Host-reachable services for TCP and UDP requires a v4.19.57, v5.1.16, v5.2.0 or more recent Linux kernel. Note that v5.0.y kernels do not have the fix required to run host-reachable services with UDP since at this point in time the v5.0.y stable kernel is end-of-life (EOL) and not maintained anymore. For only enabling TCP-based host-reachable services a v4.17.0 or newer kernel is required. The most optimal kernel with the full feature set is v5.8.

• 1.Install Guide ```properties helm template cilium cilium/cilium —version 1.11.1 \ —namespace kube-system \ —set tunnel=disabled \ —set kubeProxyReplacement=strict \ —set k8sServiceHost=192.168.2.61 \

  --set hostServices.enabled=true \
  

  —set k8sServicePort=6443 > 1.11.1_hostService.YAML

debug-verbose: "datapath"
ipv4-native-routing-cidr: 10.0.0.0/8
debug: "true"
monitor-aggregation: "none"
enable-bpf-masquerade: "true"
enable-endpoint-routes: "false"
enable-host-reachable-services: "true"

YAML file：

kubectl apply -f https://github.com/BurlyLuo/train/blob/main/Cilium/host-reachable-service/1.11.1_hostService.YAML

Create the demo:

kubectl create deploy host-reachable-service —image=burlyluo/nettoolbox kubectl expose deployment host-reachable-service —port=80 —target-port=80 —type=NodePort kubectl run client —image=burlyluo/nettoolbox —dry-run=client -o yaml > client.yaml

- [x] **2.Host-Reachable Services DataPath**
```properties
ENV:
root@bpf1:~# kubectl get nodes -o wide 
NAME   STATUS   ROLES                  AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION          CONTAINER-RUNTIME
bpf1   Ready    control-plane,master   14d   v1.23.2   192.168.2.61   <none>        Ubuntu 20.04.3 LTS   5.11.0-051100-generic   docker://20.10.12
bpf2   Ready    <none>                 14d   v1.23.2   192.168.2.62   <none>        Ubuntu 20.04.3 LTS   5.11.0-051100-generic   docker://20.10.12
bpf3   Ready    <none>                 14d   v1.23.2   192.168.2.63   <none>        Ubuntu 20.04.3 LTS   5.11.0-051100-generic   docker://20.10.12
root@bpf1:~# 

root@bpf1:~# kubectl get pods -o wide 
NAME                                     READY   STATUS    RESTARTS   AGE   IP          NODE   NOMINATED NODE   READINESS GATES
client                                   1/1     Running   0          10m   10.0.2.68   bpf1   <none>           <none>
host-reachable-service-5c6865d67-d2h8b   1/1     Running   0          12m   10.0.1.2    bpf3   <none>           <none>
root@bpf1:~# kubectl get svc host-reachable-service -o wide 
NAME                     TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE   SELECTOR
host-reachable-service   NodePort   10.111.66.159   <none>        80:30942/TCP   14m   app=host-reachable-service
root@bpf1:~# 

Pcap list:
https://github.com/BurlyLuo/train/tree/main/Cilium/host-reachable-service

我们在client的pod上执行测试。然后backend的pod是host-reachable-service-5c6865d67-d2h8b。

其实此Feature描述的一个内容是虽然我们的访问的是中间的node，但是流量并没有发往其节点，而是直接发到backend pod。

• 1.在node bpf1上抓包[client pod eth0 抓包]

1.node bpf1上的ens33抓包：

• 2.在node bpf2上抓包

• 3.在node bpf3上抓包

在node bpf3上的backend pod上抓包