CFP: Bump minimum kernel version to v5.4 / RHEL 8.6 #30456
Description
We currently require a v4.19 or equivalent kernel. This locks us out
of many important improvements like higher complexity limits, deadcode
elimination and so on.
We propose to raise the minimum kernel.org version to v5.4 for v1.16 release,
while keeping the RHEL8 minimum version unchanged. In our documentation, the requirements for Linux would change to >= v5.4 or >= RHEL 8.6.
RHEL gets special treatment because the kernel has a lot
of backports which make it functionally similar to a v5.4 kernel. We'll focus our testing on 8.6 since that is the current EUS release. The kernel source code for this is not easily available, so we have to use Rocky Linux / CentOS as a proxy.
v5.4 is the most recent kernel which has major features we need and which is
still supported by a major distribution's LTS release (in this case Ubuntu 20.04).
This in effect means that we drop support for kernel.org v4.19 LTS before it is
EOL at the end of 2024. This should not be a problem given that there do not seem
to be major distros shipping that version and our old releases will still support
v4.19 until it is EOL.
See below for the data used to reach this conclusion.
| Feature | kernel.org | RHEL8.6 |
|---|---|---|
| bpf2bpf calls | v4.16 | Assuming yes, since it is based on v4.18 |
| Dead code elimination | v5.1 | Yes? |
| Large instruction limit | v5.2 | Yes? |
| Map freezing | v5.2 | Yes? |
| Bounded loops | v5.3 | Yes? |
| Track contents of ro maps as scalars | v5.5 | Yes? |
| Function by function verification | v5.6 | Yes? |
| bpf_redirect_neigh | v5.10 | Yes? |
| Mixing bpf2bpf function calls and tail calls | v5.10 (amd64), v6.0 (arm64) | Yes (amd64), No (arm64) |
RHEL 8.6 is on 4.18.0-372.9.1 (requires login). The closest easily accessible source code I could find is for 4.18.0-365.
Here is a list of kernel versions by distribution, provided the shipped kernel meets
our current minimum of v4.19 and the release is not EOL. I've sourced these from
customer configuration and Github Issues.
| Distro | Kernel |
|---|---|
| Amazon Linux 2 | v5.10 |
| Amazon Linux 2023 | v6.1 |
| Bottlerocket OS 1.15.1 | v5.10, v5.15, v6.1 |
| Bottlerocket OS 1.16.1 | v5.10, v5.15, v6.1 |
| Bottlerocket OS 1.17.0 | v5.10, v5.15, v6.1 |
| Container-Optimized OS from Google | v5.10, v5.15, v6.1 |
| Debian GNU/Linux 11 (bullseye) | v5.10, v6.1 |
| Debian GNU/Linux 12 (bookworm) | v6.1, v6.5 |
| Red Hat Enterprise Linux 8.8 (Ootpa) | RHEL v4.18 |
| Red Hat Enterprise Linux CoreOS 412 (Ootpa) | RHEL8 |
| Red Hat Enterprise Linux CoreOS 413 (Plow) | RHEL9 |
| Red Hat Enterprise Linux CoreOS 414 (Plow) | RHEL9 |
| Rocky Linux 9.2 (Blue Onyx) | RHEL9 |
| Ubuntu 20.04 LTS (focal) | v5.4 |
| Ubuntu 22.04 LTS (jammy) | v5.15 or v5.17 |
### Tasks
- [x] Add RHEL 8.6 kernel to CI
- [x] Remove v4.19 from CI and other tests
- [x] Document new minimum version requirement
- [x] Bump https://github.com/cilium/cilium/blob/f30fd6044d827fd67f21d7ba11ab373562764dc5/pkg/datapath/linux/requirements.go#L28-L31
- [x] Merge https://github.com/cilium/cilium/pull/30814