The module is not enabled by default in any bundles.

How to explicitly enable the module…

Note that the configOverrides parameter of the InitConfiguration resource is used when installing Deckhouse, not ModuleConfig.

Set the cniCiliumEnabled: true or cniCiliumEnabled: false in the configOverrides parameter to explicitly enable or disable the module when installing Deckhouse.

Use the cniCilium section of the configOverrides parameter to configure the module when installing Deckhouse.

Set the spec.enabled module parameter to true or false to explicitly enable or disable the module.

Example of enabling the cni-cilium module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: cni-cilium
spec:
  enabled: true

Example of disabling the cni-cilium module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: cni-cilium
spec:
  enabled: false

The module is configured using the ModuleConfig custom resource named cni-cilium (learn more about setting up Deckhouse…).

Example of the ModuleConfig/cni-cilium resource for configuring the module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: cni-cilium
spec:
  version: 1
  enabled: true
  settings: # <-- Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • bpfLBModestring

    eBPF LoadBalancer mode.

    Default: "Hybrid"

    Allowed values: SNAT, Hybrid, DSR

  • createNodeRoutesboolean

    Create routes to Pods on other Nodes.

    All Nodes must be located in the same L2 domain.

  • debugLoggingboolean

    Enabled debug logging for Cilium components.

    Default: false

  • labelsRegexarray of strings

    Labels regexes to reduce identity cardinality.

    Each label should be set in the format of YAML quoted string with special symbols escaping.

    Example:

    labelsRegex:
- k8s:!app\.kubernetes\.io
- k8s:io\.cilium\.k8s\.policy
  • policyAuditModeboolean

    Do not enforce any Network Policy. Only log allowed/disallowed connections.

    Default: false

  • resourcesManagement

    cilium agent resources requests options.

    Examples:

    resourcesManagement:
  mode: VPA
  vpa:
    mode: Auto
    cpu:
      min: 50m
      max: 2
      limitRatio: 1.5
    memory:
      min: 256Mi
      max: 2Gi
      limitRatio: 1.5

    resourcesManagement:
  mode: Static
  static:
    requests:
      cpu: 55m
      memory: 256Mi
    limits:
      cpu: 2
      memory: 2Gi
    • resourcesManagement.modestring

      The mode for managing resource requests.

      • Static — classical requests/limit.
      • VPA — managing using VPA.

      Default: "VPA"

      Allowed values: VPA, Static

    • resourcesManagement.staticobject

      Static resource management settings.

      • resourcesManagement.static.limitsobject

        Limits configuration.

        • resourcesManagement.static.limits.cpu

          CPU limits.

        • resourcesManagement.static.limits.memory

          Memory limits.

      • resourcesManagement.static.requestsobject

        Requests configuration.

        • resourcesManagement.static.requests.cpu

          CPU requests.

        • resourcesManagement.static.requests.memory

          Memory requests.

    • resourcesManagement.vpaobject

      Parameters of the VPA mode.

      • resourcesManagement.vpa.cpuobject

        CPU-related parameters.

        • resourcesManagement.vpa.cpu.limitRationumber

          The coefficient to calculate cpu limits.

          It is optionally used to calculate initial limits for Pod. VPA for its part keeps the initial limits/requests ratio during further resource tunings.

        • resourcesManagement.vpa.cpu.max

          Maximum allowed CPU requests.

          Default: 4

        • resourcesManagement.vpa.cpu.min

          Minimum allowed CPU requests.

          Default: 100m

      • resourcesManagement.vpa.memoryobject

        The amount of memory requested.

        • resourcesManagement.vpa.memory.limitRationumber

          The coefficient to calculate memory limits.

          It is optionally used to calculate initial limits for Pod. VPA for its part keeps the initial limits/requests ratio during further resource tunings.

        • resourcesManagement.vpa.memory.max

          Maximum allowed memory requests.

          Default: 4Gi

        • resourcesManagement.vpa.memory.min

          Minimum allowed memory requests.

          Default: 128Mi

      • resourcesManagement.vpa.modestring

        The VPA usage mode.

        Default: "Initial"

        Allowed values: Initial, Auto

  • svcSourceRangeCheckboolean

    Check source IP and validate it against Service’s “loadBalancerSourceRanges”.

    Do not enable behind a load balancer that performs any form of SNAT.

    Default: false

  • tunnelModestring

    Tunnel mode.

    Note! After changing the parameter, it is necessary to restart all nodes, otherwise, there may be problems with the availability of Pods!

    Default: "Disabled"

    Allowed values: Disabled, VXLAN