docs: retain cilium autoMount pending upstream hostPath fix

Partial rollback of 76fa45a. The cilium helm chart requires an fix to handle the hostPath at /sys/fs/bpf when bpf.autoMount.enabled=false. The earlier commit disabled bpf automount, removing the init container's mount. Helm missed adding the hostPath, and neither /sys nor /sys/fs got added. This made cilium wrongly mount /sys/fs/bpf. Fixes error message at: #7565 (comment) Signed-off-by: Nico Berlee <[email protected]> Signed-off-by: Noel Georgi <[email protected]>
siderolabs · Aug 10, 2023 · bc198e9 · bc198e9
1 parent 86c94ef
commit bc198e9
Showing 1 changed file with 0 additions and 5 deletions.
diff --git a/website/content/v1.5/kubernetes-guides/network/deploying-cilium.md b/website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
@@ -90,7 +90,6 @@ cilium install \
     --helm-set=kubeProxyReplacement=strict \
     --helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --helm-set=bpf.autoMount.enabled=false \
     --helm-set=cgroup.autoMount.enabled=false \
     --helm-set=cgroup.hostRoot=/sys/fs/cgroup \
     --helm-set=k8sServiceHost=localhost \
@@ -126,7 +125,6 @@ helm install \
     --set=kubeProxyReplacement=disabled \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup
 ```
@@ -143,7 +141,6 @@ helm install \
     --set=kubeProxyReplacement=strict \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup \
     --set=k8sServiceHost=localhost \
@@ -166,7 +163,6 @@ helm template \
     --set=kubeProxyReplacement=disabled \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup > cilium.yaml
 
@@ -188,7 +184,6 @@ helm template \
     --set=kubeProxyReplacement=strict \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup \
     --set=k8sServiceHost=localhost \