in 1.14, i had the wrong branch open. I have added the NativeRouting prefix to the config and set the auto direct mode accordingly
pkg/networking/cilium/templater.go
Outdated
| @@ -237,6 +237,11 @@ func templateValues(spec *cluster.Spec, versionsBundle *cluster.VersionsBundle) | |||
| val["egressMasqueradeInterfaces"] = spec.Cluster.Spec.ClusterNetwork.CNIConfig.Cilium.EgressMasqueradeInterfaces | |||
| } | |||
|
|
|||
| if spec.Cluster.Spec.ClusterNetwork.CNIConfig.Cilium.RoutingMode == anywherev1.CiliumRoutingModeDirect { | |||
| val["tunnel"] = "disabled" | |||
| val["routingMode"] = "native" | |||
There was a problem hiding this comment.
@g-gaston I'm wondering if we want to expose autoDirectNodeRoutes also which, when all nodes are connected on the same L2, means route propagation is handled by Cilium. More info at https://docs.cilium.io/en/v1.12/concepts/networking/routing/#native-routing.
There was a problem hiding this comment.
Yeah, as long as we have a real use case for it and we understand its implications (just so we can supports folks using it in the field), we can expose it
Personally I would prefer to roll these slowly so we can have time to learn them better, but if someone needs this right now, as I said, we can for it
Let's sync offline
There was a problem hiding this comment.
Given the time this has been open I think we can add the autoDirectNodeRoutes` later - this still has value.
Signed-off-by: Maartje Eyskens <[email protected]>
meyskens
force-pushed
the
add-ciliun-routing-mode
branch
from
8749045 to
72e8589
Compare
eks-distro-bot
added
size/L
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrisdoherty4 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/test eks-anywhere-presubmit |
chrisdoherty4
force-pushed
the
add-ciliun-routing-mode
branch
from
56be799 to
bf112fb
Compare
chrisdoherty4
force-pushed
the
add-ciliun-routing-mode
branch
from
bf112fb to
c45992c
Compare
|
/lgtm |
Fixes #3182
Description of changes: This adds two routing modes for CIlium to use in the CNI configuration. Tunneled keeps the default geneve tunnel mode.
Direct adds a no tunnel mode with native as routing mode
Documentation added/planned (if applicable): Added a part explaining the option and linking to Cilium documentation to the
cni.mdfile.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.