Update Cilium doc #193
Update Cilium doc #193
Conversation
|
Also their doc inserts a "chaining-mode": "generic-veth" in the cni-configuration passed to cillium, shall we do the same? |
|
Also the doc doesn't say it but if you don't restart the pods managed by Kube-OVN, they are not managed by Cilium. Once restarted, Cilium can see them but not before it's done. I believe cilium only injects the eBPF programs when called by the CRI, so when a container is started/restarted. |
|
@SkalaNetworks about this: Do you mean? |
|
@changluyi can you take a look at this Cilium integration? |
Yes, there's a parameter in the Kube-OVN helm chart to change the "priority" (name of the CNI config in /etc/cni) to 10-xxxx instead of 1-xxxx, but Cilium's doc doesn't mention changing that. Would it be a problem? As I understand it, Cilium needs to be the "real" CNI instantiated first by the CRI on Pod creation. It makes an interface with eBFP hooked to it and forwards the traffic to another interface belonging to the chained CNI (Kube-OVN) which then handles doing the actual CNI job. If the order is solely decided by the name of the files, I guess we need to keep that bit of the doc. |
option and we still need to change the order of the CNI plugin by changing the priority,for it will generate 05-cilium.conflist with chainning.yaml like below: and if not change the priority , it will use kube-ovn.conflist, and no cilium ebpf program will be load like this: and it should be like this:
|
|
Thanks for the clarification. I can't find a reference to |
I found it in the cilium source code |
Signed-off-by: SkalaNetworks <[email protected]>
|
I put the enableIdentityMark option back, the routingMode is still relevant, I think this PR is ready to merge |
* chore(bgp): documentation on new bgp nat gw feature * fix(doc): linter * Update with-bgp.en.md * feat(cilium): update cilium doc * fix(cilium): enableIdentityMark Signed-off-by: SkalaNetworks <[email protected]> --------- Signed-off-by: SkalaNetworks <[email protected]>
I'm not a pro when it comes to interfacing Cilium with Kube-OVN, so please check using https://docs.cilium.io/en/latest/helm-reference/#helm-reference and https://docs.cilium.io/en/stable/installation/cni-chaining-generic-veth/
Basically, the
tunneloption has been replaced byroutingMode: nativeI couldn't find a reference to
enableIdentityMarkin the new options, is it still useful?Also, do we still need to change the order of the CNI plugin by changing the priority like in the Kube-OVN doc? The cilium documentation doesn't mention that.
Tagging potentially knowledgable people on that subject: @oilbeater @bobz965