helm: Guard apply sysctl init container #20643
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The newly added init container (e.g. sysctl init) requires hostproc volume mount, however, this volume is only mounted based on the helm flag .Values.cgroup.autoMount.enabled. This commit is to make sure that such condition is added to avoid any failure. Relates: cilium#20072 Fixes: cilium#20626 Signed-off-by: Tam Mach <tam.mach@cilium.io>
|
/test Job 'Cilium-PR-K8s-1.16-kernel-4.9' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment |
gandro
approved these changes
Jul 26, 2022
|
Reviews are in, test-1.16-4.9 hit flake #20288 Marking this ready to merge. |
This was referenced Aug 11, 2022
YutaroHayakawa
added a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Jun 4, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
YutaroHayakawa
added a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Jun 4, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
YutaroHayakawa
added a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Jun 4, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
YutaroHayakawa
added a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Jun 6, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com>
YutaroHayakawa
added a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Jun 6, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com>
YutaroHayakawa
added a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Jun 7, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com>
YutaroHayakawa
added a commit
to YutaroHayakawa/cilium
that referenced
this pull request
Jun 7, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 7, 2024
Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com>
giorio94
pushed a commit
that referenced
this pull request
Jun 10, 2024
[ upstream commit 99f8871 ] [ backporter's notes: dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
giorio94
pushed a commit
that referenced
this pull request
Jun 10, 2024
[ upstream commit 99f8871 ] [ backporter's notes: fixed trivial conflict in values.yaml.tmpl and dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
giorio94
pushed a commit
that referenced
this pull request
Jun 10, 2024
[ upstream commit 99f8871 ] [ backporter's notes: fixed trivial conflict in values.yaml.tmpl and dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
dylandreimerink
pushed a commit
that referenced
this pull request
Jun 12, 2024
[ upstream commit 99f8871 ] [ backporter's notes: fixed trivial conflict in values.yaml.tmpl and dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
giorio94
pushed a commit
that referenced
this pull request
Jun 12, 2024
[ upstream commit 99f8871 ] [ backporter's notes: fixed trivial conflict in values.yaml.tmpl and dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
giorio94
pushed a commit
that referenced
this pull request
Jun 13, 2024
[ upstream commit 99f8871 ] [ backporter's notes: fixed trivial conflict in values.yaml.tmpl and dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
aanm
pushed a commit
that referenced
this pull request
Jun 13, 2024
[ upstream commit 99f8871 ] [ backporter's notes: fixed trivial conflict in values.yaml.tmpl and dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: #20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
christarazi
pushed a commit
to christarazi/cilium
that referenced
this pull request
Aug 1, 2024
[ upstream commit 99f8871 ] [ backporter's notes: fixed trivial conflict in values.yaml.tmpl and dropped the values.schema.json hunk, as not relevant. ] Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled. Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter. To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default. Fixes: cilium#20643 Co-authored-by: Nick Young <inocuo@gmail.com> Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> (cherry picked from commit 9fa0677) Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The newly added init container (e.g. sysctl init) requires hostproc
volume mount, however, this volume is only mounted based on the helm
flag .Values.cgroup.autoMount.enabled. This commit is to make sure
that such condition is added to avoid any failure.
Relates: #20072
Fixes: #20626
Signed-off-by: Tam Mach tam.mach@cilium.io