fix: Remove Cilium chainingMode when kubeproxyreplacement is enabled #1340
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
supershal
force-pushed
the
shalin/cilium-portmap
branch
from
d43d00e to
ef7c613
Compare
jimmidyson
approved these changes
Oct 6, 2025
Member
|
@supershal Pre-commit fails with too long commit title |
jimmidyson
changed the title
jimmidyson
force-pushed
the
shalin/cilium-portmap
branch
from
ef7c613 to
bdd8055
Compare
Member
|
Reworded commit and pushed. |
dkoshkin
approved these changes
Oct 6, 2025
Contributor
|
Thanks for fixing this |
Contributor
Author
|
Thank you @jimmidyson |
Merged
dlipovetsky
added a commit
that referenced
this pull request
Oct 7, 2025
🤖 I have created a release *beep* *boop* --- ## 0.35.1 (2025-10-07) <!-- Release notes generated using configuration in .github/release.yaml at main --> ## What's Changed ### Fixes 🔧 * fix: Remove Cilium chainingMode when kubeproxyreplacement is enabled by @supershal in #1340 * fix: Align validation with upstream Kubeadm Bootstrap Provider types by @dlipovetsky in #1342 ### Other Changes * refactor: move handler directories by @dkoshkin in #1321 **Full Changelog**: v0.35.0...v0.35.1 --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
vijayaraghavanr31
pushed a commit
that referenced
this pull request
Oct 8, 2025
…1340) **What problem does this PR solve?**: AL2023 does not have portmap binary installed. This breaks chaining mode of the cilium and cilium is not able to create pod networking. The chaining mode is no longer required after cilium 1.8 and when kubeproxy replacement is enabled. References: https://docs.cilium.io/en/latest/installation/cni-chaining-portmap/ https://docs.cilium.io/en/latest/network/kubernetes/kubeproxy-free/#kubeproxyfree-hostport **Which issue(s) this PR fixes**: Fixes # **How Has This Been Tested?**: <!-- Please describe the tests that you ran to verify your changes. Provide output from the tests and any manual steps needed to replicate the tests. --> Tested by creating EKS cluster. The clilium DS pods were failing with ``` failed to assert if endpoint BPF programs need to be reloaded: retrieving device lxc4bfccc8739f5: Link not found ``` Other errors in the kubelet ``` Warning FailedCreatePodSandBox 2d4h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "b5a9 │ │ 0c710b2844894e9822124cdb6c6ac2f4175d7b00dd0b7a9f3d787674f69c": plugin type="portmap" failed (add): failed to find plugin "portmap" in path [/opt/cni/bin] │ │ Warning FailedCreatePodSandBox 2d4h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "14c8 │ │ f11b00cd49e7725737b9febacbf6b0aa7150ec927d56b1c4a07168172260": plugin type="cilium-cni" failed (add): unable to allocate IP via local cilium agent: [POST /ipam][502] postIpamFailure │ │ "No more IPs available" ``` After removing `chainingMode: portmap` the cilium was able to create pod networking. **Special notes for your reviewer**: <!-- Use this to provide any additional information to the reviewers. This may include: - Best way to review the PR. - Where the author wants the most review attention on. - etc. -->
vijayaraghavanr31
pushed a commit
that referenced
this pull request
Oct 8, 2025
🤖 I have created a release *beep* *boop* --- ## 0.35.1 (2025-10-07) <!-- Release notes generated using configuration in .github/release.yaml at main --> ## What's Changed ### Fixes 🔧 * fix: Remove Cilium chainingMode when kubeproxyreplacement is enabled by @supershal in #1340 * fix: Align validation with upstream Kubeadm Bootstrap Provider types by @dlipovetsky in #1342 ### Other Changes * refactor: move handler directories by @dkoshkin in #1321 **Full Changelog**: v0.35.0...v0.35.1 --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?:
AL2023 does not have portmap binary installed. This breaks chaining mode of the cilium and cilium is not able to create pod networking.
The chaining mode is no longer required after cilium 1.8 and when kubeproxy replacement is enabled.
References:
https://docs.cilium.io/en/latest/installation/cni-chaining-portmap/
https://docs.cilium.io/en/latest/network/kubernetes/kubeproxy-free/#kubeproxyfree-hostport
Which issue(s) this PR fixes:
Fixes #
How Has This Been Tested?:
Tested by creating EKS cluster. The clilium DS pods were failing with
Other errors in the kubelet
After removing
chainingMode: portmapthe cilium was able to create pod networking.Special notes for your reviewer: