Initial encrypted network support #719
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
erikwilson
force-pushed
the
encrypted-network-support
branch
from
89d19e3 to
9474b30
Compare
erikwilson
force-pushed
the
encrypted-network-support
branch
from
e26c5d9 to
a4039ea
Compare
erikwilson
force-pushed
the
encrypted-network-support
branch
9 times, most recently
from
79c089d to
52a64ab
Compare
erikwilson
changed the title
|
why did you enable hairpin mode in this change? |
|
Hairpin mode was enabled because it is a feature that people have asked for, and it is tested as part of the networking kubernetes-perf-test suite. If there is a good reason to disable it please let me know, as far as I could tell there was not much of a downside for turning it on. I have also been working on updating the networking tests (https://github.com/erikwilson/kubernetes-perf-tests/tree/master/network/benchmarks/netperf) to use the newest versions of the test utilities (iperf & netperf) and large MTUs. I will probably put in a separate PR with ansible scripts for network benchmarking based off https://github.com/erikwilson/rancher-k3s/tree/encrypted-network-testing/contrib/ansible. |
|
no, i don't have any reason to disable (or enable) it. |
|
lgtm |
| @@ -421,20 +431,43 @@ func WritePasswords(passwdFile string, records [][]string) error { | |||
| return os.Rename(passwdFile+".tmp", passwdFile) | |||
| } | |||
|
|
|||
| func genEncryptedNetworkInfo(controlConfig *config.Control, runtime *config.ControlRuntime) error { | |||
There was a problem hiding this comment.
How can this be handled in HA mode? as far as I understand this function will result in creating a IPSECPSK for each master node
erikwilson
force-pushed
the
encrypted-network-support
branch
2 times, most recently
from
7ebec56 to
a6bb3c8
Compare
erikwilson
force-pushed
the
encrypted-network-support
branch
from
1748f95 to
6f7a1a7
Compare
brandond
added a commit
to brandond/k3s
that referenced
this pull request
Jul 29, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: k3s-io#719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
to brandond/k3s
that referenced
this pull request
Jul 29, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: k3s-io#719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
to brandond/k3s
that referenced
this pull request
Jul 29, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: k3s-io#719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
to brandond/k3s
that referenced
this pull request
Jul 29, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: k3s-io#719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
to brandond/k3s
that referenced
this pull request
Jul 29, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: k3s-io#719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This was referenced Jul 29, 2024
brandond
added a commit
that referenced
this pull request
Jul 29, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: #719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
that referenced
this pull request
Jul 29, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: #719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
that referenced
this pull request
Jul 30, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: #719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
that referenced
this pull request
Jul 30, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: #719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
added a commit
that referenced
this pull request
Jul 30, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: #719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
ludost
pushed a commit
to asimovo-platform/k3s
that referenced
this pull request
Oct 2, 2024
This was only used to pass the bundled strongswan path through to the flannel ipsec backend, and is no longer needed. Ref: k3s-io#719 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.