kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add cilium_enable_bbr flag for cilium 

Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
Cyclinder Kuo 2024-11-21 11:49:27 +08:00
parent b8541962f3
commit 30a0c5c07f
No known key found for this signature in database
GPG Key ID: 8F80AE99333F9680
3 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/CNI/cilium.md
View File

@ -313,12 +313,21 @@ Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/)
To use this function, set the following parameters
To use this feature, set the following parameters:
```yml
cilium_enable_bandwidth_manager: true
```
The base infrastructure around MQ/FQ setup provided by Ciliums bandwidth manager also allows for use of TCP BBR congestion control for Pods. BBR achieves higher bandwidths and lower latencies for Internet traffic. you can enable it by setting the following parameters:
```yaml
cilium_enable_bandwidth_manager: true
cilium_enable_bbr: true
```
> BBR for Pods requires a v5.18.x or more recent Linux kernel.
## Host Firewall
Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity.

8
roles/network_plugin/cilium/defaults/main.yml
View File

@ -55,7 +55,9 @@ cilium_enable_prometheus: false
cilium_enable_portmap: false
# Monitor aggregation level (none/low/medium/maximum)
cilium_monitor_aggregation: medium
# Kube Proxy Replacement mode (strict/partial)
# Kube Proxy Replacement mode
# cilium_version < 1.14.0: strict/partial/disabled
# cilium_version >= 1.14.0: true/false
cilium_kube_proxy_replacement: partial
# If upgrading from Cilium < 1.5, you may want to override some of these options
@ -120,6 +122,10 @@ cilium_wireguard_userspace_fallback: false
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
cilium_enable_bandwidth_manager: false
# Enable BBR for the bandwidth manager
# Requires cilium_enable_bandwidth_manager to be enabled
cilium_enable_bbr: false
# IP Masquerade Agent
# https://docs.cilium.io/en/stable/concepts/networking/masquerading/
# By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded

5
roles/network_plugin/cilium/templates/cilium/config.yml.j2
View File

@ -144,6 +144,11 @@ data:
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
{% if cilium_enable_bandwidth_manager %}
enable-bandwidth-manager: "true"
# Enable BBR for the bandwidth manager
# BBR for Pods requires a v5.18.x or more recent Linux kernel.
{% if cilium_enable_bbr %}
enable-bbr: "true"
{% endif %}
{% endif %}
# Host Firewall and Policy Audit Mode