Daniel Borkmann
Daniel Borkmann
Seems reasonable. Given this can be configured (https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address), I presume there is no programmatic way to retrieve this otherwise? > To make the implementation simpler, maybe we could always install...
> @liuyuan10 I think we just need to avoid the `redirect()` from `cilium_vxlan` to `lxc` device on forward path, no? If we go that route, ideally just in a constraint...
@batistein Did you try out v1.11 with https://isovalent.com/blog/post/2021-12-release-111#istio-kpr aka kube-proxy-free with `bpf-lb-sock-hostns-only: true` so that for Pod namespace it falls back to per-packet translation?
Would love to have that feature, so I could set the entire series simply to accepted. Any progress on this? Thx
This has been fixed in the kernel via https://lore.kernel.org/all/[email protected]/ (this one specifically https://lore.kernel.org/all/[email protected]/ )
I recently backported this into 6.1 stable kernel.
> @borkmann Great! Thanks, and it seems to been fixed at 6.1.120, am I right? Yes, that is correct.
Fixed via https://github.com/cilium/cilium/pull/35512 thanks for reporting!
> I'm also wondering why the test fails disproportionately with the following configuration of Cilium: Given with tcx we switched all attachments to BPF links which should not be the...
Hm, to follow-up on @rgo3's path potentially this one is interesting: https://github.com/cilium/cilium/blob/main/daemon/cmd/health.go#L119 In `initHealth()` we have: ``` // Make sure to clean up the endpoint namespace when cilium-agent terminates cleaner.cleanupFuncs.Add(health.KillEndpoint)...