Detect local traffic using interface #95400
Conversation
k8s-ci-robot
added
release-note
|
Hi @tssurya. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
kind/api-change
|
This PR may require API review. If so, when the changes are ready, complete the pre-review checklist and request an API review. Status of requested reviews is tracked in the API Review project. |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
oh no, sorry yea at this point I know what needs to be done here, wasn't on the priority radar. I'll pick this up and rebase. |
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
tssurya
force-pushed
the
detect-local-traffic-using-interface
branch
from
3cf4010
to
5e97d75
Compare
|
waiting for CI to be green... |
|
/remove-area cloudprovider |
|
/remove-sig cloud-provider |
k8s-ci-robot
removed
the
sig/cloud-provider
This PR introduces two new modes for detecting local traffic in a cluster. 1) detectLocalByBridgeInterface: This takes a bridge name as argument and decides all traffic that match on their originating interface being that of this bridge, shall be considered as local pod traffic. 2) detectLocalByInterfaceNamePrefix: This takes an interface prefix name as argument and decides all traffic that match on their originating interface names having a prefix that matches this argument shall be considered as local pod traffic. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit adds the framework for the new local detection modes BridgeInterface and InterfaceNamePrefix to work. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Co-authored-by: Will Daly <widaly@microsoft.com> Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
tssurya
force-pushed
the
detect-local-traffic-using-interface
branch
from
5e97d75
to
1ea5f94
Compare
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aojea, danwinship, thockin, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
@tssurya: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@khenidak : are you ok with removing the hold? |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
/test pull-kubernetes-e2e-kind-ipv6 |
|
/test pull-kubernetes-integration |
…-using-interface Detect local traffic using interface
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
What type of PR is this?
/kind feature
What this PR does / why we need it:
Implements the detection of local traffic using an interface parameter as outlined in the KEP: https://github.com/kubernetes/enhancements/blob/0e4d5df19d396511fe41ed0860b0ab9b96f46a2d/keps/sig-network/2450-Remove-knowledge-of-pod-cluster-CIDR-from-iptables-rules/README.md#iptables---masquerade-off-cluster-traffic-to-services-by-node-ip
Special notes for your reviewer:
Though the KEP outlines an interface parameter to accept multiple prefixes, for now we are sticking to accepting a single string argument. In future when we change
--cluster-cidrand--node-cidrto accept multiple values, we can also change--pod-interface-name-prefixand--pod-bridge-interfaceto accept multiple values.Does this PR introduce a user-facing change?:
yes
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
[KEP]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/20191104-iptables-no-cluster-cidr.md#proposal
/sig network