From f03045f0dc8a49ef20284a7f8e076fbbd26a466c Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 24 Jul 2021 10:32:29 -0700 Subject: [PATCH] Update Cilium for cgroups v2 support * On Fedora CoreOS, Cilium cross-node service IP load balancing stopped working for a time (first observable as CoreDNS pods located on worker nodes not being able to reach the kubernetes API service 10.3.0.1). This turned out to have two parts: * Fedora CoreOS switched to cgroups v2 by default. In our early testing with cgroups v2, Calico (default) was used. With the cgroups v2 change, SELinux policy denied some eBPF operations. Since fixed in all Fedora CoreOS channels * Cilium requires new mounts to support cgroups v2, which are added here * https://github.com/coreos/fedora-coreos-tracker/issues/292 * https://github.com/coreos/fedora-coreos-tracker/issues/881 * https://github.com/cilium/cilium/pull/16259 --- CHANGES.md | 8 ++++++-- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 16 insertions(+), 12 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5f1590b33..c91f4f9f3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,9 +4,9 @@ Notable changes between versions. ## Latest - ### Fedora CoreOS +* Add Cilium cgroups v2 support on Fedora CoreOS * Update Butane Config version from v1.2.0 to v1.4.0 * Rename Fedora CoreOS Config to Butane Config * Require any [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customizations to update to v1.4.0 @@ -27,6 +27,10 @@ Notable changes between versions. * Update node-exporter from v1.1.2 to [v1.2.0](https://github.com/prometheus/node_exporter/releases/tag/v1.2.0) * Update Grafana from v8.0.3 to [v8.0.6](https://github.com/grafana/grafana/releases/tag/v8.0.6) +### Known Issues + +* Cilium with recent Fedora CoreOS will have networking issues ([fedora-coreos#881](https://github.com/coreos/fedora-coreos-tracker/issues/881)) (fixed in v1.21.4) + ## v1.21.2 * Kubernetes [v1.21.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#v1212) @@ -60,7 +64,7 @@ Notable changes between versions. ### Known Issues -* Cilium with recent Fedora CoreOS will have networking issues ([fedora-coreos#881](https://github.com/coreos/fedora-coreos-tracker/issues/881)) +* Cilium with recent Fedora CoreOS will have networking issues ([fedora-coreos#881](https://github.com/coreos/fedora-coreos-tracker/issues/881)) (fixed in v1.21.4) ## v1.21.1 diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 2b9d6c600..151502065 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 8b7f2ff45..469139a29 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index f35ac5089..ab28be90c 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index a6d601f0a..b16827a32 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 0f4be9fc1..0075bfced 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index f416193a8..d1dcf2084 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index a19799dfe..ba4f7dbd3 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 125cb0d4d..8a30a7b6a 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index c84b28c80..a61da98d9 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index fe379001c..0afdb346f 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]