From 87cf52001c419d0d9817e34cdc504b28b9c10f94 Mon Sep 17 00:00:00 2001 From: Francesco Cheinasso Date: Thu, 2 Nov 2023 12:23:44 +0100 Subject: [PATCH] Docs: cilium --- docs/installation/install.md | 37 ++++++++++++++----- .../infra/cluster-api/cilium-values.yaml | 11 ++++++ test/e2e/pipeline/infra/cluster-api/cni.sh | 6 ++- 3 files changed, 42 insertions(+), 12 deletions(-) create mode 100644 test/e2e/pipeline/infra/cluster-api/cilium-values.yaml diff --git a/docs/installation/install.md b/docs/installation/install.md index 3cfb329e47..aab2b23366 100644 --- a/docs/installation/install.md +++ b/docs/installation/install.md @@ -26,16 +26,10 @@ Hence, make sure you selected the correct target cluster before issuing *liqoctl **Supported CNIs** -Liqo supports Kubernetes clusters using the following CNIs: [Flannel](https://github.com/flannel-io/flannel), [Calico](https://www.tigera.io/project-calico/), [Canal](https://github.com/projectcalico/canal), [Weave](https://github.com/weaveworks/weave). -Additionally, partial support is provided for [Cilium](https://cilium.io/), although with the limitations listed below. +Liqo supports Kubernetes clusters using the following CNIs: [Cilium](https://cilium.io/), [Flannel](https://github.com/flannel-io/flannel), [Calico](https://www.tigera.io/project-calico/), [Canal](https://github.com/projectcalico/canal), [Weave](https://github.com/weaveworks/weave). ```{warning} -If you are installing Liqo on a cluster using the **Calico** CNI, you MUST read the [dedicated configuration section](InstallationCalicoConfiguration) to avoid unwanted misconfigurations. -``` - -```{admonition} Liqo + Cilium limitations -Currently, Liqo supports the Cilium CNI only when *kube-proxy* is enabled. -Additionally, known limitations concern the impossibility of accessing the backends of *NodePort* and *LoadBalancer* services hosted on remote clusters, from a local cluster using Cilium as CNI. +If you are installing Liqo on a cluster using the **Calico** or **Cilium** CNI, you MUST read the [dedicated configuration section](InstallationCNIConfiguration) to avoid unwanted misconfigurations. ``` **Installation** @@ -534,7 +528,6 @@ Alternatively, the Helm chart can be retrieved from a **local path**, as configu liqoctl install --version --local-chart-path ``` -(InstallationCalicoConfiguration)= ## Check installation @@ -545,7 +538,31 @@ In particular, the following command can be used to check the status of the Liqo liqoctl status ``` -## Liqo and Calico +(InstallationCNIConfiguration)= + +## CNIs + +### Cilium + +Liqo creates a new node for each remote cluster, however we do not schedule daemonsets on these nodes. + +From version **1.14.2** cilum adds a taint to the nodes where the daemonset is not scheduled, so that pods are not scheduled on them. +This taint prevents also Liqo pods to be scheduled on the remote nodes. + +To solve this issue we need to specify to cilium daemonsets to ignore the Liqo node. +This can be done by adding the following helm values to cilium installation: + +```yaml +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: liqo.io/type + operator: DoesNotExist +``` + +### Calico Liqo adds several interfaces to the cluster nodes to handle cross-cluster traffic routing. Those interfaces are intended to not interfere with the normal CNI job. diff --git a/test/e2e/pipeline/infra/cluster-api/cilium-values.yaml b/test/e2e/pipeline/infra/cluster-api/cilium-values.yaml new file mode 100644 index 0000000000..9b9387dab6 --- /dev/null +++ b/test/e2e/pipeline/infra/cluster-api/cilium-values.yaml @@ -0,0 +1,11 @@ +ipam: + operator: + clusterPoolIPv4PodCIDRList: ${POD_CIDR} + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: liqo.io/type + operator: DoesNotExist diff --git a/test/e2e/pipeline/infra/cluster-api/cni.sh b/test/e2e/pipeline/infra/cluster-api/cni.sh index ba7dae903f..d347f4a9b3 100644 --- a/test/e2e/pipeline/infra/cluster-api/cni.sh +++ b/test/e2e/pipeline/infra/cluster-api/cni.sh @@ -69,7 +69,7 @@ function install_cilium() { if [ ! -f "${BINDIR/cilium/}" ]; then setup_arch_and_os local CILIUM_CLI_VERSION - CILIUM_CLI_VERSION="v0.14.0" + CILIUM_CLI_VERSION="v0.15.11" echo "Downloading Cilium CLI ${CILIUM_CLI_VERSION} for ${OS}-${ARCH}" curl -L --remote-name-all "https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-${OS}-${ARCH}.tar.gz{,.sha256sum}" @@ -79,7 +79,9 @@ function install_cilium() { rm "cilium-${OS}-${ARCH}.tar.gz.sha256sum" fi - KUBECONFIG="$kubeconfig" "${BINDIR}/cilium" install --helm-set ipam.operator.clusterPoolIPv4PodCIDRList="${POD_CIDR}" + export POD_CIDR="${POD_CIDR}" + envsubst < "$WORKDIR/cilium-values.yaml" > custom-cilium-values.yaml + KUBECONFIG="$kubeconfig" "${BINDIR}/cilium" install --values "$WORKDIR/custom-cilium-values.yaml" } function wait_cilium() {