Revision 1c0c8f89cd9ab5849d46a56ffcf8e6bc0d52855c authored by Daniel Borkmann on 15 August 2019, 12:24:31 UTC, committed by Ian Vernon on 19 August 2019, 17:55:18 UTC
[ upstream commit cc01f5294ab4128c657518158e16423d962ed9b6 ] tc qdisc del/add combination and same with tc filters is very suboptimal as it leads to short traffic interruptions when restarting the daemon while filter replace can be done atomically. Rework the init script such that the latter can be used for BPF program management. Reported-by: Jaff Cheng and Arthur Chiao via Slack Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
1 parent a46e73e
Dockerfile
#
# cilium-envoy from github.com/cilium/proxy
#
FROM quay.io/cilium/cilium-envoy:4922a4bb7f6a76eb8bbbae9afa38564633aee263 as cilium-envoy
#
# Cilium incremental build. Should be fast given builder-deps is up-to-date!
#
# cilium-builder tag is the date on which the compatible build image
# was pushed. If a new version of the build image is needed, it needs
# to be tagged with a new date and this file must be changed
# accordingly. Keeping the old images available will allow older
# versions to be built while allowing the new versions to make changes
# that are not backwards compatible.
#
FROM quay.io/cilium/cilium-builder:2019-08-13 as builder
LABEL maintainer="maintainer@cilium.io"
WORKDIR /go/src/github.com/cilium/cilium
COPY . ./
ARG LOCKDEBUG
ARG V
ARG LIBNETWORK_PLUGIN
#
# Please do not add any dependency updates before the 'make install' here,
# as that will mess with caching for incremental builds!
#
RUN make LOCKDEBUG=$LOCKDEBUG PKG_BUILD=1 V=$V LIBNETWORK_PLUGIN=$LIBNETWORK_PLUGIN \
SKIP_DOCS=true DESTDIR=/tmp/install clean-container build-container install-container
#
# Cilium runtime install.
#
# cilium-runtime tag is a date on which the compatible runtime base
# was pushed. If a new version of the runtime is needed, it needs to
# be tagged with a new date and this file must be changed accordingly.
# Keeping the old runtimes available will allow older versions to be
# built while allowing the new versions to make changes that are not
# backwards compatible.
#
FROM quay.io/cilium/cilium-runtime:2019-08-13
LABEL maintainer="maintainer@cilium.io"
COPY --from=builder /tmp/install /
COPY --from=cilium-envoy / /
COPY plugins/cilium-cni/cni-install.sh /cni-install.sh
COPY plugins/cilium-cni/cni-uninstall.sh /cni-uninstall.sh
COPY contrib/packaging/docker/init-container.sh /init-container.sh
WORKDIR /root
RUN groupadd -f cilium \
&& echo ". /etc/profile.d/bash_completion.sh" >> /root/.bashrc \
&& cilium completion bash >> /root/.bashrc \
&& sysctl -w kernel.core_pattern=/tmp/core.%e.%p.%t
ENV INITSYSTEM="SYSTEMD"
CMD ["/usr/bin/cilium"]
Computing file changes ...
