diff --git a/docs/CNI/cilium.md b/docs/CNI/cilium.md index fed25ddb5f9..6523caa8fdc 100644 --- a/docs/CNI/cilium.md +++ b/docs/CNI/cilium.md @@ -313,12 +313,21 @@ Bandwidth Manager requires a v5.1.x or more recent Linux kernel. For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/) -To use this function, set the following parameters +To use this feature, set the following parameters: ```yml cilium_enable_bandwidth_manager: true ``` +The base infrastructure around MQ/FQ setup provided by Cilium’s bandwidth manager also allows for use of TCP BBR congestion control for Pods. BBR achieves higher bandwidths and lower latencies for Internet traffic. you can enable it by setting the following parameters: + +```yaml +cilium_enable_bandwidth_manager: true +cilium_enable_bbr: true +``` + +> BBR for Pods requires a v5.18.x or more recent Linux kernel. + ## Host Firewall Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity. diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index 9de2d331c87..6fc870d04a5 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -55,7 +55,9 @@ cilium_enable_prometheus: false cilium_enable_portmap: false # Monitor aggregation level (none/low/medium/maximum) cilium_monitor_aggregation: medium -# Kube Proxy Replacement mode (strict/partial) +# Kube Proxy Replacement mode +# cilium_version < 1.14.0: strict/partial/disabled +# cilium_version >= 1.14.0: true/false cilium_kube_proxy_replacement: partial # If upgrading from Cilium < 1.5, you may want to override some of these options @@ -120,6 +122,10 @@ cilium_wireguard_userspace_fallback: false # Bandwidth Manager requires a v5.1.x or more recent Linux kernel. cilium_enable_bandwidth_manager: false +# Enable BBR for the bandwidth manager +# Requires cilium_enable_bandwidth_manager to be enabled +cilium_enable_bbr: false + # IP Masquerade Agent # https://docs.cilium.io/en/stable/concepts/networking/masquerading/ # By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 index 9cae26795f8..076fbc541cc 100644 --- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 @@ -144,6 +144,11 @@ data: # Bandwidth Manager requires a v5.1.x or more recent Linux kernel. {% if cilium_enable_bandwidth_manager %} enable-bandwidth-manager: "true" + # Enable BBR for the bandwidth manager + # BBR for Pods requires a v5.18.x or more recent Linux kernel. +{% if cilium_enable_bbr %} + enable-bbr: "true" +{% endif %} {% endif %} # Host Firewall and Policy Audit Mode