lou-lan
commented
1 month ago Thank You for cilium support!
We have test that setup, egress is working.
In the default configuration cilium is doint SNAT, and we are loosing SRC IP when using load balancer. So we need to enable "DSR". DSR+geneve is working with egressgateway (DSR without geneve not).
But there is probably bug in cilium in this configuration, i commented one issue
LB with dsr+geneve is working when I install cilium with
--set bpf.masquerade=true, but unfortunately egressgateway not working then. LB works good too (with bpf.masquerade=false) when pod which have LB as service, have some egress configuration. So probably cilium with iptables masquerade doing something wrong (i think).Maybe You can add support for ebpf conf?
Thanks for your feedback, for this case egressgateway needs to add an ebpf function to solve it, I'm going to spend some time to verify it. I'll reply later in the issue.
Thank You for cilium support!
We have test that setup, egress is working.
In the default configuration cilium is doint SNAT, and we are losing SRC IP when using load balancer. So we need to enable "DSR". DSR+geneve is working with egressgateway (DSR without geneve not).
But there is probably bug in cilium in this configuration, i commented one issue
LB with dsr+geneve is working when I install cilium with
--set bpf.masquerade=true, but unfortunately egressgateway not working then. LB works good too (with bpf.masquerade=false) when pod which have LB as service, have some egress configuration. So probably cilium with iptables masquerade doing something wrong (i think).Maybe You can add support for ebpf conf?