The module is not enabled by default in any bundles.
The module is configured using the ModuleConfig custom resource named cni-cilium
(learn more about setting up Deckhouse…).
Example of the ModuleConfig/cni-cilium
resource for configuring the module:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: cni-cilium
spec:
version: 1
enabled: true
settings: # <-- Module parameters from the "Parameters" section below.
Parameters
Schema version: 1
- bpfLBModestring
eBPF LoadBalancer mode.
Default:
"Hybrid"
Allowed values:
SNAT
,Hybrid
,DSR
- createNodeRoutesboolean
Create routes to Pods on other Nodes.
All Nodes must be located in the same L2 domain.
- debugLoggingboolean
Enabled debug logging for Cilium components.
Default:
false
- labelsRegexarray of strings
Labels regexes to reduce identity cardinality.
Each label should be set in the format of YAML quoted string with special symbols escaping.
- policyAuditModeboolean
Do not enforce any Network Policy. Only log allowed/disallowed connections.
Default:
false
- resourcesManagement
cilium agent resources requests options.
Examples:
resourcesManagement: mode: VPA vpa: mode: Auto cpu: min: 50m max: 2 limitRatio: 1.5 memory: min: 256Mi max: 2Gi limitRatio: 1.5
resourcesManagement: mode: Static static: requests: cpu: 55m memory: 256Mi limits: cpu: 2 memory: 2Gi
- resourcesManagement.modestring
The mode for managing resource requests.
Static
— classical requests/limit.VPA
— managing using VPA.
Default:
"VPA"
Allowed values:
VPA
,Static
- resourcesManagement.staticobject
Static resource management settings.
- resourcesManagement.static.limitsobject
Limits configuration.
- resourcesManagement.static.limits.cpu
CPU limits.
- resourcesManagement.static.limits.memory
Memory limits.
- resourcesManagement.static.limits.cpu
- resourcesManagement.static.requestsobject
Requests configuration.
- resourcesManagement.static.requests.cpu
CPU requests.
- resourcesManagement.static.requests.memory
Memory requests.
- resourcesManagement.static.requests.cpu
- resourcesManagement.static.limitsobject
- resourcesManagement.vpaobject
Parameters of the VPA mode.
- resourcesManagement.vpa.cpuobject
CPU-related parameters.
- resourcesManagement.vpa.cpu.limitRationumber
The coefficient to calculate cpu limits.
It is optionally used to calculate initial limits for Pod. VPA for its part keeps the initial limits/requests ratio during further resource tunings.
- resourcesManagement.vpa.cpu.max
Maximum allowed CPU requests.
Default:
4
- resourcesManagement.vpa.cpu.min
Minimum allowed CPU requests.
Default:
100m
- resourcesManagement.vpa.cpu.limitRationumber
- resourcesManagement.vpa.memoryobject
The amount of memory requested.
- resourcesManagement.vpa.memory.limitRationumber
The coefficient to calculate memory limits.
It is optionally used to calculate initial limits for Pod. VPA for its part keeps the initial limits/requests ratio during further resource tunings.
- resourcesManagement.vpa.memory.max
Maximum allowed memory requests.
Default:
4Gi
- resourcesManagement.vpa.memory.min
Minimum allowed memory requests.
Default:
128Mi
- resourcesManagement.vpa.memory.limitRationumber
- resourcesManagement.vpa.modestring
The VPA usage mode.
Default:
"Initial"
Allowed values:
Initial
,Auto
- resourcesManagement.vpa.cpuobject
- resourcesManagement.modestring
- svcSourceRangeCheckboolean
Check source IP and validate it against Service’s “loadBalancerSourceRanges”.
Do not enable behind a load balancer that performs any form of SNAT.
Default:
false
- tunnelModestring
Tunnel mode.
Note! After changing the parameter, it is necessary to restart all nodes, otherwise, there may be problems with the availability of Pods!
Default:
"Disabled"
Allowed values:
Disabled
,VXLAN