Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-04-28 22:29:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cilium" Tue Apr 28 22:29:20 2020 rev:24 rq:797590 version:1.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cilium/cilium.changes 2020-03-11 18:34:55.126993370 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.2738/cilium.changes 2020-04-28 22:29:22.869419119 +0200 @@ -1,0 +2,9 @@ +Sat Apr 25 03:57:30 UTC 2020 - Swaminathan Vasudevan <[email protected]> + +- Adds a couple of patches that fixes bpf load error (bsc#1151876) + * 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch(combined) + * 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch + * 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch + * 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch + +------------------------------------------------------------------- New: ---- 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cilium.spec ++++++ --- /var/tmp/diff_new_pack.lKL9yT/_old 2020-04-28 22:29:25.765424523 +0200 +++ /var/tmp/diff_new_pack.lKL9yT/_new 2020-04-28 22:29:25.769424530 +0200 @@ -54,6 +54,14 @@ # TODO(mrostecki): Submit it upstream after we confirm that our images work 100% # fine, also on aarch64. Patch3: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch +# PATCH-FIX-UPSTREAM 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch +Patch5: 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch +# PATCH-FIX-UPSTREAM 0006-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch +Patch6: 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch +# PATCH-FIX-UPSTREAM 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch +Patch7: 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch +# PATCH-FIX-UPSTREAM 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch +Patch8: 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch # Cilium needs to be aware of the version string of cilium-proxy BuildRequires: cilium-proxy BuildRequires: clang ++++++ 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch ++++++ diff -crB --new-file cilium-1.7.0-backup/daemon/daemon.go cilium-1.7.0-policymapentry-new/daemon/daemon.go *** cilium-1.7.0-backup/daemon/daemon.go 2020-02-18 14:32:45.000000000 -0800 --- cilium-1.7.0-policymapentry-new/daemon/daemon.go 2020-04-24 10:52:21.067469765 -0700 *************** *** 273,279 **** ctmap.InitMapInfo(option.Config.CTMapEntriesGlobalTCP, option.Config.CTMapEntriesGlobalAny, option.Config.EnableIPv4, option.Config.EnableIPv6, ) ! policymap.InitMapInfo(option.Config.PolicyMapMaxEntries) if option.Config.DryMode == false { if err := bpf.ConfigureResourceLimits(); err != nil { --- 273,279 ---- ctmap.InitMapInfo(option.Config.CTMapEntriesGlobalTCP, option.Config.CTMapEntriesGlobalAny, option.Config.EnableIPv4, option.Config.EnableIPv6, ) ! policymap.InitMapInfo(option.Config.PolicyMapEntries) if option.Config.DryMode == false { if err := bpf.ConfigureResourceLimits(); err != nil { diff -crB --new-file cilium-1.7.0-backup/pkg/option/config.go cilium-1.7.0-policymapentry-new/pkg/option/config.go *** cilium-1.7.0-backup/pkg/option/config.go 2020-04-23 21:08:27.747702955 -0700 --- cilium-1.7.0-policymapentry-new/pkg/option/config.go 2020-04-24 17:56:30.130187069 -0700 *************** *** 449,454 **** --- 449,460 ---- // LimitTableMax defines the maximum CT or NAT table limit LimitTableMax = 1 << 24 // 16Mi entries (~1GiB of entries per map) + // PolicyMapMin defines the minimum policy map limit. + PolicyMapMin = 1 << 8 + + // PolicyMapMax defines the minimum policy map limit. + PolicyMapMax = 1 << 16 + // NATMapEntriesGlobalName configures max entries for BPF NAT table NATMapEntriesGlobalName = "bpf-nat-global-max" *************** *** 971,979 **** // in the BPF NAT table NATMapEntriesGlobal int ! // PolicyMapMaxEntries is the maximum number of peer identities that an // endpoint may allow traffic to exchange traffic with. ! PolicyMapMaxEntries int // DisableCiliumEndpointCRD disables the use of CiliumEndpoint CRD DisableCiliumEndpointCRD bool --- 977,985 ---- // in the BPF NAT table NATMapEntriesGlobal int ! // PolicyMapEntries is the maximum number of peer identities that an // endpoint may allow traffic to exchange traffic with. ! PolicyMapEntries int // DisableCiliumEndpointCRD disables the use of CiliumEndpoint CRD DisableCiliumEndpointCRD bool *************** *** 1535,1549 **** } } ! policyMapMin := (1 << 8) ! policyMapMax := (1 << 16) ! if c.PolicyMapMaxEntries < policyMapMin { return fmt.Errorf("specified PolicyMap max entries %d must exceed minimum %d", ! c.PolicyMapMaxEntries, policyMapMin) } ! if c.PolicyMapMaxEntries > policyMapMax { return fmt.Errorf("specified PolicyMap max entries %d must not exceed maximum %d", ! c.PolicyMapMaxEntries, policyMapMax) } // Validate that the KVStore Lease TTL value lies between a particular range. if c.KVstoreLeaseTTL > defaults.KVstoreLeaseMaxTTL || c.KVstoreLeaseTTL < defaults.LockLeaseTTL { --- 1541,1553 ---- } } ! if c.PolicyMapEntries < PolicyMapMin { return fmt.Errorf("specified PolicyMap max entries %d must exceed minimum %d", ! c.PolicyMapEntries, PolicyMapMin) } ! if c.PolicyMapEntries > PolicyMapMax { return fmt.Errorf("specified PolicyMap max entries %d must not exceed maximum %d", ! c.PolicyMapEntries, PolicyMapMax) } // Validate that the KVStore Lease TTL value lies between a particular range. if c.KVstoreLeaseTTL > defaults.KVstoreLeaseMaxTTL || c.KVstoreLeaseTTL < defaults.LockLeaseTTL { *************** *** 1757,1763 **** c.NAT46Range = viper.GetString(NAT46Range) c.FlannelMasterDevice = viper.GetString(FlannelMasterDevice) c.FlannelUninstallOnExit = viper.GetBool(FlannelUninstallOnExit) ! c.PolicyMapMaxEntries = viper.GetInt(PolicyMapEntriesName) c.PProf = viper.GetBool(PProf) c.PreAllocateMaps = viper.GetBool(PreAllocateMapsName) c.PrependIptablesChains = viper.GetBool(PrependIptablesChainsName) --- 1761,1767 ---- c.NAT46Range = viper.GetString(NAT46Range) c.FlannelMasterDevice = viper.GetString(FlannelMasterDevice) c.FlannelUninstallOnExit = viper.GetBool(FlannelUninstallOnExit) ! c.PolicyMapEntries = viper.GetInt(PolicyMapEntriesName) c.PProf = viper.GetBool(PProf) c.PreAllocateMaps = viper.GetBool(PreAllocateMapsName) c.PrependIptablesChains = viper.GetBool(PrependIptablesChainsName) ++++++ 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch ++++++ diff -crB --new-file cilium-1.7.0-backup/install/kubernetes/cilium/charts/config/templates/configmap.yaml cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/charts/config/templates/configmap.yaml *** cilium-1.7.0-backup/install/kubernetes/cilium/charts/config/templates/configmap.yaml 2020-02-18 14:32:45.000000000 -0800 --- cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/charts/config/templates/configmap.yaml 2020-04-24 11:14:27.314444210 -0700 *************** *** 128,133 **** --- 128,137 ---- bpf-ct-global-tcp-max: "{{ .Values.global.bpf.ctTcpMax }}" bpf-ct-global-any-max: "{{ .Values.global.bpf.ctAnyMax }}" + # bpf-nat-global-max specified the maximum number of entries in the BPF NAT + # table. + bpf-nat-global-max: "{{ .Values.global.bpf.natMax }}" + # Pre-allocation of map entries allows per-packet latency to be reduced, at # the expense of up-front memory allocation for the entries in the maps. The # default value below will minimize memory usage in the default installation; diff -crB --new-file cilium-1.7.0-backup/install/kubernetes/cilium/values.yaml cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/values.yaml *** cilium-1.7.0-backup/install/kubernetes/cilium/values.yaml 2020-02-18 14:32:45.000000000 -0800 --- cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/values.yaml 2020-04-24 11:32:18.525522386 -0700 *************** *** 190,195 **** --- 190,198 ---- # tracking table ctAnyMax: 262144 + # natMax is the maximum number of entries for the NAT table + natMax: 841429 + # montiorAggregation is the level of aggregation for datapath trace events monitorAggregation: medium diff -crB --new-file cilium-1.7.0-backup/install/kubernetes/quick-install.yaml cilium-1.7.0-bpf-nat-global-max/install/kubernetes/quick-install.yaml *** cilium-1.7.0-backup/install/kubernetes/quick-install.yaml 2020-02-18 14:32:45.000000000 -0800 --- cilium-1.7.0-bpf-nat-global-max/install/kubernetes/quick-install.yaml 2020-04-24 11:32:26.197562807 -0700 *************** *** 61,66 **** --- 61,70 ---- bpf-ct-global-tcp-max: "524288" bpf-ct-global-any-max: "262144" + # bpf-nat-global-max specified the maximum number of entries in the BPF NAT + # table. + bpf-nat-global-max: "841429" + # Pre-allocation of map entries allows per-packet latency to be reduced, at # the expense of up-front memory allocation for the entries in the maps. The # default value below will minimize memory usage in the default installation; ++++++ 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch ++++++ diff -crB --new-file cilium-1.7.0-bpf-nat-global-max/Documentation/cmdref/cilium-agent.md cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/Documentation/cmdref/cilium-agent.md *** cilium-1.7.0-bpf-nat-global-max/Documentation/cmdref/cilium-agent.md 2020-04-23 21:08:27.747702955 -0700 --- cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/Documentation/cmdref/cilium-agent.md 2020-04-24 11:56:05.360606986 -0700 *************** *** 25,38 **** --blacklist-conflicting-routes Don't blacklist IP allocations conflicting with local non-cilium routes (default true) --bpf-compile-debug Enable debugging of the BPF compilation process --bpf-ct-global-any-max int Maximum number of entries in non-TCP CT table (default 262144) ! --bpf-ct-global-tcp-max int Maximum number of entries in TCP CT table (default 1000000) --bpf-ct-timeout-regular-any duration Timeout for entries in non-TCP CT table (default 1m0s) --bpf-ct-timeout-regular-tcp duration Timeout for established entries in TCP CT table (default 6h0m0s) --bpf-ct-timeout-regular-tcp-fin duration Teardown timeout for entries in TCP CT table (default 10s) --bpf-ct-timeout-regular-tcp-syn duration Establishment timeout for entries in TCP CT table (default 1m0s) --bpf-ct-timeout-service-any duration Timeout for service entries in non-TCP CT table (default 1m0s) --bpf-ct-timeout-service-tcp duration Timeout for established service entries in TCP CT table (default 6h0m0s) ! --bpf-nat-global-max int Maximum number of entries for the global BPF NAT table (default 841429) --bpf-policy-map-max int Maximum number of entries in endpoint policy map (per endpoint) (default 16384) --bpf-root string Path to BPF filesystem --certificates-directory string Root directory to find certificates specified in L7 TLS policy enforcement (default "/var/run/cilium/certs") --- 25,38 ---- --blacklist-conflicting-routes Don't blacklist IP allocations conflicting with local non-cilium routes (default true) --bpf-compile-debug Enable debugging of the BPF compilation process --bpf-ct-global-any-max int Maximum number of entries in non-TCP CT table (default 262144) ! --bpf-ct-global-tcp-max int Maximum number of entries in TCP CT table (default 524288) --bpf-ct-timeout-regular-any duration Timeout for entries in non-TCP CT table (default 1m0s) --bpf-ct-timeout-regular-tcp duration Timeout for established entries in TCP CT table (default 6h0m0s) --bpf-ct-timeout-regular-tcp-fin duration Teardown timeout for entries in TCP CT table (default 10s) --bpf-ct-timeout-regular-tcp-syn duration Establishment timeout for entries in TCP CT table (default 1m0s) --bpf-ct-timeout-service-any duration Timeout for service entries in non-TCP CT table (default 1m0s) --bpf-ct-timeout-service-tcp duration Timeout for established service entries in TCP CT table (default 6h0m0s) ! --bpf-nat-global-max int Maximum number of entries for the global BPF NAT table (default 524288) --bpf-policy-map-max int Maximum number of entries in endpoint policy map (per endpoint) (default 16384) --bpf-root string Path to BPF filesystem --certificates-directory string Root directory to find certificates specified in L7 TLS policy enforcement (default "/var/run/cilium/certs") diff -crB --new-file cilium-1.7.0-bpf-nat-global-max/Documentation/install/upgrade.rst cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/Documentation/install/upgrade.rst *** cilium-1.7.0-bpf-nat-global-max/Documentation/install/upgrade.rst 2020-02-18 14:32:45.000000000 -0800 --- cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/Documentation/install/upgrade.rst 2020-04-24 12:09:19.020082353 -0700 *************** *** 291,296 **** --- 291,390 ---- upgrade. Connections should successfully re-establish without requiring clients to reconnect. + Upgrading from >=1.7.0 to 1.8.y + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + * Since Cilium 1.5, the TCP connection tracking table size parameter + ``bpf-ct-global-tcp-max`` in the daemon was set to the default value + ``1000000`` to retain backwards compatibility with previous versions. In + Cilium 1.8 the default value is set to 512K by default in order to reduce the + agent memory consumption. + + If Cilium was deployed using Helm, the new default value of 512K was already + effective in Cilium 1.6 or later, unless it was manually configured to a + different value. + + If the table size was configured to a value different from 512K in the + previous installation, ongoing connections will be disrupted during the + upgrade. To avoid connection breakage, ``bpf-ct-global-tcp-max`` needs to be + manually adjusted. + + To check whether any action is required the following command can be used to + check the currently configured maximum number of TCP conntrack entries: + + .. code:: bash + + sudo grep -R CT_MAP_SIZE_TCP /var/run/cilium/state/templates/ + + If the maximum number is 524288, no action is required. If the number is + different, ``bpf-ct-global-tcp-max`` needs to be adjusted in the `ConfigMap` + to the value shown by the command above (100000 in the example below): + + .. tabs:: + .. group-tab:: kubectl + + .. parsed-literal:: + + helm template cilium \\ + --namespace=kube-system \\ + ... + --set global.bpf.ctTcpMax=100000 + ... + > cilium.yaml + kubectl apply -f cilium.yaml + + .. group-tab:: Helm + + .. parsed-literal:: + + helm upgrade cilium --namespace=kube-system \\ + --set global.bpf.ctTcpMax=100000 + + * The default value for the NAT table size parameter ``bpf-nat-global-max`` in + the daemon is derived from the default value of the conntrack table size + parameter ``bpf-ct-global-tcp-max``. Since the latter was changed (see + above), the default NAT table size decreased from ~820K to 512K. + + The NAT table is only used if either BPF NodePort (``enable-node-port`` + parameter) or masquerading (``masquerade`` parameter) are enabled. No action + is required if neither of the parameters is enabled. + + If either of the parameters is enabled, ongoing connections will be disrupted + during the upgrade. In order to avoid connection breakage, + ``bpf-nat-global-max`` needs to be manually adjusted. + + To check whether any adjustment is required the following command can be used + to check the currently configured maximum number of NAT table entries: + + .. code:: bash + + sudo grep -R SNAT_MAPPING_IPV[46]_SIZE /var/run/cilium/state/globals/ + + If the command does not return any value or if the returned maximum number is + 524288, no action is required. If the number is different, + ``bpf-nat-global-max`` needs to be adjusted in the `ConfigMap` to the value + shown by the command above (841429 in the example below): + + .. tabs:: + .. group-tab:: kubectl + + .. parsed-literal:: + + helm template cilium \\ + --namespace=kube-system \\ + ... + --set global.bpf.natMax=841429 + ... + > cilium.yaml + kubectl apply -f cilium.yaml + + .. group-tab:: Helm + + .. parsed-literal:: + + helm upgrade cilium --namespace=kube-system \\ + --set global.bpf.natMax=841429 + .. _1.7_upgrade_notes: 1.7 Upgrade Notes diff -crB --new-file cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/charts/config/templates/configmap.yaml cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/install/kubernetes/cilium/charts/config/templates/configmap.yaml *** cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/charts/config/templates/configmap.yaml 2020-04-24 11:14:27.314444210 -0700 --- cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/install/kubernetes/cilium/charts/config/templates/configmap.yaml 2020-04-24 12:23:23.292299563 -0700 *************** *** 114,120 **** # Only effective when monitor aggregation is set to "medium" or higher. monitor-aggregation-flags: {{ .Values.global.bpf.monitorFlags }} ! # ct-global-max-entries-* specifies the maximum number of connections # supported across all endpoints, split by protocol: tcp or other. One pair # of maps uses these values for IPv4 connections, and another pair of maps # use these values for IPv6 connections. --- 114,120 ---- # Only effective when monitor aggregation is set to "medium" or higher. monitor-aggregation-flags: {{ .Values.global.bpf.monitorFlags }} ! # bpf-ct-global-*-max specifies the maximum number of connections # supported across all endpoints, split by protocol: tcp or other. One pair # of maps uses these values for IPv4 connections, and another pair of maps # use these values for IPv6 connections. *************** *** 124,130 **** # policy drops or a change in loadbalancing decisions for a connection. # # For users upgrading from Cilium 1.2 or earlier, to minimize disruption ! # during the upgrade process, comment out these options. bpf-ct-global-tcp-max: "{{ .Values.global.bpf.ctTcpMax }}" bpf-ct-global-any-max: "{{ .Values.global.bpf.ctAnyMax }}" --- 124,130 ---- # policy drops or a change in loadbalancing decisions for a connection. # # For users upgrading from Cilium 1.2 or earlier, to minimize disruption ! # during the upgrade process, set bpf-ct-global-tcp-max to 1000000. bpf-ct-global-tcp-max: "{{ .Values.global.bpf.ctTcpMax }}" bpf-ct-global-any-max: "{{ .Values.global.bpf.ctAnyMax }}" diff -crB --new-file cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/values.yaml cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/install/kubernetes/cilium/values.yaml *** cilium-1.7.0-bpf-nat-global-max/install/kubernetes/cilium/values.yaml 2020-04-24 11:32:18.525522386 -0700 --- cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/install/kubernetes/cilium/values.yaml 2020-04-24 12:24:37.192680067 -0700 *************** *** 191,197 **** ctAnyMax: 262144 # natMax is the maximum number of entries for the NAT table ! natMax: 841429 # montiorAggregation is the level of aggregation for datapath trace events monitorAggregation: medium --- 191,197 ---- ctAnyMax: 262144 # natMax is the maximum number of entries for the NAT table ! natMax: 524288 # montiorAggregation is the level of aggregation for datapath trace events monitorAggregation: medium diff -crB --new-file cilium-1.7.0-bpf-nat-global-max/install/kubernetes/quick-install.yaml cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/install/kubernetes/quick-install.yaml *** cilium-1.7.0-bpf-nat-global-max/install/kubernetes/quick-install.yaml 2020-04-24 11:32:26.197562807 -0700 --- cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/install/kubernetes/quick-install.yaml 2020-04-24 12:27:44.437644170 -0700 *************** *** 57,69 **** # policy drops or a change in loadbalancing decisions for a connection. # # For users upgrading from Cilium 1.2 or earlier, to minimize disruption ! # during the upgrade process, comment out these options. bpf-ct-global-tcp-max: "524288" bpf-ct-global-any-max: "262144" # bpf-nat-global-max specified the maximum number of entries in the BPF NAT # table. ! bpf-nat-global-max: "841429" # Pre-allocation of map entries allows per-packet latency to be reduced, at # the expense of up-front memory allocation for the entries in the maps. The --- 57,69 ---- # policy drops or a change in loadbalancing decisions for a connection. # # For users upgrading from Cilium 1.2 or earlier, to minimize disruption ! # during the upgrade process, set bpf-ct-global-tcp-max to 1000000. bpf-ct-global-tcp-max: "524288" bpf-ct-global-any-max: "262144" # bpf-nat-global-max specified the maximum number of entries in the BPF NAT # table. ! bpf-nat-global-max: "524288" # Pre-allocation of map entries allows per-packet latency to be reduced, at # the expense of up-front memory allocation for the entries in the maps. The diff -crB --new-file cilium-1.7.0-bpf-nat-global-max/pkg/option/config.go cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/pkg/option/config.go *** cilium-1.7.0-bpf-nat-global-max/pkg/option/config.go 2020-04-23 21:08:27.747702955 -0700 --- cilium-1.7.0-reduce-default-number-for-tcp-ct-and-nat-max/pkg/option/config.go 2020-04-24 12:33:10.948184250 -0700 *************** *** 426,432 **** // CTMapEntriesGlobalTCP retains the Cilium 1.2 (or earlier) size to // minimize disruption during upgrade. ! CTMapEntriesGlobalTCPDefault = 1000000 CTMapEntriesGlobalAnyDefault = 2 << 17 // 256Ki CTMapEntriesGlobalTCPName = "bpf-ct-global-tcp-max" CTMapEntriesGlobalAnyName = "bpf-ct-global-any-max" --- 426,432 ---- // CTMapEntriesGlobalTCP retains the Cilium 1.2 (or earlier) size to // minimize disruption during upgrade. ! CTMapEntriesGlobalTCPDefault = 2 << 18 // 512Ki CTMapEntriesGlobalAnyDefault = 2 << 17 // 256Ki CTMapEntriesGlobalTCPName = "bpf-ct-global-tcp-max" CTMapEntriesGlobalAnyName = "bpf-ct-global-any-max" ++++++ 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch ++++++ ++++ 889 lines (skipped)
