fix: Cilium-Istio compatibility fixes #856
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
See Cilium's docs https://docs.cilium.io/en/latest/network/servicemesh/istio/. Without this value Cilium always cleans up cni config directory on the host, which prevents Istio Pods from coming up. I think it's safe to always set this value, because I don't believe that it is Cilium's responsibility to prevent other applications from acting like a network plugin.
jimmidyson
requested changes
Aug 14, 2024
There was a problem hiding this comment.
As per https://docs.cilium.io/en/latest/network/servicemesh/istio/#cilium-configuration let's also set socketLB.hostNamespaceOnly: true
This should also prevent istio compatibility issues as documented in https://docs.cilium.io/en/latest/network/servicemesh/istio/\#cilium-configuration.
jimmidyson
approved these changes
Aug 14, 2024
jimmidyson
changed the title
jimmidyson
changed the title
mhrabovcin
approved these changes
Aug 14, 2024
Merged
jimmidyson
added a commit
that referenced
this pull request
Aug 14, 2024
🤖 I have created a release *beep* *boop* --- ## 0.14.0 (2024-08-14) <!-- Release notes generated using configuration in .github/release.yaml at main --> ## What's Changed ### Exciting New Features 🎉 * feat: Run hooks in parallel with aggregated responses by @jimmidyson in #855 ### Fixes 🔧 * fix: Cilium-Istio compatibility fixes by @dkoshkin in #856 ### Other Changes * build: Latest devbox update by @jimmidyson in #857 **Full Changelog**: v0.13.7...v0.14.0 --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?:
Setting
cni.exclusive: falseandsocketLB.hostNamespaceOnly: true.See Cilium's docs https://docs.cilium.io/en/latest/network/servicemesh/istio/. Without these value Cilium can interfere with Istio functionality, by always cleaning up cni config directory on the host, thus preventing Istio Pods from coming up, and interfere with Istio load-balancing once they do come up.
It's safe to always set these value, because it is not Cilium's responsibility to prevent other applications from acting like a network plugin.
Which issue(s) this PR fixes:
Fixes #
How Has This Been Tested?:
Special notes for your reviewer: