Skip to content

Commit

Permalink
Update Cilium for cgroups v2 support
Browse files Browse the repository at this point in the history
* On Fedora CoreOS, Cilium cross-node service IP load balancing
stopped working for a time (first observable as CoreDNS pods
located on worker nodes not being able to reach the kubernetes
API service 10.3.0.1). This turned out to have two parts:
* Fedora CoreOS switched to cgroups v2 by default. In our early
testing with cgroups v2, Calico (default) was used. With the
cgroups v2 change, SELinux policy denied some eBPF operations.
Since fixed in all Fedora CoreOS channels
* Cilium requires new mounts to support cgroups v2, which are
added here

* coreos/fedora-coreos-tracker#292
* coreos/fedora-coreos-tracker#881
* cilium/cilium#16259
  • Loading branch information
dghubble committed Jul 24, 2021
1 parent 3c7b510 commit 64d5c70
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"

cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name]
Expand Down
2 changes: 1 addition & 1 deletion flatcar-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"

cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name]
Expand Down

0 comments on commit 64d5c70

Please sign in to comment.