From f03045f0dc8a49ef20284a7f8e076fbbd26a466c Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sat, 24 Jul 2021 10:32:29 -0700
Subject: [PATCH] Update Cilium for cgroups v2 support

* On Fedora CoreOS, Cilium cross-node service IP load balancing
stopped working for a time (first observable as CoreDNS pods
located on worker nodes not being able to reach the kubernetes
API service 10.3.0.1). This turned out to have two parts:
* Fedora CoreOS switched to cgroups v2 by default. In our early
testing with cgroups v2, Calico (default) was used. With the
cgroups v2 change, SELinux policy denied some eBPF operations.
Since fixed in all Fedora CoreOS channels
* Cilium requires new mounts to support cgroups v2, which are
added here

* https://github.com/coreos/fedora-coreos-tracker/issues/292
* https://github.com/coreos/fedora-coreos-tracker/issues/881
* https://github.com/cilium/cilium/pull/16259
---
 CHANGES.md                                          | 8 ++++++--
 aws/fedora-coreos/kubernetes/bootstrap.tf           | 2 +-
 aws/flatcar-linux/kubernetes/bootstrap.tf           | 2 +-
 azure/fedora-coreos/kubernetes/bootstrap.tf         | 2 +-
 azure/flatcar-linux/kubernetes/bootstrap.tf         | 2 +-
 bare-metal/fedora-coreos/kubernetes/bootstrap.tf    | 2 +-
 bare-metal/flatcar-linux/kubernetes/bootstrap.tf    | 2 +-
 digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +-
 digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +-
 google-cloud/fedora-coreos/kubernetes/bootstrap.tf  | 2 +-
 google-cloud/flatcar-linux/kubernetes/bootstrap.tf  | 2 +-
 11 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 5f1590b3..c91f4f9f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -4,9 +4,9 @@ Notable changes between versions.
 
 ## Latest
 
-
 ### Fedora CoreOS
 
+* Add Cilium cgroups v2 support on Fedora CoreOS
 * Update Butane Config version from v1.2.0 to v1.4.0
   * Rename Fedora CoreOS Config to Butane Config
   * Require any [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customizations to update to v1.4.0
@@ -27,6 +27,10 @@ Notable changes between versions.
 * Update node-exporter from v1.1.2 to [v1.2.0](https://github.com/prometheus/node_exporter/releases/tag/v1.2.0)
 * Update Grafana from v8.0.3 to [v8.0.6](https://github.com/grafana/grafana/releases/tag/v8.0.6)
 
+### Known Issues
+
+* Cilium with recent Fedora CoreOS will have networking issues ([fedora-coreos#881](https://github.com/coreos/fedora-coreos-tracker/issues/881)) (fixed in v1.21.4)
+
 ## v1.21.2
 
 * Kubernetes [v1.21.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#v1212)
@@ -60,7 +64,7 @@ Notable changes between versions.
 
 ### Known Issues
 
-* Cilium with recent Fedora CoreOS will have networking issues ([fedora-coreos#881](https://github.com/coreos/fedora-coreos-tracker/issues/881))
+* Cilium with recent Fedora CoreOS will have networking issues ([fedora-coreos#881](https://github.com/coreos/fedora-coreos-tracker/issues/881)) (fixed in v1.21.4)
 
 ## v1.21.1
 
diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf
index 2b9d6c60..15150206 100644
--- a/aws/fedora-coreos/kubernetes/bootstrap.tf
+++ b/aws/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf
index 8b7f2ff4..469139a2 100644
--- a/aws/flatcar-linux/kubernetes/bootstrap.tf
+++ b/aws/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf
index f35ac508..ab28be90 100644
--- a/azure/fedora-coreos/kubernetes/bootstrap.tf
+++ b/azure/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf
index a6d601f0..b16827a3 100644
--- a/azure/flatcar-linux/kubernetes/bootstrap.tf
+++ b/azure/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf
index 0f4be9fc..0075bfce 100644
--- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf
+++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name                    = var.cluster_name
   api_servers                     = [var.k8s_domain_name]
diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf
index f416193a..d1dcf208 100644
--- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf
+++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name                    = var.cluster_name
   api_servers                     = [var.k8s_domain_name]
diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
index a19799df..ba4f7dbd 100644
--- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
+++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf
index 125cb0d4..8a30a7b6 100644
--- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf
+++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name = var.cluster_name
   api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf
index c84b28c8..a61da98d 100644
--- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf
+++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]
diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf
index fe379001..0afdb346 100644
--- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf
+++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5746f9c221fb779def042c81ea827fed1b844f1d"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5c0bebc1e763a9aa257748997fffd3681318e42d"
 
   cluster_name          = var.cluster_name
   api_servers           = [format("%s.%s", var.cluster_name, var.dns_zone)]