From ea25e811623d901ed8a21fbe851882c07af55f41 Mon Sep 17 00:00:00 2001 From: Cyclinder Kuo Date: Thu, 21 Nov 2024 11:49:27 +0800 Subject: [PATCH] Add cilium_enable_bbr flag for cilium Signed-off-by: cyclinder --- docs/CNI/cilium.md | 11 ++++++++++- roles/network_plugin/cilium/defaults/main.yml | 8 +++++++- .../cilium/templates/cilium/config.yml.j2 | 5 +++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/CNI/cilium.md b/docs/CNI/cilium.md index fed25ddb5f9..6523caa8fdc 100644 --- a/docs/CNI/cilium.md +++ b/docs/CNI/cilium.md @@ -313,12 +313,21 @@ Bandwidth Manager requires a v5.1.x or more recent Linux kernel. For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/) -To use this function, set the following parameters +To use this feature, set the following parameters: ```yml cilium_enable_bandwidth_manager: true ``` +The base infrastructure around MQ/FQ setup provided by Cilium’s bandwidth manager also allows for use of TCP BBR congestion control for Pods. BBR achieves higher bandwidths and lower latencies for Internet traffic. you can enable it by setting the following parameters: + +```yaml +cilium_enable_bandwidth_manager: true +cilium_enable_bbr: true +``` + +> BBR for Pods requires a v5.18.x or more recent Linux kernel. + ## Host Firewall Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity. diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index 9de2d331c87..c0917976e50 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -55,7 +55,9 @@ cilium_enable_prometheus: false cilium_enable_portmap: false # Monitor aggregation level (none/low/medium/maximum) cilium_monitor_aggregation: medium -# Kube Proxy Replacement mode (strict/partial) +# Kube Proxy Replacement mode +# cilium_version < 1.14.0: strict/partial/disabled +# cilium_version >= 1.14.0: true/false cilium_kube_proxy_replacement: partial # If upgrading from Cilium < 1.5, you may want to override some of these options @@ -120,6 +122,10 @@ cilium_wireguard_userspace_fallback: false # Bandwidth Manager requires a v5.1.x or more recent Linux kernel. cilium_enable_bandwidth_manager: false +# Enable BBR for the bandwidth manager +# Requires cilium_enable_bandwidth_manager to be enabled +cilium_enable_bbr: false + # IP Masquerade Agent # https://docs.cilium.io/en/stable/concepts/networking/masquerading/ # By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 index 9cae26795f8..b395e89e44d 100644 --- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 @@ -144,6 +144,11 @@ data: # Bandwidth Manager requires a v5.1.x or more recent Linux kernel. {% if cilium_enable_bandwidth_manager %} enable-bandwidth-manager: "true" + # Enable BBR for the bandwidth manager + # BBR for Pods requires a v5.18.x or more recent Linux kernel. + {% if cilium_enable_bbr %} + enable-bbr: "true" + {% endif %} {% endif %} # Host Firewall and Policy Audit Mode