Browse Source
Add switch cilium_enable_bandwidth_manager (#9441)
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
pull/9448/head
biqiang Wu
2 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with
33 additions and
0 deletions
-
docs/cilium.md
-
roles/network_plugin/cilium/defaults/main.yml
-
roles/network_plugin/cilium/templates/cilium/config.yml.j2
|
|
@ -121,6 +121,23 @@ cilium_encryption_type: "wireguard" |
|
|
|
|
|
|
|
|
Kubespray currently supports Linux distributions with Wireguard Kernel mode on Linux 5.6 and newer. |
|
|
Kubespray currently supports Linux distributions with Wireguard Kernel mode on Linux 5.6 and newer. |
|
|
|
|
|
|
|
|
|
|
|
## Bandwidth Manager |
|
|
|
|
|
|
|
|
|
|
|
Cilium’s bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation. |
|
|
|
|
|
|
|
|
|
|
|
Bandwidth enforcement currently does not work in combination with L7 Cilium Network Policies. |
|
|
|
|
|
In case they select the Pod at egress, then the bandwidth enforcement will be disabled for those Pods. |
|
|
|
|
|
|
|
|
|
|
|
Bandwidth Manager requires a v5.1.x or more recent Linux kernel. |
|
|
|
|
|
|
|
|
|
|
|
For further information, make sure to check the official [Cilium documentation.](https://docs.cilium.io/en/v1.12/gettingstarted/bandwidth-manager/) |
|
|
|
|
|
|
|
|
|
|
|
To use this function, set the following parameters |
|
|
|
|
|
|
|
|
|
|
|
```yml |
|
|
|
|
|
cilium_enable_bandwidth_manager: true |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
## Install Cilium Hubble |
|
|
## Install Cilium Hubble |
|
|
|
|
|
|
|
|
k8s-net-cilium.yml: |
|
|
k8s-net-cilium.yml: |
|
|
|
|
|
@ -103,6 +103,13 @@ cilium_ipsec_node_encryption: false |
|
|
# This option is only effective when `cilium_encryption_type` is set to `wireguard`. |
|
|
# This option is only effective when `cilium_encryption_type` is set to `wireguard`. |
|
|
cilium_wireguard_userspace_fallback: false |
|
|
cilium_wireguard_userspace_fallback: false |
|
|
|
|
|
|
|
|
|
|
|
# Enable Bandwidth Manager |
|
|
|
|
|
# Cilium’s bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation. |
|
|
|
|
|
# Bandwidth enforcement currently does not work in combination with L7 Cilium Network Policies. |
|
|
|
|
|
# In case they select the Pod at egress, then the bandwidth enforcement will be disabled for those Pods. |
|
|
|
|
|
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel. |
|
|
|
|
|
cilium_enable_bandwidth_manager: false |
|
|
|
|
|
|
|
|
# IP Masquerade Agent |
|
|
# IP Masquerade Agent |
|
|
# https://docs.cilium.io/en/stable/concepts/networking/masquerading/ |
|
|
# https://docs.cilium.io/en/stable/concepts/networking/masquerading/ |
|
|
# By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded |
|
|
# By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded |
|
|
|
|
|
@ -117,6 +117,15 @@ data: |
|
|
# - geneve |
|
|
# - geneve |
|
|
tunnel: "{{ cilium_tunnel_mode }}" |
|
|
tunnel: "{{ cilium_tunnel_mode }}" |
|
|
|
|
|
|
|
|
|
|
|
# Enable Bandwidth Manager |
|
|
|
|
|
# Cilium’s bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation. |
|
|
|
|
|
# Bandwidth enforcement currently does not work in combination with L7 Cilium Network Policies. |
|
|
|
|
|
# In case they select the Pod at egress, then the bandwidth enforcement will be disabled for those Pods. |
|
|
|
|
|
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel. |
|
|
|
|
|
{% if cilium_enable_bandwidth_manager %} |
|
|
|
|
|
enable-bandwidth-manager: "true" |
|
|
|
|
|
{% endif %} |
|
|
|
|
|
|
|
|
# Name of the cluster. Only relevant when building a mesh of clusters. |
|
|
# Name of the cluster. Only relevant when building a mesh of clusters. |
|
|
cluster-name: "{{ cilium_cluster_name }}" |
|
|
cluster-name: "{{ cilium_cluster_name }}" |
|
|
|
|
|
|
|
|
|
