Add cilium_enable_bbr flag for cilium

Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
pull/11730/head
Cyclinder Kuo 2024-11-21 11:49:27 +08:00
parent 9d6344aac7
commit 8e682496be
3 changed files with 22 additions and 2 deletions

View File

@ -313,12 +313,21 @@ Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/) For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/)
To use this function, set the following parameters To use this feature, set the following parameters:
```yml ```yml
cilium_enable_bandwidth_manager: true cilium_enable_bandwidth_manager: true
``` ```
The base infrastructure around MQ/FQ setup provided by Ciliums bandwidth manager also allows for use of TCP BBR congestion control for Pods. BBR achieves higher bandwidths and lower latencies for Internet traffic. you can enable it by setting the following parameters:
```yaml
cilium_enable_bandwidth_manager: true
cilium_enable_bbr: true
```
> BBR for Pods requires a v5.18.x or more recent Linux kernel.
## Host Firewall ## Host Firewall
Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity. Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity.

View File

@ -55,7 +55,9 @@ cilium_enable_prometheus: false
cilium_enable_portmap: false cilium_enable_portmap: false
# Monitor aggregation level (none/low/medium/maximum) # Monitor aggregation level (none/low/medium/maximum)
cilium_monitor_aggregation: medium cilium_monitor_aggregation: medium
# Kube Proxy Replacement mode (strict/partial) # Kube Proxy Replacement mode
# cilium_version < 1.14.0: strict/partial/disabled
# cilium_version >= 1.14.0: true/false
cilium_kube_proxy_replacement: partial cilium_kube_proxy_replacement: partial
# If upgrading from Cilium < 1.5, you may want to override some of these options # If upgrading from Cilium < 1.5, you may want to override some of these options
@ -120,6 +122,10 @@ cilium_wireguard_userspace_fallback: false
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel. # Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
cilium_enable_bandwidth_manager: false cilium_enable_bandwidth_manager: false
# Enable BBR for the bandwidth manager
# Requires cilium_enable_bandwidth_manager to be enabled
cilium_enable_bbr: false
# IP Masquerade Agent # IP Masquerade Agent
# https://docs.cilium.io/en/stable/concepts/networking/masquerading/ # https://docs.cilium.io/en/stable/concepts/networking/masquerading/
# By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded # By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded

View File

@ -144,6 +144,11 @@ data:
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel. # Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
{% if cilium_enable_bandwidth_manager %} {% if cilium_enable_bandwidth_manager %}
enable-bandwidth-manager: "true" enable-bandwidth-manager: "true"
# Enable BBR for the bandwidth manager
# BBR for Pods requires a v5.18.x or more recent Linux kernel.
{% if cilium_enable_bbr %}
enable-bbr: "true"
{% endif %}
{% endif %} {% endif %}
# Host Firewall and Policy Audit Mode # Host Firewall and Policy Audit Mode