docs: Extend BPF-based masquerading section#12145
Merged
Conversation
Member
Author
|
test-me-please |
joestringer
requested changes
Jun 17, 2020
Member
joestringer
left a comment
There was a problem hiding this comment.
Awesome thanks! A few minor nits below.
7b60a4b to
a377c8a
Compare
Member
Author
|
@joestringer Thanks for the review. I've addressed your comments + extended the cilium status to include the SNAT exclusion CIDR (three last commits). PTAL. |
Member
Author
|
test-me-please |
aanm
approved these changes
Jun 18, 2020
Member
aanm
left a comment
There was a problem hiding this comment.
I didn't read the docs only code.
9d67d7c to
77a988d
Compare
Member
Author
|
test-me-please |
This commit extends "cilium status" to show which devices can run
the BPF masquerading program. E.g.:
$ cilium status | grep Masquerading
Masquerading: BPF [eth0, eth1]
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Member
Author
|
CI net-next provisioning failed: |
Member
Author
|
run-net-next |
joestringer
requested changes
Jun 19, 2020
Member
joestringer
left a comment
There was a problem hiding this comment.
Minor nits, otherwise LGTM.
| I think it's important for users to understand how we sync a config. The example below | ||
| shows how to configure the agent via `ConfigMap` and to verify it: | ||
|
|
||
| :: |
Member
There was a problem hiding this comment.
Any reason to avoid using .. code-block:: shell-session and obvious shell bits like starting lines you execute with $? Seems a bit weird to not differentiate the commands and the output here.
Member
Author
There was a problem hiding this comment.
Agree, but I wanted to make it consistent with other guides. IIRC we had a discussion some time ago whether we should keep $'s in our guides. The consensus was to get rid of them.
Member
|
Previous test lost connectivity to the VM: https://jenkins.cilium.io/job/Cilium-PR-K8s-oldest-net-next/883/ |
Member
|
retest-net-next |
77a988d to
70ed8e6
Compare
Member
Author
|
test-me-please |
Signed-off-by: Martynas Pumputis <m@lambda.lt>
The helper is used to determine the dst CIDR for SNAT exclusion. Signed-off-by: Martynas Pumputis <m@lambda.lt>
This commits extends "cilium status" to show dst cidr of SNAT exclusion.
E.g.:
$ cilium status | grep Masquerading
Masquerading: BPF [eth0, eth1] 10.0.0.0/16
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Member
|
test-me-please |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR:
cilium statusto show masq devices.global.devicesin the kubeproxy-free gsg.Reviewable per commit.