Skip to content

helm: Decouple sysctlfix from cgroup.autoMount #32866

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 7, 2024
Merged

helm: Decouple sysctlfix from cgroup.autoMount #32866

merged 1 commit into from
Jun 7, 2024

Conversation

YutaroHayakawa
Copy link
Member

Currently, the sysctlfix is only enabled when cgroup.autoMount is enabled which is not a directly-related feature. This dependency is introduced because the host procfs mount is only enabled when cgroup.autoMount is enabled.

Due to this limitation, we recently observed the issue that disabling cgroup.autoMount in the environment that runs systemd 245+ makes a connectivity loss between nodes in tunnel mode due to the rp_filter.

To fix the above issue, introduce a new configuration knob to enable/disable sysctlfix individually. It is enabled by default.

Fixes: #20643

helm: Decouple sysctlfix from cgroup.autoMount

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 4, 2024
@YutaroHayakawa YutaroHayakawa added release-note/bug This PR fixes an issue in a previous release of Cilium. needs-backport/1.15 labels Jun 4, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 4, 2024
@YutaroHayakawa YutaroHayakawa force-pushed the always-run-sysctl-overwrites branch 2 times, most recently from 4db52de to 9c6d794 Compare June 4, 2024 08:30
@YutaroHayakawa YutaroHayakawa marked this pull request as ready for review June 4, 2024 08:49
@YutaroHayakawa YutaroHayakawa requested review from a team as code owners June 4, 2024 08:49
@YutaroHayakawa YutaroHayakawa requested review from youngnick, squeed and a user June 4, 2024 08:49
@YutaroHayakawa
Copy link
Member Author

/test

@YutaroHayakawa
Copy link
Member Author

Cilium E2E Upgrade: #32229
Cilium IPsec upgrade: #27762

youngnick
youngnick approved these changes Jun 6, 2024
View reviewed changes
Copy link
Contributor

@youngnick youngnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with one small comment about the reference for the Helm chart.

@YutaroHayakawa YutaroHayakawa force-pushed the always-run-sysctl-overwrites branch from 2bf4d11 to e25fef1 Compare June 6, 2024 03:17
@YutaroHayakawa
Copy link
Member Author

/test

squeed
squeed reviewed Jun 6, 2024
View reviewed changes
@YutaroHayakawa
Copy link
Member Author

Cilium E2E Upgrade: #32689

@YutaroHayakawa YutaroHayakawa force-pushed the always-run-sysctl-overwrites branch 2 times, most recently from 0b92154 to 03a5853 Compare June 7, 2024 02:35
@YutaroHayakawa
Copy link
Member Author

/test

@YutaroHayakawa
Copy link
Member Author

YutaroHayakawa commented Jun 7, 2024
edited
Loading

Looks like Conformance Ingress is failing consistently for this PR. Let me investigate it.

https://github.com/cilium/cilium/actions/runs/9411838100

@YutaroHayakawa @youngnick
helm: Decouple sysctlfix from cgroup.autoMount
cc341cf 
Currently, the sysctlfix is only enabled when cgroup.autoMount is
enabled which is not a directly-related feature. This dependency is
introduced because the host procfs mount is only enabled when
cgroup.autoMount is enabled.

Due to this limitation, we recently observed the issue that disabling
cgroup.autoMount in the environment that runs systemd 245+ makes a
connectivity loss between nodes in tunnel mode due to the rp_filter.

To fix the above issue, introduce a new configuration knob to
enable/disable sysctlfix individually. It is enabled by default.

Fixes: cilium#20643

Co-authored-by: Nick Young <inocuo@gmail.com>
Signed-off-by: Yutaro Hayakawa <yhayakawa3720@gmail.com>
@YutaroHayakawa YutaroHayakawa force-pushed the always-run-sysctl-overwrites branch from 03a5853 to cc341cf Compare June 7, 2024 06:10
@YutaroHayakawa
Copy link
Member Author

/test

@YutaroHayakawa
Copy link
Member Author

Looks like rebasing on the latest main fixed the issue.

@YutaroHayakawa
Copy link
Member Author

Conformance Ingress: #31857

@YutaroHayakawa
Copy link
Member Author

Cilium E2E Upgrade: #32689
Conformance Ginkgo: Timeout

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 7, 2024
@YutaroHayakawa YutaroHayakawa added this pull request to the merge queue Jun 7, 2024
Merged via the queue into cilium:main with commit 99f8871 Jun 7, 2024
@YutaroHayakawa YutaroHayakawa deleted the always-run-sysctl-overwrites branch June 7, 2024 09:21
@giorio94 giorio94 mentioned this pull request Jun 10, 2024
Merged
3 tasks
@giorio94 giorio94 added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 labels Jun 10, 2024
@YutaroHayakawa YutaroHayakawa added affects/v1.14 This issue affects v1.14 branch needs-backport/1.14 and removed affects/v1.14 This issue affects v1.14 branch labels Jun 11, 2024
@github-actions github-actions bot added backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels Jun 12, 2024
@giorio94 giorio94 mentioned this pull request Jun 12, 2024
Merged
2 tasks
@giorio94 giorio94 added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 labels Jun 12, 2024
@github-actions github-actions bot added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Jun 13, 2024
This was referenced Jul 10, 2024
Closed
Merged
@cilium-release-bot cilium-release-bot bot mentioned this pull request Jul 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squeed squeed squeed approved these changes

@youngnick youngnick youngnick approved these changes

+1 more reviewer
Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
No open projects
1.14.12
Status: Backport done to v1.14
1.15.6
Status: Backport done to v1.15
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@YutaroHayakawa @squeed @youngnick @giorio94