New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
envoy: Change socket option from 'STATE_LISTENING' to 'STATE_PREBIND' #30543
Conversation
Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
/test |
/cc @sayboras Please take a look. |
The changes seem reasonable for AWS NLB, however, I am not 100% sure if it will fix the mentioned issues. Can you explain a little bit more ? Also, please help to update commit message why this change is required. Thank a lot. |
@acelinkio is testing with the image built from this PR, as he often encountered the issues mentioned in the issue in his environment. We can wait for his test results. |
@chaunceyjiang I just tested the built image and it doesn't help any in my case. I am still seeing the issues mentioned in my issue. |
I am still seeing the This was tested with:
autoDirectNodeRoutes: true
bpf:
masquerade: true
cluster:
name: home-cluster
id: 1
containerRuntime:
integration: containerd
socketPath: /var/run/k3s/containerd/containerd.sock
endpointRoutes:
enabled: true
externalIPs:
enabled: true
hubble:
enabled: true
metrics:
enabled:
- dns:query
- drop
- tcp
- flow
- port-distribution
- icmp
- http
relay:
enabled: true
rollOutPods: true
ui:
enabled: true
rollOutPods: true
ingress:
enabled: false
ipam:
mode: kubernetes
ipv4NativeRoutingCIDR: "10.42.0.0/16"
k8sServiceHost: "192.168.1.195"
k8sServicePort: 6443
kubeProxyReplacement: true
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
l2announcements:
enabled: true
# https://github.com/cilium/cilium/issues/26586
leaseDuration: 120s
leaseRenewDeadline: 60s
leaseRetryPeriod: 1s
loadBalancer:
algorithm: maglev
mode: dsr
localRedirectPolicy: true
operator:
replicas: 1
rollOutPods: true
rollOutCiliumPods: true
securityContext:
privileged: true
routingMode: native
gatewayAPI:
enabled: true
secretsNamespace:
create: false
name: cilium-secrets
ingressController:
enabled: false
loadbalancerMode: shared
enforceHttps: false
secretsNamespace:
create: false
name: cilium-secrets
service:
allocateLoadBalancerNodePorts: false
image:
override: "quay.io/cilium/cilium-ci:ac42dc9c3899d5bcc21fda3e72f6687e5b5c128f"
operator:
image:
override: "quay.io/cilium/operator-generic-ci:ac42dc9c3899d5bcc21fda3e72f6687e5b5c128f" I see the following error on the daemonset pod where the websites are failing.
I think #30581 seems related, not that I am not using any network policies tho. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this change didn't fix mentioned issue, it's still a good improvement.
Refer to:
envoyproxy/envoy#18107 (comment)
solo-io/gloo#5842