Procedure for switching CNI from Flannel to Cilium

  1. Disable the kube-proxy module:

    d8 k apply -f - << EOF
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: kube-proxy
spec:
  enabled: false
EOF

  2. Enable the cni-cilium module:

    d8 k create -f - << EOF
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: cni-cilium
spec:
  version: 1
  enabled: true
  settings:
  tunnelMode: VXLAN
EOF

  3. Check that all Cilium agents are in the Running status.

    d8 k get po -n d8-cni-cilium

    Example output:

    NAME                      READY STATUS  RESTARTS    AGE
agent-5zzfv               2/2   Running 5 (23m ago) 26m
agent-gqb2b               2/2   Running 5 (23m ago) 26m
agent-wtv4p               2/2   Running 5 (23m ago) 26m
operator-856d69fd49-mlglv 2/2   Running 0           26m
safe-agent-updater-26qpk  3/3   Running 0           26m
safe-agent-updater-qlbrh  3/3   Running 0           26m
safe-agent-updater-wjjr5  3/3   Running 0           26m

  4. Reboot master nodes.

  5. Reboot the other cluster nodes.

    If Cilium agents can’t reach the Running status, reboot the associated nodes.

  6. Disable the cni-flannel module:

    d8 k apply -f - << EOF
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: cni-flannel
spec:
  enabled: false
EOF

  7. Enable the node-local-dns module:

    d8 k apply -f - << EOF
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: node-local-dns
spec:
  enabled: true
EOF

    Once you enable the module, wait until all Cilium agents are in the Running status.

  8. Check that the switching of the CNIs was completed successfully.

Ensuring the CNI was successfully switched

To ensure the CNI switching from Flannel to Cilium was completed successfully, follow these steps:

  1. Check the Deckhouse queue:

    • If using a single master node:

      d8 platform queue list

    • If using a multi-master installation:

      d8 platform queue list

  2. Check the Cilium agents. They must be in the Running status:

    d8 k get po -n d8-cni-cilium

    Example output:

    NAME        READY STATUS  RESTARTS    AGE
agent-5zzfv 2/2   Running 5 (23m ago) 26m
agent-gqb2b 2/2   Running 5 (23m ago) 26m
agent-wtv4p 2/2   Running 5 (23m ago) 26m

  3. Check that the cni-flannel module has been disabled:

    d8 k get modules | grep flannel

    Example output:

    cni-flannel                         35     Disabled    Embedded

  4. Check that the node-local-dns module has been enabled:

    d8 k get modules | grep node-local-dns

    Example output:

    node-local-dns                      350    Enabled     Embedded     Ready