Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run IPsec service on the container #2544

Open
wants to merge 1 commit into
base: release-4.15
Choose a base branch
from
Open

Run IPsec service on the container #2544

wants to merge 1 commit into from

Conversation

pperiyasamy
Copy link
Member

The libreswan 4.9 is having a regression issue which causes intermittent traffic failure between ipsec tunnels. So let us make ipsec service to run on the container which would help to change libreswan back into 4.5 as an intermeditate solution.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 25, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pperiyasamy
Once this PR has been reviewed and has the lgtm label, please assign kyrtapz for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pperiyasamy
Run IPsec service on the container
93694df 
The libreswan 4.9 is having a regression issue which causes
intermittent traffic failure between ipsec tunnels. So let
us make ipsec service to run on the container which would
help to change libreswan back into 4.5 as an intermeditate
solution.

Signed-off-by: Periyasamy Palanisamy <[email protected]>
@pperiyasamy pperiyasamy force-pushed the container-ipsec-fallback branch from 062c9b8 to 93694df Compare October 25, 2024 06:01
@pperiyasamy
Copy link
Member Author

/assign @jcaamano @huiran0826 @anuragthehatter

jcaamano
jcaamano reviewed Oct 25, 2024
View reviewed changes
pkg/platform/platform.go
@@ -30,6 +30,7 @@ var cloudProviderConfig = types.NamespacedName{
var (
masterRoleMachineConfigLabel = map[string]string{"machineconfiguration.openshift.io/role": "master"}
workerRoleMachineConfigLabel = map[string]string{"machineconfiguration.openshift.io/role": "worker"}
EWIPsecOnly = true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why can't this be a constant?

Also add a comment explaining what this does and intentions. I guess you are doing it this way to have an easy way to revert in the future. But I am only guessing, it would be nice to have a comment explaining.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 25, 2024

@pperiyasamy: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-vsphere-ovn-dualstack 93694df link false /test e2e-vsphere-ovn-dualstack
ci/prow/e2e-aws-hypershift-ovn-kubevirt 93694df link false /test e2e-aws-hypershift-ovn-kubevirt
ci/prow/e2e-vsphere-ovn-dualstack-primaryv6 93694df link false /test e2e-vsphere-ovn-dualstack-primaryv6
ci/prow/e2e-network-mtu-migration-ovn-ipv6 93694df link false /test e2e-network-mtu-migration-ovn-ipv6
ci/prow/security 93694df link false /test security
ci/prow/e2e-metal-ipi-ovn-ipv6-ipsec 93694df link false /test e2e-metal-ipi-ovn-ipv6-ipsec
ci/prow/e2e-ovn-hybrid-step-registry 93694df link false /test e2e-ovn-hybrid-step-registry
ci/prow/e2e-aws-live-migration-sdn-ovn-rollback 93694df link false /test e2e-aws-live-migration-sdn-ovn-rollback
ci/prow/e2e-metal-ipi-ovn-ipv6 93694df link true /test e2e-metal-ipi-ovn-ipv6
ci/prow/4.15-upgrade-from-stable-4.14-e2e-azure-ovn-upgrade 93694df link false /test 4.15-upgrade-from-stable-4.14-e2e-azure-ovn-upgrade

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 24, 2025
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 24, 2025
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcaamano jcaamano jcaamano left review comments

@JacobTanenbaum JacobTanenbaum Awaiting requested review from JacobTanenbaum

@tssurya tssurya Awaiting requested review from tssurya

Assignees

@jcaamano jcaamano

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pperiyasamy @openshift-bot @openshift-merge-robot @jcaamano @anuragthehatter @huiran0826