Add experimental Cilium CNI provider

* Accept experimental CNI `networking` mode "cilium" * Run Cilium v1.8.0-rc4 with overlay vxlan tunnels and a minimal set of features. We're interested in: * IPAM: Divide pod_cidr into /24 subnets per node * CNI networking pod-to-pod, pod-to-external * BPF masquerade * NetworkPolicy as defined by Kubernetes (no L7 Policy) * Continue using kube-proxy with Cilium probe mode * Firewall changes: * Require UDP 8472 for vxlan (Linux kernel default) between nodes * Optional ICMP echo(8) between nodes for host reachability (health) * Optional TCP 4240 between nodes for endpoint reachability (health) Known Issues: * Containers with `hostPort` don't listen on all host addresses, these workloads must use `hostNetwork` for now cilium/cilium#12116 * Erroneous warning on Fedora CoreOS cilium/cilium#10256 Note: This is experimental. It is not listed in docs and may be changed or removed without a deprecation notice Related: * poseidon/terraform-render-bootstrap#192 * cilium/cilium#12217
poseidon · Jun 22, 2020 · 327776f · 327776f
1 parent d8f553f
commit 327776f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/bootstrap.tf b/bootstrap.tf
@@ -1,6 +1,6 @@
 # Kubernetes assets (kubeconfig, manifests)
 module "bootstrap" {
-  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e75697ce35d7773705f0b9b28ce1ffbe99f9493c"
+  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=af36c539360696f5ca6cf5b06bb729477a003602"
 
   cluster_name                    = var.cluster_name
   api_servers                     = [var.k8s_domain_name]