From 55e30d299ce80800330a2a5439a690f399856333 Mon Sep 17 00:00:00 2001 From: ialidzhikov Date: Fri, 19 Aug 2022 13:08:43 +0300 Subject: [PATCH] Clean up the `kube-proxy-clean-up` init container --- charts/images.yaml | 8 ------- .../charts/agent/templates/daemonset.yaml | 22 +------------------ .../internal/cilium/charts/agent/values.yaml | 3 --- charts/internal/cilium/values.yaml | 2 -- pkg/charts/utils.go | 1 - pkg/cilium/types.go | 3 --- pkg/imagevector/image_finders.go | 5 ----- 7 files changed, 1 insertion(+), 43 deletions(-) diff --git a/charts/images.yaml b/charts/images.yaml index c943e944b..97388226f 100644 --- a/charts/images.yaml +++ b/charts/images.yaml @@ -35,11 +35,3 @@ images: sourceRepository: github.com/cilium/certgen repository: quay.io/cilium/certgen tag: v0.1.8 - - name: kube-proxy - sourceRepository: github.com/kubernetes/kubernetes - repository: k8s.gcr.io/hyperkube - targetVersion: "< 1.17" - - name: kube-proxy - sourceRepository: github.com/kubernetes/kubernetes - repository: k8s.gcr.io/kube-proxy - targetVersion: ">= 1.17" diff --git a/charts/internal/cilium/charts/agent/templates/daemonset.yaml b/charts/internal/cilium/charts/agent/templates/daemonset.yaml index 7af1d2420..7bb4824ac 100644 --- a/charts/internal/cilium/charts/agent/templates/daemonset.yaml +++ b/charts/internal/cilium/charts/agent/templates/daemonset.yaml @@ -488,11 +488,10 @@ spec: {{- toYaml .Values.initResources | trim | nindent 10 }} {{- if eq .Values.global.kubeProxyReplacement "strict" }} # Clean up kube-proxy iptable rules in case cilium is running as kube-proxy replacement -{{- if not (eq .Values.kubeProxyCleanup "kube-proxy") }} - command: - bash - -c - # Recommended way to clean up according to cilium docs (https://docs.cilium.io/en/latest/gettingstarted/kubeproxy-free/) + # Recommended way to clean up according to cilium docs (https://docs.cilium.io/en/v1.12/gettingstarted/kubeproxy-free/) #- "iptables-restore <(iptables-save | grep -v KUBE)" # Unfortunately, the above is not directly working due to etc/alternatives issue with cilium container image # Therefore, we use the equivalent below, which adds also log output @@ -505,25 +504,6 @@ spec: add: - NET_ADMIN privileged: true -{{- else }} - - command: - {{- if semverCompare "< 1.17" .Capabilities.KubeVersion.GitVersion }} - - /hyperkube - - kube-proxy - {{- else }} - - /usr/local/bin/kube-proxy - {{- end }} - - --cleanup - - --v=2 - image: {{ index .Values.global.images "kube-proxy" }} - imagePullPolicy: {{ .Values.global.pullPolicy }} - name: kube-proxy-clean-up - securityContext: - capabilities: - add: - - NET_ADMIN - privileged: true -{{- end }} {{- end }} restartPolicy: Always {{- if and (eq .Release.Namespace "kube-system") (or (gt .Capabilities.KubeVersion.Minor "10") (gt .Capabilities.KubeVersion.Major "1"))}} diff --git a/charts/internal/cilium/charts/agent/values.yaml b/charts/internal/cilium/charts/agent/values.yaml index 2f03b2152..39460035a 100644 --- a/charts/internal/cilium/charts/agent/values.yaml +++ b/charts/internal/cilium/charts/agent/values.yaml @@ -21,6 +21,3 @@ initResources: requests: cpu: "100m" memory: "100Mi" - -# Specifies whether to use the approach documented by cilium or kube-proxy to cleanup the iptables from kube-proxy -kubeProxyCleanup: cilium-documentation diff --git a/charts/internal/cilium/values.yaml b/charts/internal/cilium/values.yaml index a8b1bb1b6..b46beea8f 100644 --- a/charts/internal/cilium/values.yaml +++ b/charts/internal/cilium/values.yaml @@ -491,5 +491,3 @@ global: hubble-ui: "image-repository:image-tag" hubble-ui-backend: "image-repository:image-tag" certgen: "image-repository:image-tag" - - kube-proxy: "image-repository:image-tag" diff --git a/pkg/charts/utils.go b/pkg/charts/utils.go index 7c0d00b3d..97556a23b 100644 --- a/pkg/charts/utils.go +++ b/pkg/charts/utils.go @@ -135,7 +135,6 @@ func generateChartValues(config *ciliumv1alpha1.NetworkConfig, network *extensio // Also need to configure KubeProxy if cluster.Shoot.Spec.Kubernetes.KubeProxy != nil && cluster.Shoot.Spec.Kubernetes.KubeProxy.Enabled != nil && !*cluster.Shoot.Spec.Kubernetes.KubeProxy.Enabled { globalConfig.KubeProxyReplacement = ciliumv1alpha1.Strict - globalConfig.Images[cilium.KubeProxyImageName] = imagevector.CiliumKubeProxyImage(cluster.Shoot.Spec.Kubernetes.Version) if config != nil && config.KubeProxy != nil && config.KubeProxy.ServiceHost != nil && config.KubeProxy.ServicePort != nil { globalConfig.K8sServiceHost = *config.KubeProxy.ServiceHost diff --git a/pkg/cilium/types.go b/pkg/cilium/types.go index 23e144f86..0954f301c 100644 --- a/pkg/cilium/types.go +++ b/pkg/cilium/types.go @@ -41,9 +41,6 @@ const ( // CertGenImageName defines certificate generation image name. CertGenImageName = "certgen" - // KubeProxyImageName defines the kube-proxy image name. - KubeProxyImageName = "kube-proxy" - // MonitoringChartName MonitoringName = "cilium-monitoring-config" diff --git a/pkg/imagevector/image_finders.go b/pkg/imagevector/image_finders.go index 7512a24e3..cad0153f8 100644 --- a/pkg/imagevector/image_finders.go +++ b/pkg/imagevector/image_finders.go @@ -56,8 +56,3 @@ func CiliumHubbleUIBackendImage() string { func CiliumCertGenImage() string { return findImage(cilium.CertGenImageName) } - -// CiliumKubeProxyImage returns the kube-proxy image. -func CiliumKubeProxyImage(kubernetesVersion string) string { - return findImage(cilium.KubeProxyImageName, imagevector.RuntimeVersion(kubernetesVersion), imagevector.TargetVersion(kubernetesVersion)) -}