Skip to content

Add Cilium cluster application

Arthur Evstifeev requested to merge aevstifeev/cluster-applications:cilium-cluster-application into master

Cilium is a container networking provider that can be used to enable support for NetworkPolicy in a cluster.

Supports installation to both GKE (default) and EKS via clusterType variable.

Unfortunately cilium is not working with k3s due to difference in IPAM/CIDR management. I will do more testing around it but for now I think it will be better to disable it on k3s.

I had to introduce 2 new stages to the CI pipeline (cilium_install and cilium_uninstall) to make necessary kube-system pod restarts on GKE. Without those kube-system pods might be unavailable and helm will fail to reach metrics endpoints. Restarts are necessary since cilium's node init daemonset will reconfigure kubelet to use it's CNI plugin and this might cause some pods (notably kube-dns) to use cilium's IPAM.

I'm temporary serving helm charts from the defend's group repository since cilium doesn't have helm repository. Cilium devs aim to deploy helm repository in upcoming major release which supposed to happen before 12.6.

related to gitlab-org/gitlab#14010 (closed)

Edited by Arthur Evstifeev

Merge request reports