Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WiP] Update docs and manifests for adding iptables lock support to Felix #902

Closed
wants to merge 4 commits into from
Closed

[WiP] Update docs and manifests for adding iptables lock support to Felix #902

wants to merge 4 commits into from

Conversation

fasaxc
Copy link
Member

@fasaxc fasaxc commented Jul 11, 2017
edited
Loading

Description

Felix now supports (projectcalico/felix#1491) taking the iptables lock when doing iptables operations. This prevents it from conflicting with, for example, kube-proxy, which also takes the lock.

This PR:

  • Updates the config docs to document the new config options introduced in Felix
  • Modifies the manifests to mount in /run, which is where the iptables lockfile lives. Sadly, we can't map in a narrower directory or just the file because the file may not exist and, if it doesn't, docker maps in an empty directory instead.

Todos

  • Test manifests
  • Update Felix pin
  • Documentation

Release Note

Felix now (optionally) acquires the iptables lock while manipulating iptables.  This prevents conflicts with other applications, such as kube-proxy (as long as they also honor the lock).  Upgrade note: to be effective if Felix is running in a container, this feature requires the directory containing the iptables lock file, `/run`, to be mounted into the container.

@fasaxc fasaxc self-assigned this Jul 11, 2017
@caseydavenport caseydavenport added this to the Calico v2.4.0 milestone Jul 11, 2017
@fasaxc fasaxc force-pushed the iptables-lock-config branch from 497aafe to 3d82f2d Compare July 13, 2017 12:23
@fasaxc fasaxc force-pushed the iptables-lock-config branch from 3d82f2d to c9f576b Compare July 14, 2017 14:33
@caseydavenport
Copy link
Member

@fasaxc WDYT re: release notes for this guy? It should probably have one.

@fasaxc
Copy link
Member Author

fasaxc commented Jul 17, 2017

@caseydavenport Yeah, I'd done it on the felix PR. Moving it here.

@fasaxc fasaxc mentioned this pull request Jul 18, 2017
Merged
3 tasks
@fasaxc fasaxc added the release-note-required Change has user-facing impact (no matter how small) label Jul 18, 2017
@fasaxc fasaxc mentioned this pull request Jul 20, 2017
Merged
3 tasks
@fasaxc
Copy link
Member Author

fasaxc commented Jul 20, 2017

Closing in favour of #935

@fasaxc fasaxc closed this Jul 20, 2017
@caseydavenport caseydavenport removed the release-note-required Change has user-facing impact (no matter how small) label Jul 25, 2017
caseydavenport pushed a commit that referenced this pull request Dec 14, 2021
@marvin-tigera
Merge pull request #902 from projectcalico/semaphore-auto-pin-updates…
e6f8fc4 
…-master

[master] Semaphore Auto Pin Update
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@fasaxc fasaxc

Labels
None yet
Projects
None yet
Milestone
Calico v2.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@fasaxc @caseydavenport