Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cilium deprecated values for kube-proxy-replacement now refused by daemonset/cilium #11417

Open
ledroide opened this issue Aug 5, 2024 · 2 comments
Open

Cilium deprecated values for kube-proxy-replacement now refused by daemonset/cilium #11417

ledroide opened this issue Aug 5, 2024 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@ledroide
Copy link
Contributor

ledroide commented Aug 5, 2024
edited
Loading

summary

Cilium v1.16 fails to start in CrashLoopBackOff with this log :

level=fatal msg="failed to start: daemon creation failed: unable to initialize kube-proxy replacement options: Invalid value for --kube-proxy-replacement: partial\nfailed to stop: unable to find controller ipcache-inject-labels" subsys=daemon

This is due to settings values that have been deprecated since january 2023 in agent: Deprecate --kube-proxy-replacement=partial and agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead, and not supported anymore since march 2024 for v1.16.0.

Quote :

Users will have enough time to update their tools. We will completely remove the options in v1.16.

From cilum release notes :

cleanup: Remove deprecated values for KPR (#31286, @sayboras)

environment

  • Kubespray version (commit): 343d680
  • Network plugin: cilium
  • Container runtime and engine: cri-o + crun
  • OS: Ubuntu Cloud 24.04 Minimal
  • Ansible: 2.16.9
  • Python: 3.12.3
  • Playbook: cluster.yml

what should be updated

  • value for cilium_kube_proxy_replacement: strict is changed with cilium_kube_proxy_replacement: true
  • value for cilium_kube_proxy_replacement: partial and disabled are both changed with cilium_kube_proxy_replacement: false
  • docs/CNI/cilium.md -> "Kube-proxy replacement with Cilium" paragraph
  • roles/network_plugin/cilium/templates/cilium/config.yml.j2 -> where value should be quoted to be a string, if I well understand the cilium code
  • roles/network_plugin/cilium/templates/cilium/ds.yml.j2 ->with conditionals
  • roles/kubespray-defaults/defaults/main/main.yml -> with conditionals
  • roles/network_plugin/cilium/templates/cilium-operator/deploy.yml.j2 -> with conditionals
  • roles/network_plugin/cilium/defaults/main.yml -> set default value to false
  • tests/files/packet_rockylinux9-cilium.yml and tests/files/packet_debian12-cilium-svc-proxy.yml
  • inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml

I will try to fix it, and then if it succeeds I will sent a pull-request.
@ledroide ledroide added the kind/bug Categorizes issue or PR as related to a bug. label Aug 5, 2024
@ledroide
Copy link
Contributor Author

ledroide commented Aug 5, 2024

Thinking of breaking changes .... this will be a breaking change anyway for users that have set a value for cilium_kube_proxy_replacement in their inventory. I'm afraid there is no solution for them.

Other issue can be in replacing 3 old options disabled/partial/strict with only a boolean choice. I have no idea how to manage this.

@tico88612
Copy link
Member

We can just remind users about breaking change in the release note.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tico88612 @ledroide