View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Modifying Calico Deployment
Log in to Ask a Question
✓ Solved

Modifying Calico Deployment

kubernetes calico lke

It's mentioned in this question that any changes to the calico deployment might be overwritten as part of using LKE

We'd specifically like to add an env var

FELIX_FEATUREDETECTOVERRIDE="MASQFullyRandom=false"

as it's needed to ensure STUN works from inside pods without having to provide hostNetwork: true.

We've tweaked this and it works for our use case, but there's the fear that if LKE updates, it will overwrite the change and break our deployment.

Is there a way to ensure the change persists even across upgrades? Alternatively, do these updates to calico and other components only happen outside manually upgrading the kubernetes version? (so that we can work around this by just creating a new cluster to upgrade)

6 Replies

Linode Staff

✓ Best Answer

@thomas-dy I have some great news! I reached back out to our LKE devs and they confirmed that the felixconfiguration is not managed by LKE so you shouldn't need to worry about any changes you make to that being overwritten on an LKE release.

Linode Staff

@thomas-dy I just reached out to double check with our LKE team and they confirmed any changes to deployments managed by LKE would be reverted to the original configuration on the next LKE release.

These releases typically occur every two weeks and you can check out what's included in them on our LKE Changelog.

While you could redeploy the calico changes every time there's a new LKE release, that might not be too practical for you and as such it might make more sense to use hostNetwork: True instead.

Thanks for checking! We've considered hostNetwork: true and hostPort but those make the deployments quite inflexible as you can only have one hostNetwork pod per node.

It looks like LKE releases happen automatically, are there plans to allow customers to opt-in to them instead like kubernetes upgrades?

Looking into this more, it looks like it's also possible to configure felix via the FelixConfiguration resource https://docs.projectcalico.org/reference/resources/felixconfig

I created a new LKE cluster and the contents of the resource were different from our old one, so I assume this config is auto-generated by calico itself and not created by LKE?

If that's the case, I think this could work for us. Would it be possible to confirm that the default FelixConfiguration will not be overwritten by LKE upgrades?

@rl0nergan is this something that you could confirm with the LKE team for us?

That's great! Thanks!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct