Skip to content

Commit

Permalink
Add IPSec remark for upgrade to v1.11.15
Browse files Browse the repository at this point in the history 
Cilium upgrades to v1.11.15 can cause severe problems
when IPSec is enabled. This adds a remark to the docs.

Signed-off-by: darox <maderdario@gmail.com>
  • Loading branch information
@darox @julianwiedmann
darox authored and julianwiedmann committed Mar 30, 2023
1 parent fe958b5 commit ede154e
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions Documentation/operations/upgrade.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,13 @@ Annotations:
gateway nodes. Once the connectivity is restored, clients will need to
reconnect.

* In upgrades to Cilium v1.11.15 with IPSec enabled, the IPSec state is not refreshed, which causes dropped connections in
the cluster. As such, we recommend staying at v1.11.14. This issue can be mitigated by
either replacing workload nodes in the cluster (to get a fresh IPSec state) or by
flushing the current state by running the following command on each node:
``ip xfrm state flush``.


Removed Metrics/Labels
~~~~~~~~~~~~~~~~~~~~~~

Expand Down

0 comments on commit ede154e

Please sign in to comment.