8000 gh: aws-cni: set --enable-identity-mark=false option by julianwiedmann · Pull Request #38738 · cilium/cilium · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

gh: aws-cni: set --enable-identity-mark=false option #38738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 4, 2025
Merged

gh: aws-cni: set --enable-identity-mark=false option #38738

merged 1 commit into from
Apr 4, 2025

Conversation

julianwiedmann
Copy link
Member

When AWS-CNI is in control of orchestrating the connectivity on the node, we shouldn't assume that usage of skb->mark for Cilium is safe.

#12185 introduced the --enable-identity-mark option for this scenario, so that Cilium doesn't use the skb->mark for identity propagation. Set this flag in the AWS-CNI workflow accordingly.

@julianwiedmann
gh: aws-cni: set --enable-identity-mark=false option
6b3167b 
When AWS-CNI is in control of orchestrating the connectivity on the node,
we shouldn't assume that usage of skb->mark for Cilium is safe.

#12185 introduced the
`--enable-identity-mark` option for this scenario, so that Cilium doesn't
use the skb->mark for identity propagation. Set this flag in the AWS-CNI
workflow accordingly.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added area/CI Continuous Integration testing issue or flake area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. area/cni Impacts the Container Networking Interface between Cilium and the orchestrator. release-note/ci This PR makes changes to the CI. integration/cloud Related to integration with cloud environments such as AKS, EKS, GKE, etc. labels Apr 4, 2025
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review April 4, 2025 08:08
@julianwiedmann julianwiedmann requested review from a team as code owners April 4, 2025 08:08
@julianwiedmann julianwiedmann enabled auto-merge April 4, 2025 08:09
@julianwiedmann julianwiedmann added this pull request to the merge queue Apr 4, 2025
Merged via the queue into main with commit c73b5f0 Apr 4, 2025
89 checks passed
@julianwiedmann julianwiedmann deleted the pr/jwi/main/gh-aws-chaining-identity branch April 4, 2025 11:24
This was referenced Apr 4, 2025
Closed
Merged
@julianwiedmann julianwiedmann added the backport-pending/1.16 The backport for Cilium 1.16.x for this PR is in progress. label Apr 4, 2025
@julianwiedmann julianwiedmann mentioned this pull request Apr 7, 2025
Merged
9 tasks
@julianwiedmann julianwiedmann added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels Apr 7, 2025
@github-actions github-actions bot added backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. and removed backport-pending/1.16 The backport for Cilium 1.16.x for this PR is in progress. labels Apr 7, 2025
@julianwiedmann julianwiedmann mentioned this pull request Apr 8, 2025
Merged
2 tasks
@julianwiedmann julianwiedmann added backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. and removed needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels Apr 8, 2025
@github-actions github-actions bot added backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels Apr 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
7B69
Reviewers

@viktor-kurchenko viktor-kurchenko viktor-kurchenko approved these changes

@liyihuang liyihuang Awaiting requested review from liyihuang liyihuang is a code owner automatically assigned from cilium/aws

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake area/cni Impacts the Container Networking Interface between Cilium and the orchestrator. area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. integration/cloud Related to integration with cloud environments such as AKS, EKS, GKE, etc. release-note/ci This PR makes changes to the CI.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julianwiedmann @viktor-kurchenko
0