New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable IPv6 in the default installation #6082

Merged
merged 9 commits into from Dec 16, 2018

Conversation

@tgraf
Copy link
Member

tgraf commented Oct 29, 2018

This standardizes the enablement option to --enable-ipv4 and --enable-ipv6 while preserving the old --disable-ipv4 for backward compatibility.

It changes both the Docker and CNI plugin to support with IPv6 mode disabled. The plugins will refuse to provide service if neither address is provided.

It makes all IPv6 code in the datapath optional so it can be disabled.

Finally, the PR disabled IPv6 for all new deployments while preserving the existing behavior for existing deployments. This reduces the memory footprint in default installations significantly.

Depends on: #6080
Fixes: #1537


This change is Reviewable

@tgraf tgraf added this to the 1.4-feature milestone Oct 29, 2018

@tgraf tgraf added this to Commited in 1.4 via automation Oct 29, 2018

@tgraf tgraf requested review from cilium/agent as code owners Oct 29, 2018

Show resolved Hide resolved common/addressing/ip.go Outdated
Show resolved Hide resolved common/addressing/ip.go Outdated

@tgraf tgraf moved this from Commited to In Progress in 1.4 Oct 29, 2018

@tgraf tgraf force-pushed the pr/tgraf/ipv6-enable-option branch from 1cc0c54 to a8ed35d Nov 27, 2018

Show resolved Hide resolved pkg/endpoint/id/id.go Outdated
Show resolved Hide resolved pkg/endpoint/id/id.go Outdated
@coveralls

This comment has been minimized.

Copy link

coveralls commented Nov 27, 2018

Coverage Status

Coverage decreased (-0.05%) to 43.752% when pulling 9cf5c55 on pr/tgraf/ipv6-enable-option into 85b03d4 on master.

@tgraf tgraf force-pushed the pr/tgraf/ipv6-enable-option branch from a8ed35d to db53fc5 Nov 28, 2018

@tgraf tgraf requested a review from cilium/cli as a code owner Nov 28, 2018

@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Nov 28, 2018

test-me-please

1 similar comment
@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Nov 28, 2018

test-me-please

@tgraf tgraf force-pushed the pr/tgraf/ipv6-enable-option branch from db53fc5 to 57547d2 Nov 29, 2018

@tgraf tgraf requested a review from cilium/bpf as a code owner Nov 29, 2018

@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Nov 29, 2018

test-me-please

@tgraf tgraf dismissed stale reviews from raybejjani and aanm Dec 16, 2018

fixed

@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Dec 16, 2018

test-me-please

tgraf added some commits Dec 16, 2018

cni: Do not require IPv6 addressing information to be present
Fail if neither IPv4 and IPv6 addressing is available

Signed-off-by: Thomas Graf <thomas@cilium.io>
agent: Remove BPF maps of disabled address families
This ensures that memory resources are freed up when disabling an address
family.

Signed-off-by: Thomas Graf <thomas@cilium.io>
agent: Universal --enable-ipv4 and --enable-ipv6 option
The old --disable-ipv4 is marked as hidden but kept for backwards
compatibility. Map the DISABLE_IPV4 environment variable to --enable-ipv4 so
existing ConfigMap remain compatible.

Signed-off-by: Thomas Graf <thomas@cilium.io>
agent: Fail if both IPv4 and IPv6 are disabled
Signed-off-by: Thomas Graf <thomas@cilium.io>
kubernetes: Disable IPv6 by default for new deployments
The agent continues to enable IPv6 in the default setting but the default
ConfigMap will disable IPv6 for all new deployments. The motivation is
primarily a smaller memory footprint in default deployments.

This reduces the memory footprint in the default installation by about 200M.

Signed-off-by: Thomas Graf <thomas@cilium.io>
agent: Make IPv6 optional
Datapath:
Use a consistent ENABLE_IPV4 and ENABLE_IPV6 define to steer enabling IPv4 and
IPv6 code paths. Make all IPv6 datapath code dependent on ENABLE_IPV6.

Agent:
Make installation of routes, creation of maps, insertion into ipcache, etc.
dependent on option.Config.EnableIPv6.

Also fixes a problem in bpf/Makefile to properly test a combination of defines
when performing test compilation.

Signed-off-by: Thomas Graf <thomas@cilium.io>
docker: Remove the unneeded EndpointGet check
It only delays the setup process and adds no value. Docker is the source of
truth for docker endpoint IDs.

Signed-off-by: Thomas Graf <thomas@cilium.io>
docker: Only install routes if address family is enabled
This allows to disable IPv4 and IPv6 for docker networks. Only one of the two
address families have to be enabled.

Signed-off-by: Thomas Graf <thomas@cilium.io>
ipam: Allow disabling IPv6 in node addressing API
A flag already existed to indicate enablement but IPv6 was hardwired to
enabled.  Use the --enable-ipv6 value to control the node addressing API.

Signed-off-by: Thomas Graf <thomas@cilium.io>

@tgraf tgraf force-pushed the pr/tgraf/ipv6-enable-option branch from 19f23ca to 9cf5c55 Dec 16, 2018

@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Dec 16, 2018

test-me-please

@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Dec 16, 2018

test-missed-k8s

@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Dec 16, 2018

test-missed-k8s

2 similar comments
@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Dec 16, 2018

test-missed-k8s

@tgraf

This comment has been minimized.

Copy link
Member Author

tgraf commented Dec 16, 2018

test-missed-k8s

@aanm

aanm approved these changes Dec 16, 2018

Copy link
Member

aanm left a comment

I'm glad the default IPv6 is still true

@tgraf tgraf merged commit 5104ff6 into master Dec 16, 2018

6 checks passed

Cilium-Ginkgo-Test-k8s Build finished.
Details
Cilium-Ginkgo-Tests Build finished.
Details
Cilium-PR-Ginkgo-Tests-K8s
Details
Hound No violations found. Woof!
continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage decreased (-0.05%) to 43.752%
Details

1.4 automation moved this from In Progress to Done Dec 16, 2018

@tgraf tgraf deleted the pr/tgraf/ipv6-enable-option branch Dec 16, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment