Skip to content

Commit

Permalink
docs: update Cilium docs
Browse files Browse the repository at this point in the history 
Update the Cilium CNI documentation.

Signed-off-by: Bernard Gütermann <bernard.gutermann@sekops.ch>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
  • Loading branch information
@bernardgut @smira
bernardgut authored and smira committed Apr 12, 2024
1 parent 831f3d3 commit 78bc3a4
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
6 changes: 6 additions & 0 deletions website/content/v1.6/kubernetes-guides/network/deploying-cilium.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,12 @@ For more details: [GCP ILB support / support scope local routes to be configured

## Other things to know

- After installing Cilium, `cilium connectivity test` might hang and/or fail with errors similar to

```Error creating: pods "client-69748f45d8-9b9jg" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (container "client" must not include "NET_RAW" in securityContext.capabilities.add)```

This is expected, you can workaround it by adding the `pod-security.kubernetes.io/enforce=priviledged` [label on the namespace level]({{< relref "../configuration/pod-security">}}).

- Talos has full kernel module support for eBPF, See:
- [Cilium System Requirements](https://docs.cilium.io/en/v1.14/operations/system_requirements/)
- [Talos Kernel Config AMD64](https://github.com/siderolabs/pkgs/blob/main/kernel/build/config-amd64)
Expand Down
6 changes: 6 additions & 0 deletions website/content/v1.7/kubernetes-guides/network/deploying-cilium.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,12 @@ For more details: [GCP ILB support / support scope local routes to be configured

## Other things to know

- After installing Cilium, `cilium connectivity test` might hang and/or fail with errors similar to

```Error creating: pods "client-69748f45d8-9b9jg" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (container "client" must not include "NET_RAW" in securityContext.capabilities.add)```

This is expected, you can workaround it by adding the `pod-security.kubernetes.io/enforce=priviledged` [label on the namespace level]({{< relref "../configuration/pod-security">}}).

- Talos has full kernel module support for eBPF, See:
- [Cilium System Requirements](https://docs.cilium.io/en/v1.14/operations/system_requirements/)
- [Talos Kernel Config AMD64](https://github.com/siderolabs/pkgs/blob/main/kernel/build/config-amd64)
Expand Down

0 comments on commit 78bc3a4

Please sign in to comment.