-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cilium 1.16 enable envoy by default #6682
Comments
Here my full config to deploy cilium with network policies enabled: apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-cilium
namespace: kube-system
spec:
bootstrap: true
valuesContent: |
cluster:
name: my-lovely-kube
id: 1
kubeProxyReplacement: true
k8sServiceHost: my-kubernetes-load-balancer-hostname.fr
k8sServicePort: 6443
envoy:
enabled: false # Now it's mandatory or you have new cilium-envoy DaemonSet
cni:
chainingMode: none
bpf:
masquerade: true
MTU: 1500
encryption:
enabled: false
type: wireguard
nodeEncryption: false
hubble:
enabled: true
metrics:
enabled:
- dns
- drop
- tcp
- flow
- port-distribution
- icmp
- httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction
serviceMonitor:
enabled: true
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
replacement: ${1}
- targetLabel: cluster
replacement: my-lovely-kube
action: replace
dashboards:
enabled: true
relay:
enabled: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
relabelings:
- targetLabel: cluster
replacement: my-lovely-kube
action: replace
ui:
enabled: true
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
className: nginx
hosts:
- hubble.my-lovely-hostname.fr
tls:
- secretName: hubble.my-lovely-hostname.fr
hosts:
- hubble.my-lovely-hostname.fr
prometheus:
enabled: true
serviceMonitor:
enabled: true
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
replacement: ${1}
- targetLabel: cluster
replacement: my-lovely-kube
action: replace
dashboards:
enabled: true
operator:
enabled: true
rollOutPods: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
relabelings:
- targetLabel: cluster
replacement: my-lovely-kube
action: replace
dashboards:
enabled: true
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: prometheus-to-hubble
namespace: kube-system
spec:
podSelector:
matchLabels:
k8s-app: hubble
ingress:
- ports:
- protocol: TCP
port: hubble-metrics
from:
- podSelector:
matchLabels:
app.kubernetes.io/instance: kube-prometheus-stack-prometheus
app.kubernetes.io/name: prometheus
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: prometheus-to-hubble-relay
namespace: kube-system
spec:
podSelector:
matchLabels:
k8s-app: hubble-relay
ingress:
- ports:
- protocol: TCP
port: prometheus
from:
- podSelector:
matchLabels:
app.kubernetes.io/instance: kube-prometheus-stack-prometheus
app.kubernetes.io/name: prometheus
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
policyTypes:
- Ingress |
Issue: rancher/rke2#6682 Signed-off-by: Michael Fritch <[email protected]>
Issue: rancher/rke2#6682 Signed-off-by: Michael Fritch <[email protected]>
Issue: rancher/rke2#6682 Signed-off-by: Michael Fritch <[email protected]>
##Environment Details Infrastructure
Node(s) CPU architecture, OS, and version: Linux 6.4.0-150600.23.17-default x86_64 GNU/Linux Cluster Configuration:
Config.yaml:
Details
Results: Current release image versions used by cilium pods already contain this version even though the milestone/release was set for October. $ kd po cilium-jsccd -n kube-system | grep -i image
Confirming that the image is present via commit_id on all active branches v1.31 COMMIT_ID=5f70d18fe7637135995a621627983f791c1fc3da
v1.30 COMMIT_ID=609736bbe10fcb2b32d613ffb2329b089174dbf3
v1.29 COMMIT_ID=78e173a47c228286320e7967f2df62635aba795d
v1.28 COMMIT_ID=bab888a04e223189d39c7342c191f7ce592c3443
|
Environmental Info:
RKE2 Version:
gbellongervais@localhost:~> kubectl version
Client Version: v1.28.13
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.13+rke2r1
Cluster Configuration:
3 control-planes
2 workers
Describe the bug:
If I don't specify to disable Envoy deployment, I have Envoy deployed as DaemonSet, which is the new correct behaviour according to cilium doc cilium/cilium@471f19a
I need to specify:
I don't know if it's really a bug or a new feature but maybe we could document this somewhere.
The text was updated successfully, but these errors were encountered: