Cilium - production ready technology adoption - phase 1 of 3 #1632
Labels
area/network
Pull requests that update cni and network modules
priority/top
Issues that have the most priority
type/epic
Preflight Checklist
Use case. Why is this important?
We've got stuff to do before Cilium becomes production ready.
Proposed Solution
Enable Cilium to be default on new setupsVXLAN Support: [cilium] improvements #1594Ensure modules support Cilium's Way of NetworkingNode Local DNSLocalRedirectPolicy viabilityistioEverything except cilium's L7 policies work well.Enable VPA: [cilium] improvements #1594Make Hubble turned off by default, as it consumes large amounts of CPU (upstream issue).To Do
Build kernel checker. #[deckhouse] check kernel versions for enabled modules #2709Check kernel version if cilium module enabled on deckhouse module start and block queue in case if kernel has wrong version.Add metric and alerts about wrong kernel version.Add deckhouseReleases requirements and disruptions for cilium minimal kernel version.Add init container for cilium agents to prevent run agents on nodes with wrong kernels.Check Hubble performance - create an issue in backlog ([cni-cilium] Cilium Hubble high cpu usage #3078)Cilium Service Mesh - create an issue in backlog ([cni-cilium] Service Mesh research #3084)Possibly using entities instead of enumerating IPs and ports. Use of entities leads to unpredictable results.Backlog
[cni-cilium] Debugging guide ADVANCED_USAGE.md #2808[cni-cilium] limiting identity-relevant labels #3116[cni-cilium] CNI cilium grafana dashboard #3497Investigate issues with hostPort ([cni-cilium] hostPort works unpredictably #3035)All works as expected.trafficPolicy: Cluster
to reduce module's complexity when Cilium is in use #1718)Links:
What we should test in case of new cilium versions:
hostWithFailover
- test iptables hack is working.The text was updated successfully, but these errors were encountered: