Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #5017: Avoid ServiceCIDR flapping on agent start #5495: Do not apply Egress to traffic destined for ServiceCIDRs #5530

Merged
merged 2 commits into from
Sep 27, 2023
Merged

Automated cherry pick of #5017: Avoid ServiceCIDR flapping on agent start #5495: Do not apply Egress to traffic destined for ServiceCIDRs #5530

merged 2 commits into from
Sep 27, 2023

Conversation

xliuxu
Copy link
Contributor

@xliuxu xliuxu commented Sep 26, 2023

Cherry pick of #5017 #5495 on release-1.11.

#5017: Avoid ServiceCIDR flapping on agent start
#5495: Do not apply Egress to traffic destined for ServiceCIDRs

For details on the cherry pick process, see the cherry pick requests page.

@tnqn @xliuxu
Avoid ServiceCIDR flapping on agent start
bc08da7 
The previous implementation always generated intermediate values for
ServiceCIDR on agent start, which may interrupt the Service traffic and
causes difficulty for cleaning up stale routes as the value calculated
at one point may not be reliable to identify all stale routes.

This commit waits for the Service Informer to be synced first,
and calculates the ServiceCIDR based on all Services. Ideally the
Service route won't change in most cases, and hence avoid the above
issues.

Besides, it fixes an issue that stale routes on Linux were not cleaned
up correctly due to incorrect check.

Signed-off-by: Quan Tian <qtian@vmware.com>
@tnqn @xliuxu
Do not apply Egress to traffic destined for ServiceCIDRs
41b469d 
When AntreaProxy is asked to skip some Services or is not running at
all, Pod-to-Service traffic would be forwarded to Egress Node and be
load-balanced remotely, as opposed to locally, which could incur
performance issue and unexpected behaviors.

This patch installs flows to prevent traffic destined for ServiceCIDRs
from being SNAT'd.

Signed-off-by: Quan Tian <qtian@vmware.com>
@xliuxu xliuxu added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Sep 26, 2023
tnqn
tnqn approved these changes Sep 26, 2023
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tnqn
Copy link
Member

tnqn commented Sep 26, 2023

/test-all
/test-ipv6-all
/test-ipv6-only-all
/test-windows-all

@tnqn tnqn merged commit cb64db3 into antrea-io:release-1.11 Sep 27, 2023
53 of 63 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnqn tnqn tnqn approved these changes

Assignees
No one assigned
Labels
kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xliuxu @tnqn