Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #2332: Fix intra-Node service access when both Egress and #2348

Merged
merged 1 commit into from
Jul 6, 2021
Merged

Automated cherry pick of #2332: Fix intra-Node service access when both Egress and #2348

merged 1 commit into from
Jul 6, 2021

Conversation

tnqn
Copy link
Member

@tnqn tnqn commented Jul 6, 2021

Cherry pick of #2332 on release-1.1.

#2332: Fix intra-Node service access when both Egress and

For details on the cherry pick process, see the cherry pick requests page.

@tnqn
Fix intra-Node service access when both Egress and AntreaProxy is ena…
d657a9d 
…bled

When Egress enabled, extra flows will be added to L3Forwarding table,
one of which make the packets to local Pods jump to
L2ForwardingCalculation directly to prevent them from entering SNAT
table. However, it would also prevent the packets' MAC from being
rewritten even when they are marked as requiring it, which leads to
local Pods cannot access local Pods via their Services' ClusterIPs.

This patch fixes it by making the SNAT skipping flow apply to packets
that don't have macRewriteMark set only, with which all traffic to local
Pods will either be forwarded to L2ForwardingCalculation directly or be
MAC rewritten first before going to L2ForwardingCalculation if they are
required to do so. It also removes a flow in L3Forwarding table that
specially handles gatewayCT related traffic, which has been taken care
of by another more generic flow in same table.

Signed-off-by: Quan Tian <[email protected]>
@tnqn tnqn added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Jul 6, 2021
@tnqn
Copy link
Member Author

tnqn commented Jul 6, 2021

/test-all

@codecov-commenter
Copy link

codecov-commenter commented Jul 6, 2021
edited
Loading

Codecov Report

Merging #2348 (d657a9d) into release-1.1 (c76acd3) will increase coverage by 0.01%.
The diff coverage is 0.00%.

Impacted file tree graph

@@               Coverage Diff               @@
##           release-1.1    #2348      +/-   ##
===============================================
+ Coverage        61.78%   61.80%   +0.01%     
===============================================
  Files              278      278              
  Lines            21181    21174       -7     
===============================================
- Hits             13087    13086       -1     
+ Misses            6735     6730       -5     
+ Partials          1359     1358       -1
Flag Coverage Δ
kind-e2e-tests 52.97% <0.00%> (-0.01%) ⬇️
unit-tests 41.39% <0.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/agent/openflow/pipeline.go 71.02% <0.00%> (+0.42%) ⬆️
pkg/agent/flowexporter/connections/connections.go 80.48% <0.00%> (-7.32%) ⬇️
pkg/controller/networkpolicy/tier.go 47.50% <0.00%> (-5.00%) ⬇️
pkg/agent/flowexporter/exporter/exporter.go 79.35% <0.00%> (-0.23%) ⬇️
...ntroller/networkpolicy/networkpolicy_controller.go 84.88% <0.00%> (-0.16%) ⬇️
pkg/flowaggregator/flowaggregator.go 59.40% <0.00%> (+0.85%) ⬆️
...gent/controller/networkpolicy/status_controller.go 78.08% <0.00%> (+2.73%) ⬆️
pkg/agent/flowexporter/exporter/certificate.go 66.66% <0.00%> (+16.66%) ⬆️

@tnqn
Copy link
Member Author

tnqn commented Jul 6, 2021

/test-networkpolicy

@antoninbas antoninbas merged commit fa644c2 into antrea-io:release-1.1 Jul 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoninbas antoninbas antoninbas approved these changes

Assignees
No one assigned
Labels
kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tnqn @codecov-commenter @antoninbas