Skip to content

[release-v1.42] Use pod-network k8s service endpoint for non-cluster-host Typha#4842

Merged
caseydavenport merged 1 commit into
tigera:release-v1.42from
caseydavenport:casey-nch-typha-podnet-v1.42
May 21, 2026
Merged

[release-v1.42] Use pod-network k8s service endpoint for non-cluster-host Typha#4842
caseydavenport merged 1 commit into
tigera:release-v1.42from
caseydavenport:casey-nch-typha-podnet-v1.42

Conversation

@caseydavenport
Copy link
Copy Markdown
Member

@caseydavenport caseydavenport commented May 21, 2026
edited
Loading

Cherry-pick of #4840 to release-v1.42 (Calico Enterprise v3.23.x). Requested for inclusion in the v3.23.1 patch release.

The non-cluster-host Typha deployment runs pod-networked, but it inherits its kube-apiserver env vars from the host-network endpoint. On MKE clusters that's proxy.local:6444, which pods can't resolve, so the NCH Typha crashloops with DNS timeouts during the iptables-to-eBPF migration.

Clean cherry-pick.

Note: the master follow-up #4846 (always-strip-then-readd) needs to be picked separately once it merges.

Related: https://tigera.atlassian.net/browse/CI-1987

Fixes the non-cluster-host Typha deployment crashlooping on clusters where the host-network kube-apiserver endpoint is not reachable from pod-networked pods (e.g. MKE proxy.local). The pod-network endpoint from the kubernetes-service-endpoint ConfigMap is now used when set.

@caseydavenport
Use pod-network k8s service endpoint for non-cluster-host Typha (tige…
3aa345e 
…ra#4840)

The non-cluster-host Typha deployment runs pod-networked, but it was
inheriting KUBERNETES_SERVICE_HOST/PORT from the host-network endpoint.
On MKE clusters that resolves to proxy.local:6444, which is unreachable
from pods, so the deployment crashloops with DNS timeouts.

Override those env vars from K8sServiceEpPodNetwork (populated from the
kubernetes-service-endpoint ConfigMap's *_POD_NETWORK keys) when set.

(cherry picked from commit e3664ff)
@caseydavenport caseydavenport requested a review from a team as a code owner May 21, 2026 20:44
@marvin-tigera marvin-tigera added this to the v1.42.1 milestone May 21, 2026
@caseydavenport caseydavenport merged commit 3828288 into tigera:release-v1.42 May 21, 2026
6 checks passed
@caseydavenport caseydavenport deleted the casey-nch-typha-podnet-v1.42 branch May 21, 2026 22:30
@caseydavenport caseydavenport mentioned this pull request May 22, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

docs-pr-required release-note-required

Projects

None yet

Milestone

v1.42.1

Development

Successfully merging this pull request may close these issues.

2 participants

@caseydavenport @marvin-tigera