search

kumahq / kuma-website

🐻 The official website for Kuma, the control plane for modern service connectivity.
https://kuma.io
Apache License 2.0
104 stars 87 forks source link

CNI conflist file not present on new AKS node image #1813

Open fozturner opened 3 weeks ago

fozturner commented 3 weeks ago

What happened?

We are running Kuma version 2.6.1 on AKS version 1.27.9 with CNI enabled.

CNI configuration for AKS documented here states that we should use the below configuration.

cni:
  enabled: true 
  chained: true
  netDir: /etc/cni/net.d
  binDir: /opt/cni/bin
  confName: 10-azure.conflist

This has been working fine for months, but we recently had to update the node image version for our AKS cluster.

The most recent node image for AKS (AzureLinux) AKSCBLMariner-V2gen2-202405.27.0 appears to no longer contain the conflist file 10-azure.conflist. This means that the kuma-cni-node pods will not start as the file is not present.

We raised this issue on the AKS github Azure/AKS/issues/4349 - please see the comments.

There is no guarantee/contract that AKS will support CNI chaining, and that the "AzCNI conflist may vary between AKS versions, base images, and AKS network modes". The 10-azure.conflist file missing from the node does not impact the AKS networking.

We are raising this as we are seeking your advice on what we should do next and how we should approach running Kuma CNI on our AKS cluster without the 10-azure.conflist file present.

fozturner commented 2 weeks ago

For additional context, there is an 15-azure-swift.conflist file on the new node image. If I try and use this file then it sends my pods into a CrashLoopBackOff.

slonka commented 1 week ago

Triage: check how other CNIs integrate with azure and if they do this properly with 15-azure-swift.conflist