enabled l7Proxy & removed err.log message for WireGuard #1419

Neilblaze · 2023-02-27T15:26:58Z

Since cilium/cilium#19401 (to be released in v1.14) there's no need to disable the L7 proxy when WireGuard is enabled on the > v1.13 Cilium (the relevant log message L7 proxy disabled due to Wireguard encryption).

As a bonus, the unnecessary log/WARN Wireguard does not support node encryption yet has also been removed.

Fixes #1405
cc: @brb
Signed-off-by: Pratyay Banerjee

brb

Thanks! Some comment.

brb · 2023-02-27T15:41:54Z

install/helm.go

-			if k.params.NodeEncryption {
-				k.Log("⚠️️  Wireguard does not support node encryption yet")
-			}
+			helmMapOpts["l7Proxy"] = "true"


I think we don't need to set any l7Proxy here, as it should be enabled by default.

However, we need to figure out which version of Cilium we are trying to install. I.e., we need to keep the existing code for <1.14 versions.

@brb Thanks for the review. That means I just need to implement a simple versioncheck ("<=1.13.0") to restrict, right? 👇🏼

switch k.params.Encryption { case encryptionIPsec: helmMapOpts["encryption.enabled"] = "true" helmMapOpts["encryption.type"] = "ipsec" if k.params.NodeEncryption { helmMapOpts["encryption.nodeEncryption"] = "true" } case encryptionWireguard: helmMapOpts["encryption.enabled"] = "true" helmMapOpts["encryption.type"] = "wireguard" // TODO(gandro): Future versions of Cilium will remove the following // two limitations, we will need to have set the config map values // based on the installed Cilium version if versioncheck.MustCompile("<=1.13.0")(k.chartVersion) { helmMapOpts["l7Proxy"] = "false" k.Log("ℹ️ L7 proxy disabled due to Wireguard encryption") if k.params.NodeEncryption { k.Log("⚠️️ Wireguard does not support node encryption yet") } } }

brb

Thanks! Could you squash all commit messages into a single one? Also, please no emojis in commit messages 😅

Neilblaze · 2023-02-28T14:56:59Z

@brb done ✔️

brb

Close to merging. One more nit - could you remove the duplicates from your commit message?

enabled l7Proxy & removed err.log message for WireGuard

Signed-off-by: Pratyay Banerjee <putubanerjee23@gmail.com>

enabled l7Proxy & removed err.log message for WireGuard

Signed-off-by: Pratyay Banerjee <putubanerjee23@gmail.com>

enabled l7Proxy & removed err.log message for WireGuard

Signed-off-by: Pratyay Banerjee <putubanerjee23@gmail.com>

Signed-off-by: Pratyay Banerjee <putubanerjee23@gmail.com>

Neilblaze · 2023-02-28T19:30:29Z

One more nit - could you remove the duplicates from your commit message?

@brb Thanks for the catch. Everything should be fine now! 😄

ShiroDN · 2023-04-21T14:28:48Z

There is a problem now, condition versioncheck.MustCompile("<=1.13.0") does not match patch versions of cilium ex. 1.13.x so now when I tried to install cilium with --encryption wireguard it keeps restarting with error:

level=fatal msg="Wireguard (--enable-wireguard) is not compatible with L7 proxy (--enable-l7-proxy)" subsys=daemon

Created an PR to fix this: #1529

Neilblaze requested a review from a team as a code owner February 27, 2023 15:26

Neilblaze requested a review from nathanjsweet February 27, 2023 15:26

Neilblaze temporarily deployed to ci February 27, 2023 15:27 — with GitHub Actions Inactive

brb requested changes Feb 27, 2023

View reviewed changes

Neilblaze had a problem deploying to ci February 27, 2023 16:16 — with GitHub Actions Error

Neilblaze temporarily deployed to ci February 27, 2023 16:25 — with GitHub Actions Inactive

Neilblaze requested review from brb and removed request for nathanjsweet February 27, 2023 21:11

brb requested changes Feb 28, 2023

View reviewed changes

Neilblaze force-pushed the install-enable-l7Proxy-with-WireGuard-enabled branch from 8b1a430 to 117668a Compare February 28, 2023 14:55

Neilblaze temporarily deployed to ci February 28, 2023 14:55 — with GitHub Actions Inactive

brb requested changes Feb 28, 2023

View reviewed changes

enabled l7Proxy & removed err.log message for WireGuard

6ea9025

Signed-off-by: Pratyay Banerjee <putubanerjee23@gmail.com>

Neilblaze force-pushed the install-enable-l7Proxy-with-WireGuard-enabled branch from 117668a to 6ea9025 Compare February 28, 2023 19:27

Neilblaze temporarily deployed to ci February 28, 2023 19:27 — with GitHub Actions Inactive

Neilblaze requested a review from brb February 28, 2023 20:05

brb approved these changes Feb 28, 2023

View reviewed changes

tklauser approved these changes Mar 1, 2023

View reviewed changes

tklauser merged commit 64924bf into cilium:master Mar 1, 2023

Neilblaze deleted the install-enable-l7Proxy-with-WireGuard-enabled branch March 1, 2023 07:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

enabled l7Proxy & removed err.log message for WireGuard #1419

enabled l7Proxy & removed err.log message for WireGuard #1419

Neilblaze commented Feb 27, 2023

brb left a comment

brb Feb 27, 2023

Neilblaze Feb 27, 2023 •

edited

brb Feb 28, 2023

brb left a comment

Neilblaze commented Feb 28, 2023

brb left a comment

Neilblaze commented Feb 28, 2023

ShiroDN commented Apr 21, 2023 •

edited

enabled l7Proxy & removed err.log message for WireGuard #1419

enabled l7Proxy & removed err.log message for WireGuard #1419

Conversation

Neilblaze commented Feb 27, 2023

brb left a comment

Choose a reason for hiding this comment

brb Feb 27, 2023

Choose a reason for hiding this comment

Neilblaze Feb 27, 2023 • edited

Choose a reason for hiding this comment

brb Feb 28, 2023

Choose a reason for hiding this comment

brb left a comment

Choose a reason for hiding this comment

Neilblaze commented Feb 28, 2023

brb left a comment

Choose a reason for hiding this comment

Neilblaze commented Feb 28, 2023

ShiroDN commented Apr 21, 2023 • edited

Neilblaze Feb 27, 2023 •

edited

ShiroDN commented Apr 21, 2023 •

edited