From c1ac547417db93bb74f202a55cb65bcccd33ea43 Mon Sep 17 00:00:00 2001 From: Ty Date: Thu, 25 Jul 2024 19:17:48 +0800 Subject: [PATCH] Merge pull request #3762 from ty-dc/fix/cilium-vlanBypass Change the type of cilium bpf.vlanBypass to list Signed-off-by: robot --- docs/usage/install/overlay/get-started-cilium-zh_cn.md | 4 +++- docs/usage/install/overlay/get-started-cilium.md | 4 +++- test/scripts/install-default-cni.sh | 6 +++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/usage/install/overlay/get-started-cilium-zh_cn.md b/docs/usage/install/overlay/get-started-cilium-zh_cn.md index 84e4de4ad9..472e785072 100644 --- a/docs/usage/install/overlay/get-started-cilium-zh_cn.md +++ b/docs/usage/install/overlay/get-started-cilium-zh_cn.md @@ -18,9 +18,11 @@ - 准备好一个 Kubernetes 集群 - 安装 Cilium 作为集群的缺省 CNI。如果未安装,可参考 [官方文档](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) 或使用以下命令安装: + > Cilium 在运行时会扫描可用的 VLAN 设备和标签,并将过滤所有未知流量。在一些跨 VLAN 场景下访问时,可能会出现通讯问题,请在安装时使用 `--set bpf.vlanBypass={0}` 允许所有的 VLAN 标记通过,更多细节参考 [Cilium VLAN 802.1q 支持](https://docs.cilium.io/en/stable/configuration/vlan-802.1q/#vlan-802-1q)。 + ```shell ~# helm repo add cilium https://helm.cilium.io/ - ~# helm install cilium cilium/cilium -namespace kube-system + ~# helm install cilium cilium/cilium -namespace kube-system --set bpf.vlanBypass={0} ~# kubectl wait --for=condition=ready -l k8s-app=cilium pod -n kube-system ``` diff --git a/docs/usage/install/overlay/get-started-cilium.md b/docs/usage/install/overlay/get-started-cilium.md index 3ffbfd00ff..84f2337315 100644 --- a/docs/usage/install/overlay/get-started-cilium.md +++ b/docs/usage/install/overlay/get-started-cilium.md @@ -18,9 +18,11 @@ This page showcases the utilization of `Spiderpool`, a comprehensive Underlay ne - A ready Kubernetes cluster. - Cilium has been already installed as the default CNI for your cluster. If it is not installed, please refer to [the official documentation](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) or follow the commands below for installation: + > Cilium will scan available VLAN devices and tags when running, and will filter all unknown traffic. In some cross-VLAN scenarios,there may be communication problems. Please use `--set bpf.vlanBypass={0}` during installation to allow all VLAN tags to pass. For more details, refer to [Cilium VLAN 802.1q support](https://docs.cilium.io/en/stable/configuration/vlan-802.1q/#vlan-802-1q). + ```shell ~# helm repo add cilium https://helm.cilium.io/ - ~# helm install cilium cilium/cilium -namespace kube-system + ~# helm install cilium cilium/cilium -namespace kube-system --set bpf.vlanBypass={0} ~# kubectl wait --for=condition=ready -l k8s-app=cilium pod -n kube-system ``` diff --git a/test/scripts/install-default-cni.sh b/test/scripts/install-default-cni.sh index fe7f1c861a..4b35cc595b 100755 --- a/test/scripts/install-default-cni.sh +++ b/test/scripts/install-default-cni.sh @@ -172,15 +172,15 @@ function install_cilium() { # k8sServiceHost api-server address # k8sServicePort api-service port # bpf.vlanBypass allow vlan traffic to pass - KUBE_PROXY_REPLACEMENT=disabled + KUBE_PROXY_REPLACEMENT=false if [ "$DISABLE_KUBE_PROXY" = "true" ]; then - KUBE_PROXY_REPLACEMENT=strict + KUBE_PROXY_REPLACEMENT=true fi CILIUM_HELM_OPTIONS=" --set cni.exclusive=false \ --set kubeProxyReplacement=${KUBE_PROXY_REPLACEMENT} \ --set k8sServiceHost=${E2E_CLUSTER_NAME}-control-plane \ --set k8sServicePort=6443 \ - --set bpf.vlanBypass=0 " + --set bpf.vlanBypass={0} " case ${E2E_IP_FAMILY} in ipv4) CILIUM_HELM_OPTIONS+=" --set ipam.operator.clusterPoolIPv4PodCIDRList=${CILIUM_CLUSTER_POD_SUBNET_V4} \