diff --git a/resources/cilium/cluster-role.yaml b/resources/cilium/cluster-role.yaml index e83e941..ed5c14d 100644 --- a/resources/cilium/cluster-role.yaml +++ b/resources/cilium/cluster-role.yaml @@ -87,6 +87,10 @@ rules: - ciliumendpointslices - ciliumloadbalancerippools - ciliumloadbalancerippools/status + - ciliumcidrgroups + - ciliuml2announcementpolicies + - ciliuml2announcementpolicies/status + - ciliumpodippools verbs: - '*' - apiGroups: @@ -175,6 +179,10 @@ rules: - ciliumlocalredirectpolicies/status - ciliumegressnatpolicies - ciliumendpointslices + - ciliumcidrgroups + - ciliuml2announcementpolicies + - ciliuml2announcementpolicies/status + - ciliumpodippools verbs: - '*' diff --git a/resources/cilium/config.yaml b/resources/cilium/config.yaml index 41bb5b7..04f1c5b 100644 --- a/resources/cilium/config.yaml +++ b/resources/cilium/config.yaml @@ -100,6 +100,7 @@ data: # - disabled # - vxlan (default) # - geneve + routing-mode: "tunnel" tunnel: vxlan # Enables L7 proxy for L7 policy enforcement and visibility enable-l7-proxy: "true" @@ -127,7 +128,7 @@ data: enable-bpf-masquerade: "true" # kube-proxy - kube-proxy-replacement: "partial" + kube-proxy-replacement: "false" kube-proxy-replacement-healthz-bind-address: "" enable-session-affinity: "true" @@ -162,3 +163,8 @@ data: operator-api-serve-addr: "127.0.0.1:9234" enable-l2-neigh-discovery: "true" enable-k8s-terminating-endpoint: "true" + enable-k8s-networkpolicy: "true" + external-envoy-proxy: "false" + write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist + cni-exclusive: "true" + cni-log-file: "/var/run/cilium/cilium-cni.log" diff --git a/resources/cilium/daemonset.yaml b/resources/cilium/daemonset.yaml index bd03ad5..bfb1abf 100644 --- a/resources/cilium/daemonset.yaml +++ b/resources/cilium/daemonset.yaml @@ -115,13 +115,6 @@ spec: protocol: TCP containerPort: 9876 lifecycle: - # Install Cilium CNI binary and CNI network config - postStart: - exec: - command: - - "/cni-install.sh" - - "--enable-debug=false" - - "--cni-exclusive=true" preStop: exec: command: diff --git a/resources/cilium/deployment.yaml b/resources/cilium/deployment.yaml index 7cee15a..de14137 100644 --- a/resources/cilium/deployment.yaml +++ b/resources/cilium/deployment.yaml @@ -66,6 +66,15 @@ spec: initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 3 + readinessProbe: + httpGet: + scheme: HTTP + host: 127.0.0.1 + port: 9234 + path: /healthz + periodSeconds: 15 + timeoutSeconds: 3 + failureThreshold: 5 volumeMounts: - name: config mountPath: /tmp/cilium/config-map diff --git a/variables.tf b/variables.tf index bf96e39..f99d161 100644 --- a/variables.tf +++ b/variables.tf @@ -62,8 +62,8 @@ variable "container_images" { default = { calico = "quay.io/calico/node:v3.26.1" calico_cni = "quay.io/calico/cni:v3.26.1" - cilium_agent = "quay.io/cilium/cilium:v1.13.4" - cilium_operator = "quay.io/cilium/operator-generic:v1.13.4" + cilium_agent = "quay.io/cilium/cilium:v1.14.0" + cilium_operator = "quay.io/cilium/operator-generic:v1.14.0" coredns = "registry.k8s.io/coredns/coredns:v1.9.4" flannel = "docker.io/flannel/flannel:v0.22.1" flannel_cni = "quay.io/poseidon/flannel-cni:v0.4.2"