From c524a6ab654e48a1113ada476daf63a3eec168b7 Mon Sep 17 00:00:00 2001 From: Vegard Hagen Date: Fri, 13 Sep 2024 16:21:51 +0200 Subject: [PATCH] feat(cilium): enable maglev loadBalancer Maglev Consistent Hashing should improve resiliency in case of failures https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/\#maglev-consistent-hashing --- k8s/infra/network/cilium/values.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/k8s/infra/network/cilium/values.yaml b/k8s/infra/network/cilium/values.yaml index 9c8e331..f2c9789 100644 --- a/k8s/infra/network/cilium/values.yaml +++ b/k8s/infra/network/cilium/values.yaml @@ -9,8 +9,8 @@ k8sServiceHost: localhost k8sServicePort: 7445 securityContext: capabilities: - ciliumAgent: [ CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID ] - cleanCiliumState: [ NET_ADMIN,SYS_ADMIN,SYS_RESOURCE ] + ciliumAgent: [ CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID ] + cleanCiliumState: [ NET_ADMIN, SYS_ADMIN, SYS_RESOURCE ] cgroup: autoMount: @@ -57,16 +57,17 @@ externalIPs: enableCiliumEndpointSlice: true +loadBalancer: + # https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#maglev-consistent-hashing + algorithm: maglev + gatewayAPI: enabled: true envoy: securityContext: capabilities: keepCapNetBindService: true - envoy: - - NET_ADMIN - - PERFMON - - BPF + envoy: [ NET_ADMIN, PERFMON, BPF ] hubble: enabled: true @@ -79,6 +80,11 @@ hubble: ingressController: enabled: false + default: true + loadbalancerMode: shared + service: + annotations: + io.cilium/lb-ipam-ips: 192.168.1.223 # mTLS authentication: