search

siderolabs / talos

Talos Linux is a modern Linux distribution built for Kubernetes.
https://www.talos.dev
Mozilla Public License 2.0
6.73k stars 537 forks source link

Docs - Method 5 of deploying Cilium CNI is outdated #9494

Open SystemZ opened 2 weeks ago

SystemZ commented 2 weeks ago

Bug Report

Description

I tried deploying Cilium with "Method 5" but I got 3 problems, each probably related to Cilium CLI changes.

First, in cilium-install pod there was an error unknown flag: --set ipam.mode.
After debugging, I fixed it with replacing it from like this

- --set ipam.mode=kubernetes

to this

- --set
- ipam.mode=kubernetes

Next problems with cilium-install still was involving syntax errors. This time it was about not accepting ,. I escaped each one with \ and it was fixed too.

When cilium-install pod started working correctly and deploying other pods, I got error from cilium-agent pod:

unable to set memory resource limits" error="failed to set memlock rlimit: operation not permitted" subsys=daemon

Thanks to issues https://github.com/siderolabs/talos/issues/5948 https://github.com/cilium/cilium/issues/17883 I fixed it with adding another argument

- --set
- securityContext.privileged=true

and then it magically worked 🪄

Environment

talosctl version --nodes REDACTED_IP
Client:
        Tag:         v1.8.0
        SHA:         5cc935f7
        Built:
        Go version:  go1.22.7
        OS/Arch:     darwin/arm64
Server:
        NODE:        REDACTED_IP
        Tag:         v1.8.1
        SHA:         477752fe
        Built:
        Go version:  go1.22.8
        OS/Arch:     linux/amd64
        Enabled:     RBAC
Blarc commented 4 days ago

I also get this error in my cilium pods:

unable to set memory resource limits" error="failed to set memlock rlimit: operation not permitted" subsys=daemon