Skip to content

[CORE-11600] Streamline BPF installation #4058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

[CORE-11600] Streamline BPF installation #4058

wants to merge 7 commits into from

Conversation

lucastigera
Copy link
Contributor

@lucastigera lucastigera commented Jul 23, 2025
edited
Loading

Description

Context
To drive adoption of Calico’s BPF dataplane, we aim to simplify its setup by automating current manual steps. The goal is to support default BPF installations on clusters that iinitially use kube-proxy (e.g., via kubeadm) without requiring user configuration.

This PR extends the mount-bpffs init container to handle the initial BPF setup required for network communication when BPF is enabled and kube-proxy is disabled.

Changes

  • Added a new field, BPFBootstrapMode, to the Installation custom resource (CR) to allow users to explicitly opt in to the automated BPF bootstrap process.
  • In the Core Controller:
    • Validates that all BPF mode requirements are met.
    • Supplies the mount-bpffs init container with the Kubernetes service Cluster IPs, ports, and EndpointSlices.
    • Disables kube-proxy by patching its DaemonSet.
      • If an external operation (e.g., a kube-proxy upgrade) overrides this patch, the Core Controller will reconcile and re-apply the change.

The default behavior remains unchanged. If the user does not opt in via BPFBootstrapMode, the Operator will behave exactly as it does currently.

Error Handling
If the user opts in but any requirements are not met, the Operator will report a degraded status via TigeraStatus.

Tests
Implemented UTs in the Core Controller.
FVs and EEs are likely not necessary for this change.

Release Note

The Operator now automatically handles all required configuration when installing Calico in BPF mode on clusters using kube-proxy. A new field, `BPFBootstrapMode`, has been added to the `Installation CR` to control this behavior.

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@lucastigera lucastigera requested a review from a team as a code owner July 23, 2025 04:29
@marvin-tigera marvin-tigera added this to the v1.40.0 milestone Jul 23, 2025
@lucastigera lucastigera marked this pull request as draft July 23, 2025 04:29
@lucastigera lucastigera changed the title [WIP] [CORE-11600] Streamline BPF installation [CORE-11600] Streamline BPF installation Jul 23, 2025
@lucastigera lucastigera marked this pull request as ready for review July 23, 2025 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docs-pr-required release-note-required
Projects
None yet
Milestone
v1.40.0
Development

Successfully merging this pull request may close these issues.
2 participants
@lucastigera @marvin-tigera