kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add option for Calico to cleanup kube-proxy rules when running in eBPF mode

This commit is contained in:
Ciprian Hacman 2020-10-27 07:28:27 +02:00
parent 2fe6ee4b37
commit 7b9a073da9
5 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
k8s/crds/kops.k8s.io_clusters.yaml
View File

@ -2144,6 +2144,9 @@ spec:
bpfExternalServiceMode: bpfExternalServiceMode:
description: 'BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again. In DSR mode, traffic is tunneled to the host with the backing pod and then returned directly; this requires a network that allows direct return. Default: Tunnel (other options: DSR)' description: 'BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again. In DSR mode, traffic is tunneled to the host with the backing pod and then returned directly; this requires a network that allows direct return. Default: Tunnel (other options: DSR)'
type: string type: string
bpfKubeProxyIptablesCleanupEnabled:
description: BPFKubeProxyIptablesCleanupEnabled controls whether Felix will clean up the iptables rules created by the Kubernetes kube-proxy; should only be enabled if kube-proxy is not running.
type: boolean
bpfLogLevel: bpfLogLevel:
description: 'BPFLogLevel controls the log level used by the BPF programs. The logs are emitted to the BPF trace pipe, accessible with the command tc exec BPF debug. Default: Off (other options: Info, Debug)' description: 'BPFLogLevel controls the log level used by the BPF programs. The logs are emitted to the BPF trace pipe, accessible with the command tc exec BPF debug. Default: Off (other options: Info, Debug)'
type: string type: string

3
pkg/apis/kops/networking.go
View File

@ -108,6 +108,9 @@ type CalicoNetworkingSpec struct {
// this requires a network that allows direct return. // this requires a network that allows direct return.
// Default: Tunnel (other options: DSR) // Default: Tunnel (other options: DSR)
BPFExternalServiceMode string `json:"bpfExternalServiceMode,omitempty"` BPFExternalServiceMode string `json:"bpfExternalServiceMode,omitempty"`
// BPFKubeProxyIptablesCleanupEnabled controls whether Felix will clean up the iptables rules
// created by the Kubernetes kube-proxy; should only be enabled if kube-proxy is not running.
BPFKubeProxyIptablesCleanupEnabled bool `json:"bpfKubeProxyIptablesCleanupEnabled,omitempty"`
// BPFLogLevel controls the log level used by the BPF programs. The logs are emitted // BPFLogLevel controls the log level used by the BPF programs. The logs are emitted
// to the BPF trace pipe, accessible with the command tc exec BPF debug. // to the BPF trace pipe, accessible with the command tc exec BPF debug.
// Default: Off (other options: Info, Debug) // Default: Off (other options: Info, Debug)

3
pkg/apis/kops/v1alpha2/networking.go
View File

@ -108,6 +108,9 @@ type CalicoNetworkingSpec struct {
// this requires a network that allows direct return. // this requires a network that allows direct return.
// Default: Tunnel (other options: DSR) // Default: Tunnel (other options: DSR)
BPFExternalServiceMode string `json:"bpfExternalServiceMode,omitempty"` BPFExternalServiceMode string `json:"bpfExternalServiceMode,omitempty"`
// BPFKubeProxyIptablesCleanupEnabled controls whether Felix will clean up the iptables rules
// created by the Kubernetes kube-proxy; should only be enabled if kube-proxy is not running.
BPFKubeProxyIptablesCleanupEnabled bool `json:"bpfKubeProxyIptablesCleanupEnabled,omitempty"`
// BPFLogLevel controls the log level used by the BPF programs. The logs are emitted // BPFLogLevel controls the log level used by the BPF programs. The logs are emitted
// to the BPF trace pipe, accessible with the command tc exec BPF debug. // to the BPF trace pipe, accessible with the command tc exec BPF debug.
// Default: Off (other options: Info, Debug) // Default: Off (other options: Info, Debug)

2
pkg/apis/kops/v1alpha2/zz_generated.conversion.go
View File

@ -1327,6 +1327,7 @@ func Convert_kops_CNINetworkingSpec_To_v1alpha2_CNINetworkingSpec(in *kops.CNINe
func autoConvert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *CalicoNetworkingSpec, out *kops.CalicoNetworkingSpec, s conversion.Scope) error { func autoConvert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *CalicoNetworkingSpec, out *kops.CalicoNetworkingSpec, s conversion.Scope) error {
out.BPFEnabled = in.BPFEnabled out.BPFEnabled = in.BPFEnabled
out.BPFExternalServiceMode = in.BPFExternalServiceMode out.BPFExternalServiceMode = in.BPFExternalServiceMode
out.BPFKubeProxyIptablesCleanupEnabled = in.BPFKubeProxyIptablesCleanupEnabled
out.BPFLogLevel = in.BPFLogLevel out.BPFLogLevel = in.BPFLogLevel
out.ChainInsertMode = in.ChainInsertMode out.ChainInsertMode = in.ChainInsertMode
out.CPURequest = in.CPURequest out.CPURequest = in.CPURequest
@ -1358,6 +1359,7 @@ func Convert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *Cali
func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha2_CalicoNetworkingSpec(in *kops.CalicoNetworkingSpec, out *CalicoNetworkingSpec, s conversion.Scope) error { func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha2_CalicoNetworkingSpec(in *kops.CalicoNetworkingSpec, out *CalicoNetworkingSpec, s conversion.Scope) error {
out.BPFEnabled = in.BPFEnabled out.BPFEnabled = in.BPFEnabled
out.BPFExternalServiceMode = in.BPFExternalServiceMode out.BPFExternalServiceMode = in.BPFExternalServiceMode
out.BPFKubeProxyIptablesCleanupEnabled = in.BPFKubeProxyIptablesCleanupEnabled
out.BPFLogLevel = in.BPFLogLevel out.BPFLogLevel = in.BPFLogLevel
out.ChainInsertMode = in.ChainInsertMode out.ChainInsertMode = in.ChainInsertMode
out.CPURequest = in.CPURequest out.CPURequest = in.CPURequest

3
upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
View File

@ -3939,6 +3939,9 @@ spec:
# Controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled # Controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled
- name: FELIX_BPFEXTERNALSERVICEMODE - name: FELIX_BPFEXTERNALSERVICEMODE
value: "{{- or .Networking.Calico.BPFExternalServiceMode "Tunnel" }}" value: "{{- or .Networking.Calico.BPFExternalServiceMode "Tunnel" }}"
# Controls whether Felix will clean up the iptables rules created by the Kubernetes kube-proxy
- name: FELIX_BPFKUBEPROXYIPTABLESCLEANUPENABLED
value: "{{- .Networking.Calico.BPFKubeProxyIptablesCleanupEnabled }}"
# Controls the log level used by the BPF programs # Controls the log level used by the BPF programs
- name: FELIX_BPFLOGLEVEL - name: FELIX_BPFLOGLEVEL
value: "{{- or .Networking.Calico.BPFLogLevel "Off" }}" value: "{{- or .Networking.Calico.BPFLogLevel "Off" }}"