loadbalancer: implement Hybrid-DSR using the annotation-based dispatch mode #41690
Description
Background:
The initial DSR implementation supports a "Hybrid" mode - where TCP services are accessed via DSR, and UDP services use SNAT.
Later we also introduced an annotation-based mode, where an annotation on the Service resource determines whether this Service is DSR-enabled. The datapath ends up checking the SVC_FLAG_FWD_MODE_DSR flag for all service entries.
Proposal:
Instead of maintaining two datapath parts for such "selective" DSR modes, re-use the annotation-based infrastructure to implement Hybrid-DSR. When Hybrid-DSR is enabled, have the controlplane set the SVC_FLAG_FWD_MODE_DSR flag for all TCP frontend entries. Respect this flag in the datapath, and remove any L4 proto-specific differentiation.
Metadata
Metadata
Assignees
Labels
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.Anything related to our kube-proxy replacement.Impacts load-balancing and Kubernetes service implementationsRelates to Cilium's Direct-Server-Return feature for KPR.This would improve or streamline existing functionality.Technical debtThese issues are not marked stale by our issue bot.