K3s (and Kubernetes) supports load balancing via IPVS, and by default reports
errors when IPVS kernel modules cannot be loaded.
This patch adds the missing reported kernel modules to the k3s recipe:
* ip-vs
* ip-vs-rr
* ip-vs-wrr
* ip-vs-sh
The modules are configured by including the ip_vs kernel feature.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adds the following kernel modules for k3s:
* xt-physdev
* xt-nflog
* xt-limit
* nfnetlink-log
Without them, the k3s network-policy-controller reports failures in the log
related to iptables-restore.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add kernel config fragment according to the requirement from the file
types_unix.go in source codes of kubernetes.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We already have docker and some other fragments that are relevant to
k3s/k8s, but the addition of ipset as a depends for k3s highlights
that we should have a reference configuration that sets all the options
for proper opration and runtime dependencies.
When k8s or k3s are distro features, we'll apply the new fragment to
any kernel that supports fragments (and matches the supported
versions).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add kernel config fragment for CONFIG_CGROUP_HUGETLB
This is a recommended config for Kubernetes and k8s
will throw a warning if it is not present.
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The group scheduling options in the lxc fragment were initially
used to support performance guaranteed systems using containers.
This option now causes issues with systemd runtimes and the
original feature it implemented is no longer relevant
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
CONFIG_XEN_MAX_DOMAIN_MEMORY has been retired since kernel commit:
197ecb3802c04499d8ff4f8cb28f6efa008067db
xen/balloon: add runtime control for scrubbing ballooned out pages
CONFIG_XEN_SCRUB_PAGES has been replaced with CONFIG_XEN_SCRUB_PAGES_DEFAULT
since kernel commit: c70727a5bc18a5a233fddc6056d1de9144d7a293
xen: allow more than 512 GB of RAM for 64 bit pv-domains
Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The vxlan module is needed if user or some software is trying
to configure network when the image is running in virtual machine.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since af6363374cbd ("cgroup: make CONFIG_CGROUP_NET_PRIO bool and drop unnecessary init_netclassid_cgroup()"),
CONFIG_CGROUP_NET_PRIO has become a bool option. Forcedly setting it to "m"
would end up with "n". Change it to "y" here.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
kernel has replaced CONFIG_NF_CONNTRACK_IPV4 with CONFIG_NF_CONNTRACK.
[commit: a0ae2562c]
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
fixes:
WARNING: linux-yocto-4.18.21+gitAUTOINC+9e348b6f9d_db2d813869-r0
do_kernel_configcheck: [kernel config]: This BSP sets config
options that are not offered anywhere within this kernel:
CONFIG_EXT3_FS_XATTR
CONFIG_RESOURCE_COUNTERS
CONFIG_CGROUP_MEM_RES_CTLR
CONFIG_CLS_CGROUP
CONFIG_NETPRIO_CGROUP
CONFIG_DEVPTS_MULTIPLE_INSTANCES
Configs were either dropped or renamed according to the updates made
in the kernel, as capture below.
CONFIG_RESOURCE_COUNTERS gone since kernel v3.19 via mainline
commit 5b1efc027c0b51ca3e76f4e00c83358f8349f543.
CONFIG_CGROUP_MEM_RES_CTLR renamed since kernel v3.6 via mainline
commit c255a458055e459f65eb7b7f51dc5dbdd0caf1d8
CONFIG_CLS_CGROUP never existed AFAICT it should have always
been CONFIG_NET_CLS_CGROUP
CONFIG_NETPRIO_CGROUP renamed since kernel v3.14 via mainline
commit 86f8515f9721fa171483f0fe0391968fbb949cc9
CONFIG_DEVPTS_MULTIPLE_INSTANCES removed since kernel v4.7 via mainline
commit eedf265aa003b4781de24cfed40a655a664457e6
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The script lxc-checkconfig doesn't seem to report virtio related kernel
configs as required, so remove them from lxc.cfg instead.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Setting 'CONFIG_NET_ACT_POLICE=m' meets demands of Qos,one of features of openswitch.
This is a new police-mechanism called action-extension.
It can build act_police.c into kernel as type of module.
If you want to do traffic policing, a kind of action-extension, i.e. strict bandwidth limiting.
This action replaces the existing policing module.
User can set action-extension at userspace by tool of openvswitch
If user set action-extension, exts->actions[i] will be called, and finally tcf_police()
defined at act_police.c will be called.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Meanwhile, this became boolean, and trying to make it a module just
leaves it off.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Importing the docker configuratino fragment from meta-overc, which
adds options and capabilities to allow container to start out of
the box.
Note: There are more options that could be added here, but many of
them are decision of the distro and depend on runtime configuration
choices. So to balance the size of the build and leave decisions
where they belong, we keep this as small as possible.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Docker needs ths _NETFILTER_XT_MATCH_ADDRTYPE module in order to start
up successfully. This patch adds it to the supported kernels.
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
- Drop old kernel options and add some newly available ones.
Signed-off-by: Chris Patterson <cjp256@gmail.com>
Signed-off-by: Bruce Ashfield <bruce@zedd.org>
Updated linux kernel fragment to match defaults as defined in the 3.10 kernel's Kconfig files. If defaults were not specified, modules were were used unless required by another built-in option. As such, The core frontend drivers are included by default and the backend drivers are built as modules.
This allows privileged, PV, HVM, and PVHVM guests to work properly without additional kernel configuration or modules required in initramfs (from a Xen support perspective).
This also removes CONFIG_KVM_GUEST which was erroneously included previously.
Signed-off-by: Chris Patterson <cjp256@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
