scottk/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-03-21 21:39:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(cilium): resource tuning

Browse Source
This commit is contained in:
JJGadgets
2025-02-16 10:36:19 +08:00
parent f32a95757c
commit 3f8be0a66e
2 changed files with 2 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
View File

@@ -6,14 +6,6 @@ securityContext:
capabilities:
ciliumAgent: [CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,NET_BIND_SERVICE,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID]
cleanCiliumState: [NET_ADMIN,SYS_ADMIN,SYS_RESOURCE]
# podSecurityContext:
# appArmorProfile:
# type: "Unconfined"
# # podAnnotations:
# # "container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites": "runtime/default"
# # "container.apparmor.security.beta.kubernetes.io/cilium-agent": "runtime/default"
# # "container.apparmor.security.beta.kubernetes.io/clean-cilium-state": "runtime/default"
# # "container.apparmor.security.beta.kubernetes.io/mount-cgroup": "runtime/default"
cgroup:
autoMount:
enabled: false

11
kube/deploy/core/_networking/cilium/app/hr.yaml
View File

@@ -27,13 +27,6 @@ spec:
valuesKey: "${CLUSTER_NAME:=biohazard}.yaml"
optional: false
values:
# image: # for Renovate changelog
# repository: "quay.io/cilium/cilium"
# tag: "v1.15.1"
## NOTE: Cilium Agent API rate limit configuration
### upon reboot/untaint/uncordon, burst(s) of pod creations causes Cilium to 429 rate limit pods from getting their network configuration
### current config stolen from https://github.com/cilium/cilium/issues/24361#issuecomment-1564825275
#apiRateLimit: "endpoint-create=auto-adjust:true,estimated-processing-duration:1s,mean-over:15"
## NOTE: BGP for LoadBalancer services
### `bgpControlPlane.enabled: true` is newer GoBGP implementation, while `bgp.enabled: true` and `bgp.announce` uses older MetalLB BGP implementation that is planned to be deprecated in Cilium v1.15.
### `bgp.announce` block is replaced by CiliumBGPPeeringPolicy CRD used by bgpControlPlane, for more fine grained control over announced addresses
@@ -133,7 +126,7 @@ spec:
resources: # for agent
requests:
cpu: "100m"
memory: "1Gi"
memory: "512Mi"
limits:
cpu: "1"
cpu: "2"
memory: "6Gi"