From edce2b528d66375b2f4bb50c25221153947bcb28 Mon Sep 17 00:00:00 2001 From: peterw <12556909+pedro-peter@users.noreply.github.com> Date: Mon, 24 Jun 2024 04:14:56 +0100 Subject: [PATCH] add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars (#10943) --- inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml | 7 +++++++ roles/network_plugin/cilium/defaults/main.yml | 6 ++++++ roles/network_plugin/cilium/tasks/check.yml | 6 ++++++ roles/network_plugin/cilium/templates/cilium/config.yml.j2 | 6 ++++++ 4 files changed, 25 insertions(+) diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml index db827437e..a583540ba 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml @@ -163,6 +163,13 @@ cilium_l2announcements: false ### Enable auto generate certs if cilium_hubble_install: true # cilium_hubble_tls_generate: false +### Tune cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size values to avoid dropping events when hubble is under heavy load +### Capacity of Hubble events buffer. The provided value must be one less than an integer power of two and no larger than 65535 +### (ie: 1, 3, ..., 2047, 4095, ..., 65535) (default 4095) +# cilium_hubble_event_buffer_capacity: 4095 +### Buffer size of the channel to receive monitor events. +# cilium_hubble_event_queue_size: 50 + # IP address management mode for v1.9+. # https://docs.cilium.io/en/v1.9/concepts/networking/ipam/ # cilium_ipam_mode: kubernetes diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index 2f4830a8e..7e65e7faf 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -159,6 +159,12 @@ cilium_hubble_install: false ### Enable auto generate certs if cilium_hubble_install: true cilium_hubble_tls_generate: false +### Capacity of Hubble events buffer. The provided value must be one less than an integer power of two and no larger than 65535 +### (ie: 1, 3, ..., 2047, 4095, ..., 65535) (default 4095) +# cilium_hubble_event_buffer_capacity: 4095 +### Buffer size of the channel to receive monitor events. +# cilium_hubble_event_queue_size: 50 + # The default IP address management mode is "Cluster Scope". # https://docs.cilium.io/en/stable/concepts/networking/ipam/ cilium_ipam_mode: cluster-pool diff --git a/roles/network_plugin/cilium/tasks/check.yml b/roles/network_plugin/cilium/tasks/check.yml index c65591f66..34a5afebb 100644 --- a/roles/network_plugin/cilium/tasks/check.yml +++ b/roles/network_plugin/cilium/tasks/check.yml @@ -61,3 +61,9 @@ when: - cilium_ipsec_enabled is defined - cilium_ipsec_enabled + +- name: Stop if cilium_hubble_event_buffer_capacity is not a power of 2 minus 1 and is not between 1 and 65535 + assert: + that: "cilium_hubble_event_buffer_capacity in [1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191, 16383, 32767, 65535]" + msg: "Error: cilium_hubble_event_buffer_capacity:{{ cilium_hubble_event_buffer_capacity }} is not a power of 2 minus 1 and it should be between 1 and 65535." + when: cilium_hubble_event_buffer_capacity is defined diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 index bdb07212b..ed37f122f 100644 --- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 @@ -192,6 +192,12 @@ data: {% for hubble_metrics_cycle in cilium_hubble_metrics %} {{ hubble_metrics_cycle }} {% endfor %} +{% endif %} +{% if cilium_hubble_event_buffer_capacity is defined %} + hubble-event-buffer-capacity: "{{ cilium_hubble_event_buffer_capacity }}" +{% endif %} +{% if cilium_hubble_event_queue_size is defined %} + hubble-event-queue-size: "{{ cilium_hubble_event_queue_size }}" {% endif %} hubble-listen-address: ":4244" {% if cilium_enable_hubble and cilium_hubble_install %}