Add cilium_enable_bbr flag for cilium

Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
3 days ago · 30a0c5c07f
3 changed files with 22 additions and 2 deletions
--- a/docs/CNI/cilium.md
+++ b/docs/CNI/cilium.md
@ -313,12 +313,21 @@ Bandwidth Manager requires a v5.1.x or more recent Linux kernel.

 For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/)

-To use this function, set the following parameters
+To use this feature, set the following parameters:

 ```yml
 cilium_enable_bandwidth_manager: true
 ```

+The base infrastructure around MQ/FQ setup provided by Cilium’s bandwidth manager also allows for use of TCP BBR congestion control for Pods. BBR achieves higher bandwidths and lower latencies for Internet traffic. you can enable it by setting the following parameters:
+
+```yaml
+cilium_enable_bandwidth_manager: true
+cilium_enable_bbr: true
+```
+
+> BBR for Pods requires a v5.18.x or more recent Linux kernel.
+
 ## Host Firewall

 Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity.
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@ -55,7 +55,9 @@ cilium_enable_prometheus: false
 cilium_enable_portmap: false
 # Monitor aggregation level (none/low/medium/maximum)
 cilium_monitor_aggregation: medium
-# Kube Proxy Replacement mode (strict/partial)
+# Kube Proxy Replacement mode 
+# cilium_version < 1.14.0: strict/partial/disabled
+# cilium_version >= 1.14.0: true/false
 cilium_kube_proxy_replacement: partial

 # If upgrading from Cilium < 1.5, you may want to override some of these options
@ -120,6 +122,10 @@ cilium_wireguard_userspace_fallback: false
 # Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
 cilium_enable_bandwidth_manager: false

+# Enable BBR for the bandwidth manager
+# Requires cilium_enable_bandwidth_manager to be enabled
+cilium_enable_bbr: false
+
 # IP Masquerade Agent
 # https://docs.cilium.io/en/stable/concepts/networking/masquerading/
 # By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded
--- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
@ -144,6 +144,11 @@ data:
  # Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
 {% if cilium_enable_bandwidth_manager %}
  enable-bandwidth-manager: "true"
+  # Enable BBR for the bandwidth manager
+  # BBR for Pods requires a v5.18.x or more recent Linux kernel.
+{% if cilium_enable_bbr %}
+  enable-bbr: "true"
+{% endif %}
 {% endif %}

  # Host Firewall and Policy Audit Mode