salt: Support 127.0.0.1 hostPort
#3396
Conversation
TeddyAndrieux
added
topic:networking
Hello teddyandrieux,My role is to assist you with the merge of this Status report is not available. |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
Before this commit we only support hostPort on workloadPlane IP, this commit also add `127.0.0.1` as supported hostPort NOTE: It's needed for Kubernetes conformance tests for Kubernetes 1.20+
TeddyAndrieux
force-pushed
the
improvement/allow-hostport-on-localhost
branch
from
ee5ee2a to
91b4dc1
Compare
History mismatchMerge commit #ee5ee2a3b98f668eeb3574e214ae383e638dada1 on the integration branch It is likely due to a rebase of the branch Please use the |
|
/reset |
Reset completeI have successfully deleted this pull request's integration branches. |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
| @@ -63,7 +63,7 @@ Create CNI calico configuration file: | |||
| snat: true | |||
| capabilities: | |||
| portMappings: true | |||
| conditionsV4: ["-d", "{{ grains.metalk8s.workload_plane_ip }}/32"] | |||
| conditionsV4: ["-d", "{{ grains.metalk8s.workload_plane_ip }}/32,127.0.0.1/32"] | |||
There was a problem hiding this comment.
Shouldn't it be on the whole 127.0.0.0/8 network ?
There was a problem hiding this comment.
Hmmm I'm not sure, to me here we only want localhost and not any other "loopback" addresses used for .... whatelse
I think but not sure
There was a problem hiding this comment.
IIUC, what we want is "all host-local addresses except control plane", no?
There was a problem hiding this comment.
To me, we want workload plane IP and that's it (just we add 127.0.0.1 as it's needed for conformance tests and does not hurt anyway)
There was a problem hiding this comment.
I don't really know what we should do either and I'm not even sure that's really important.
We can merge your changes as that's only what's requested by the K8s conformance tests.
But I don't see any valid reason to restrict to only 127.0.0.1/32 instead of 127.0.0.0/8
There was a problem hiding this comment.
Agree 👍,
Maybe we will want to make it configurable at some point also, but for the moment let's not bother about it 😃
There was a problem hiding this comment.
Though, maybe the current change is sufficient. It passes conformance, so it's supposed to be conformant. I'm not sure where it's said a K8s cluster must expose NodePorts on 127.0.0.0/8. If this is the case, maybe we should widen things up further.
|
/approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye teddyandrieux. |
|
For future reference, cfr. https://kubernetes.slack.com/archives/C09QYUH5W/p1622023243096200 |
Component:
'salt'
Context:
Support
127.0.0.1as hostPortSummary:
Before this commit we only support hostPort on workloadPlane IP, this
commit also add
127.0.0.1as supported hostPortNOTE: It's needed for Kubernetes conformance tests for Kubernetes 1.20+