Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

felix: document new Felix configuration options #2546

Merged
merged 1 commit into from Apr 24, 2019

Conversation

Projects
None yet
4 participants
@iaguis
Copy link
Contributor

commented Apr 11, 2019

Description

Also, modify calico-node's manifest to mount bpffs.

Todos

  • Tests
  • Documentation
  • Release note

Release Note

None required

@iaguis iaguis requested a review from projectcalico/core-maintainers as a code owner Apr 11, 2019

@CLAassistant

This comment has been minimized.

Copy link

commented Apr 11, 2019

CLA assistant check
All committers have signed the CLA.

@caseydavenport

This comment has been minimized.

Copy link
Member

commented Apr 11, 2019

Deploy preview for calico ready!

Built with commit fc4bb08

https://deploy-preview-2546--calico.netlify.com

@iaguis iaguis force-pushed the kinvolk:kinvolk/fast-blacklist branch 2 times, most recently from b4ca49a to 7c1bef8 Apr 11, 2019

@fasaxc
Copy link
Member

left a comment

One question; also note that there's the FelixConfiguration reference doc as well.

@@ -494,6 +496,9 @@ spec:
type: DirectoryOrCreate
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds
{{- end }}
- name: bpffs

This comment has been minimized.

Copy link
@fasaxc

fasaxc Apr 18, 2019

Member

What happens if BPF isn't enabled? Will this folder exist?

This comment has been minimized.

Copy link
@iaguis

iaguis Apr 18, 2019

Author Contributor

If BPF is not enabled in the kernel (CONFIG_BPF_SYSCALL=n) or if it is but the kernel is older than 4.4 (without support for BPFfs), the directory won't exist so I guess this would fail. Also, using type: DirectoryOrCreate is not possible because creating directories in /sys/fs is not allowed.

If it is enabled but BPFfs is not mounted we're fine because we'll mount it ourselves in Felix. One drawback is that the mount won't be propagated to the host so if Felix is restarted it will have to mount it and populate it again.

I think that to make sure we stay compatible with old kernels or kernels with BPF disabled we can't add this volume, which means Felix will repopulate it when we restart it, which is less efficient but shouldn't be a big deal.

@iaguis iaguis force-pushed the kinvolk:kinvolk/fast-blacklist branch from 7c1bef8 to fc4bb08 Apr 18, 2019

@iaguis

This comment has been minimized.

Copy link
Contributor Author

commented Apr 18, 2019

I've removed mounting /sys/fs/bpf as per the comment above, rebased, and added docs to FelixConfiguration.

@caseydavenport caseydavenport referenced this pull request Apr 18, 2019

Merged

Add new Felix configuration parameters #1068

0 of 3 tasks complete

@caseydavenport caseydavenport added this to the Calico v3.7.0 milestone Apr 18, 2019

@fasaxc

fasaxc approved these changes Apr 24, 2019

@fasaxc fasaxc merged commit 4089455 into projectcalico:master Apr 24, 2019

2 checks passed

license/cla Contributor License Agreement is signed.
Details
semaphoreci The build passed on Semaphore.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.