Skip to content

Commit

Permalink
Docs: cilium
Browse files Browse the repository at this point in the history
  • Loading branch information
cheina97 committed Nov 2, 2023
1 parent 87e7497 commit 94adc55
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 6 deletions.
30 changes: 26 additions & 4 deletions docs/installation/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,11 @@ Liqo supports Kubernetes clusters using the following CNIs: [Flannel](https://gi
Additionally, partial support is provided for [Cilium](https://cilium.io/), although with the limitations listed below.
```{warning}
If you are installing Liqo on a cluster using the **Calico** CNI, you MUST read the [dedicated configuration section](InstallationCalicoConfiguration) to avoid unwanted misconfigurations.
If you are installing Liqo on a cluster using the **Calico** or **Cilium** CNI, you MUST read the [dedicated configuration section](InstallationCNIConfiguration) to avoid unwanted misconfigurations.
```
```{admonition} Liqo + Cilium limitations
Currently, Liqo supports the Cilium CNI only when *kube-proxy* is enabled.
Additionally, known limitations concern the impossibility of accessing the backends of *NodePort* and *LoadBalancer* services hosted on remote clusters, from a local cluster using Cilium as CNI.
```
**Installation**
Expand Down Expand Up @@ -534,7 +533,6 @@ Alternatively, the Helm chart can be retrieved from a **local path**, as configu
liqoctl install <provider> --version <commit-sha> --local-chart-path <path-to-local-chart>
```

(InstallationCalicoConfiguration)=

## Check installation

Expand All @@ -545,7 +543,31 @@ In particular, the following command can be used to check the status of the Liqo
liqoctl status
```

## Liqo and Calico
(InstallationCNIConfiguration)=

## CNIs

### Cilium

Liqo creates a new node for each remote cluster, however we do not schedule daemonsets on these nodes.

From version **1.14.2** cilum adds a taint to the nodes where the daemonset is not scheduled, so that pods are not scheduled on them.
This taint prevents also Liqo pods to be scheduled on the remote nodes.

To solve this issue we need to specify to cilium daemonsets to ignore the Liqo node.
This can be done by adding the following helm values to cilium installation:

```yaml
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: liqo.io/type
operator: DoesNotExist
```
### Calico
Liqo adds several interfaces to the cluster nodes to handle cross-cluster traffic routing.
Those interfaces are intended to not interfere with the normal CNI job.
Expand Down
11 changes: 11 additions & 0 deletions test/e2e/pipeline/infra/cluster-api/cilium-values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
ipam:
operator:
clusterPoolIPv4PodCIDRList: ${POD_CIDR}

affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: liqo.io/type
operator: DoesNotExist
6 changes: 4 additions & 2 deletions test/e2e/pipeline/infra/cluster-api/cni.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ function install_cilium() {
if [ ! -f "${BINDIR/cilium/}" ]; then
setup_arch_and_os
local CILIUM_CLI_VERSION
CILIUM_CLI_VERSION="v0.14.0"
CILIUM_CLI_VERSION="v0.15.11"

echo "Downloading Cilium CLI ${CILIUM_CLI_VERSION} for ${OS}-${ARCH}"
curl -L --remote-name-all "https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-${OS}-${ARCH}.tar.gz{,.sha256sum}"
Expand All @@ -79,7 +79,9 @@ function install_cilium() {
rm "cilium-${OS}-${ARCH}.tar.gz.sha256sum"
fi

KUBECONFIG="$kubeconfig" "${BINDIR}/cilium" install --helm-set ipam.operator.clusterPoolIPv4PodCIDRList="${POD_CIDR}"
export POD_CIDR="${POD_CIDR}"
envsubst < "$WORKDIR/cilium-values.yaml" > custom-cilium-values.yaml
KUBECONFIG="$kubeconfig" "${BINDIR}/cilium" install --values "$WORKDIR/custom-cilium-values.yaml"
}

function wait_cilium() {
Expand Down

0 comments on commit 94adc55

Please sign in to comment.