Upgrade Cilium from v1.13.4 to v1.14.0

* https://github.com/cilium/cilium/releases/tag/v1.14.0
2026-01-27 10:20:45 +00:00 · 2023-07-30 00:36:50 -07:00
parent d4da2f99fb
commit 35848a50c6
5 changed files with 26 additions and 10 deletions
--- a/resources/cilium/cluster-role.yaml
+++ b/resources/cilium/cluster-role.yaml
@@ -87,6 +87,10 @@ rules:
  - ciliumendpointslices
  - ciliumloadbalancerippools
  - ciliumloadbalancerippools/status
+  - ciliumcidrgroups
+  - ciliuml2announcementpolicies
+  - ciliuml2announcementpolicies/status
+  - ciliumpodippools
  verbs:
  - '*'
 - apiGroups:
@@ -175,6 +179,10 @@ rules:
  - ciliumlocalredirectpolicies/status
  - ciliumegressnatpolicies
  - ciliumendpointslices
+  - ciliumcidrgroups
+  - ciliuml2announcementpolicies
+  - ciliuml2announcementpolicies/status
+  - ciliumpodippools
  verbs:
  - '*'

--- a/resources/cilium/config.yaml
+++ b/resources/cilium/config.yaml
@@ -100,6 +100,7 @@ data:
  #   - disabled
  #   - vxlan (default)
  #   - geneve
+  routing-mode: "tunnel"
  tunnel: vxlan
  # Enables L7 proxy for L7 policy enforcement and visibility
  enable-l7-proxy: "true"
@@ -127,7 +128,7 @@ data:
  enable-bpf-masquerade: "true"

  # kube-proxy
-  kube-proxy-replacement:  "partial"
+  kube-proxy-replacement:  "false"
  kube-proxy-replacement-healthz-bind-address: ""
  enable-session-affinity: "true"

@@ -162,3 +163,8 @@ data:
  operator-api-serve-addr: "127.0.0.1:9234"
  enable-l2-neigh-discovery: "true"
  enable-k8s-terminating-endpoint: "true"
+  enable-k8s-networkpolicy: "true"
+  external-envoy-proxy: "false"
+  write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
+  cni-exclusive: "true"
+  cni-log-file: "/var/run/cilium/cilium-cni.log"
--- a/resources/cilium/daemonset.yaml
+++ b/resources/cilium/daemonset.yaml
@@ -115,13 +115,6 @@ spec:
            protocol: TCP
            containerPort: 9876
        lifecycle:
-          # Install Cilium CNI binary and CNI network config
-          postStart:
-            exec:
-              command:
-              - "/cni-install.sh"
-              - "--enable-debug=false"
-              - "--cni-exclusive=true"
          preStop:
            exec:
              command:
--- a/resources/cilium/deployment.yaml
+++ b/resources/cilium/deployment.yaml
@@ -66,6 +66,15 @@ spec:
          initialDelaySeconds: 60
          periodSeconds: 10
          timeoutSeconds: 3
+        readinessProbe:
+          httpGet:
+            scheme: HTTP
+            host: 127.0.0.1
+            port: 9234
+            path: /healthz
+          periodSeconds: 15
+          timeoutSeconds: 3
+          failureThreshold: 5
        volumeMounts:
        - name: config
          mountPath: /tmp/cilium/config-map
--- a/variables.tf
+++ b/variables.tf
@@ -62,8 +62,8 @@ variable "container_images" {
  default = {
    calico                  = "quay.io/calico/node:v3.26.1"
    calico_cni              = "quay.io/calico/cni:v3.26.1"
-    cilium_agent            = "quay.io/cilium/cilium:v1.13.4"
-    cilium_operator         = "quay.io/cilium/operator-generic:v1.13.4"
+    cilium_agent            = "quay.io/cilium/cilium:v1.14.0"
+    cilium_operator         = "quay.io/cilium/operator-generic:v1.14.0"
    coredns                 = "registry.k8s.io/coredns/coredns:v1.9.4"
    flannel                 = "docker.io/flannel/flannel:v0.22.1"
    flannel_cni             = "quay.io/poseidon/flannel-cni:v0.4.2"