search

gardener / gardener-extension-provider-gcp

Gardener extension controller for the GCP cloud provider (https://cloud.google.com).
https://gardener.cloud
Apache License 2.0
12 stars 80 forks source link

Remove IPIP Tunnels from GCP #115

Closed zanetworker closed 5 days ago

zanetworker commented 4 years ago

How to categorize this issue? /area networking /kind enhancement

What would you like to be added:

Today, the cloud-controller-manager is used to configure routes on GCP (configure-cloud-routes=true), however these routes are not used since we are utilizing CNI tunnels (e.g., IPIP or VxLAN) to enabled pod-connectivity cross nodes and zones.

To completely remove tunnels for GCP, we would need to disable IPIP tunnels on Calico (e.g., via a webhook similar to Azure Setup backend=none). Furthermore, we need to deploy ip-masq-agent to prevent Pod generated traffic from being blocked by the GCP infrastructure .

Why is this needed:

rfranzke commented 4 years ago

Any changes to CCM required?

zanetworker commented 4 years ago

Nope, since configure-cloud-routes is statically configured to true today by default (not sure why but helps now)

danielfoehrKn commented 4 years ago

Does this mean that Calico is not used for networking anymore on GCP but only for network policy enforcement? Maybe you could share some insights. Thanks!

zanetworker commented 4 years ago

@danielfoehrKn yes for cross node routing, it will be like Azure.

vpnachev commented 4 years ago

Reopen because #117 was reverted with #136.