Add cilium_enable_bbr flag for cilium
Signed-off-by: cyclinder <qifeng.guo@daocloud.io>pull/11730/head
parent
9d6344aac7
commit
8e682496be
|
@ -313,12 +313,21 @@ Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
|
||||||
|
|
||||||
For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/)
|
For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/)
|
||||||
|
|
||||||
To use this function, set the following parameters
|
To use this feature, set the following parameters:
|
||||||
|
|
||||||
```yml
|
```yml
|
||||||
cilium_enable_bandwidth_manager: true
|
cilium_enable_bandwidth_manager: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The base infrastructure around MQ/FQ setup provided by Cilium’s bandwidth manager also allows for use of TCP BBR congestion control for Pods. BBR achieves higher bandwidths and lower latencies for Internet traffic. you can enable it by setting the following parameters:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
cilium_enable_bandwidth_manager: true
|
||||||
|
cilium_enable_bbr: true
|
||||||
|
```
|
||||||
|
|
||||||
|
> BBR for Pods requires a v5.18.x or more recent Linux kernel.
|
||||||
|
|
||||||
## Host Firewall
|
## Host Firewall
|
||||||
|
|
||||||
Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity.
|
Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity.
|
||||||
|
|
|
@ -55,7 +55,9 @@ cilium_enable_prometheus: false
|
||||||
cilium_enable_portmap: false
|
cilium_enable_portmap: false
|
||||||
# Monitor aggregation level (none/low/medium/maximum)
|
# Monitor aggregation level (none/low/medium/maximum)
|
||||||
cilium_monitor_aggregation: medium
|
cilium_monitor_aggregation: medium
|
||||||
# Kube Proxy Replacement mode (strict/partial)
|
# Kube Proxy Replacement mode
|
||||||
|
# cilium_version < 1.14.0: strict/partial/disabled
|
||||||
|
# cilium_version >= 1.14.0: true/false
|
||||||
cilium_kube_proxy_replacement: partial
|
cilium_kube_proxy_replacement: partial
|
||||||
|
|
||||||
# If upgrading from Cilium < 1.5, you may want to override some of these options
|
# If upgrading from Cilium < 1.5, you may want to override some of these options
|
||||||
|
@ -120,6 +122,10 @@ cilium_wireguard_userspace_fallback: false
|
||||||
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
|
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
|
||||||
cilium_enable_bandwidth_manager: false
|
cilium_enable_bandwidth_manager: false
|
||||||
|
|
||||||
|
# Enable BBR for the bandwidth manager
|
||||||
|
# Requires cilium_enable_bandwidth_manager to be enabled
|
||||||
|
cilium_enable_bbr: false
|
||||||
|
|
||||||
# IP Masquerade Agent
|
# IP Masquerade Agent
|
||||||
# https://docs.cilium.io/en/stable/concepts/networking/masquerading/
|
# https://docs.cilium.io/en/stable/concepts/networking/masquerading/
|
||||||
# By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded
|
# By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded
|
||||||
|
|
|
@ -144,6 +144,11 @@ data:
|
||||||
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
|
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
|
||||||
{% if cilium_enable_bandwidth_manager %}
|
{% if cilium_enable_bandwidth_manager %}
|
||||||
enable-bandwidth-manager: "true"
|
enable-bandwidth-manager: "true"
|
||||||
|
# Enable BBR for the bandwidth manager
|
||||||
|
# BBR for Pods requires a v5.18.x or more recent Linux kernel.
|
||||||
|
{% if cilium_enable_bbr %}
|
||||||
|
enable-bbr: "true"
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# Host Firewall and Policy Audit Mode
|
# Host Firewall and Policy Audit Mode
|
||||||
|
|
Loading…
Reference in New Issue