ebpf: host->service->self without CTLB does not work #8557

tomastigera · 2024-02-23T22:23:48Z

          I might have a similar issue, trying the same configuration from #4509 with bpfConnectTimeLoadBalancing=Disabled and bpfHostNetworkedNATWithoutCTLB=Enabled.

Since then, I have some hosts and pods in the hostNetwork which cannot reach the clusterIP of the apiserver anymore (100.72.0.1). But this is unrelated to Istio (we do have Istio, but neither enabled for the hostNetworked pod nor the apiserver. Any data I can share?
Detail: This does not affect all hosts - in fact it affects exactly those which do have a pod being endpoint for the clusterIP, i.e. my master nodes with apiservers on them.

edit: using 3.27.2
edit2: setting bpfConnectTimeLoadBalancing to TCP solves this problem functionally.
before trying the new config, we were using the feature gate approach BPFConnectTimeLoadBalancingWorkaround=udp

Originally posted by @sfudeus in #8545 (comment)

The text was updated successfully, but these errors were encountered:

tomastigera added kind/bug area/bpf eBPF Dataplane issues labels Feb 23, 2024

caseydavenport added likelihood/low impact/high labels Feb 27, 2024

tomastigera mentioned this issue Feb 28, 2024

[BPF] host can access self via a service without CTLB #8564

Merged

3 tasks

marvin-tigera closed this as completed in #8564 Mar 2, 2024

tomastigera mentioned this issue Mar 6, 2024

[release-v3.27] Auto pick #8564: host can access self via a service without CTLB #8588

Merged

3 tasks

tomastigera reopened this Mar 13, 2024

tomastigera closed this as completed Mar 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ebpf: host->service->self without CTLB does not work #8557

ebpf: host->service->self without CTLB does not work #8557

tomastigera commented Feb 23, 2024

ebpf: host->service->self without CTLB does not work #8557

ebpf: host->service->self without CTLB does not work #8557

Comments

tomastigera commented Feb 23, 2024