Document kernel version requirements for Linux #47363
Conversation
k8s-ci-robot
added
language/en
| @@ -86,7 +86,7 @@ The following sysctls are supported in the _safe_ set: | |||
| There are some exceptions to the set of safe sysctls: | |||
|
|
|||
| - The `net.*` sysctls are not allowed with host networking enabled. | |||
| - The `net.ipv4.tcp_syncookies` sysctl is not namespaced on Linux kernel version 4.4 or lower. | |||
| - The `net.ipv4.tcp_syncookies` sysctl is not namespaced on Linux kernel version 4.5 or lower. | |||
There was a problem hiding this comment.
See torvalds/linux@12ed824 which is merged in 4.6.
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
/retitle Document kernel version requirements for Linux /sig architecture node |
k8s-ci-robot
added
sig/architecture
k8s-ci-robot
changed the title
| [`nftables` proxy mode](/docs/reference/networking/virtual-ips/#proxy-mode-nftables) is introduced in v1.29. | ||
| The (alpha) nftables mode of kube-proxy now requires version 1.0.1 or later | ||
| of the nft command-line, and kernel 5.13 or later. (For testing/development | ||
| purposes, you can use older kernels, as far back as 5.4, if you set the | ||
| `nftables.skipKernelVersionCheck` option in the kube-proxy config, but this is not | ||
| recommended in production since it may cause problems with other nftables | ||
| users on the system. |
There was a problem hiding this comment.
This will become stale with the v1.31 release. Can we write it to be more neutral as to whether nftables support is alpha / beta / stable?
There was a problem hiding this comment.
Removed the alpha description here and only mentioned that the kernel version requirement.
pacoxu
force-pushed
the
kernel-version-requirements
branch
from
cd6a79a
to
26ac83b
Compare
|
|
||
| Many features rely on specific kernel functionalities and have minimum kernel version requirements. | ||
|
|
||
| ## Pod sysctls {#requirements-pod-sysctl} |
There was a problem hiding this comment.
Would be great to have comment in this page pointing back to the constants in kubelet for each of the mentioned limitations. This way maintaining this page will be easier long term
<!--
Code: link to the constant in k/k
-->
There was a problem hiding this comment.
19a4a01 Added some code reference.
There was a problem hiding this comment.
I don't think we need to customize the anchor ID for the subsection line.
pacoxu
force-pushed
the
kernel-version-requirements
branch
from
26ac83b
to
19a4a01
Compare
There was a problem hiding this comment.
/hold
We can't / wouldn't make a statement about v1.31 prior to its release (see https://kubernetes.io/docs/contribute/style/style-guide/#avoid-statements-about-the-future - there are no obvious grounds for an exception).
This PR could target v1.31, or we can omit the detail about Kubernetes specifically recommending cgroup v2 (moving cgroup v1 support to maintenance only).
k8s-ci-robot
added
the
do-not-merge/hold
|
The Kubelet and other low level components need to test the running the kernel if a feature is enabled. Can you add a blurb to this document? Kernel Vendors (RHEL, Debian, etc) often backport features and so going by kernel version number is not adequate for certain OS distributions. |
pacoxu
force-pushed
the
kernel-version-requirements
branch
2 times, most recently
from
43b85fe
to
55ff16c
Compare
|
@sftim yes, this may hold until 1.31 release.
Added. Not sure if this is proper. |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 1fce3e5070dcf18c9ef89ced1df9ff1f13fbe241
|
|
|
||
| Many features rely on specific kernel functionalities and have minimum kernel version requirements. | ||
|
|
||
| ## Pod sysctls {#requirements-pod-sysctl} |
There was a problem hiding this comment.
I don't think we need to customize the anchor ID for the subsection line.
pacoxu
force-pushed
the
kernel-version-requirements
branch
from
ee8b09d
to
cb3a8de
Compare
k8s-ci-robot
removed
the
lgtm
pacoxu
force-pushed
the
kernel-version-requirements
branch
from
cb3a8de
to
af8df3a
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: ea31a50cbf632d377bc5f8682c83b323e044be4e
|
|
v1.31 has been released |
k8s-ci-robot
removed
the
do-not-merge/hold
| Many features rely on specific kernel functionalities and have minimum kernel version requirements. | ||
| However, relying solely on kernel version numbers may not be sufficient | ||
| for certain operating system distributions, | ||
| as maintainers for distributions such as RHEL, Ubuntu and SUSE often backport selected features |
There was a problem hiding this comment.
@pacoxu we should list these vendors in alphabetical order. Willing to send in a follow up PR?
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: SergeyKanzhelev, sftim The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Description
Starting from kubernetes/kubernetes#116799, I collected a lot of information about kernel.
And the kernel version requirement is one of the top FAQ from users when they want to choose a new OS or kernel.
Besides, some new features like RRO\ User Namespace\ cgroup v2 needs new kernels.
I try to summarize them in a page to make users clear when choosing a kernel version for their clusters.
Issue
xref kubernetes/kubernetes#116799
What's more?
This page did not include those bug-fixes or version compatibility improvement that are related to kernel versions like: