alt-orchestra/talos
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update Cilium docs

Browse Source 
Update the Cilium CNI documentation.

Signed-off-by: Bernard Gütermann <bernard.gutermann@sekops.ch>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Bernard Gütermann 2024-04-10 22:18:37 +02:00 committed by Andrey Smirnov
parent 831f3d39e9
commit 78bc3a433e
No known key found for this signature in database
GPG Key ID: FE042E3D4085A811
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
website/content/v1.6/kubernetes-guides/network/deploying-cilium.md
View File

@ -288,6 +288,12 @@ For more details: [GCP ILB support / support scope local routes to be configured
## Other things to know
- After installing Cilium, `cilium connectivity test` might hang and/or fail with errors similar to
```Error creating: pods "client-69748f45d8-9b9jg" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (container "client" must not include "NET_RAW" in securityContext.capabilities.add)```
This is expected, you can workaround it by adding the `pod-security.kubernetes.io/enforce=priviledged` [label on the namespace level]({{< relref "../configuration/pod-security">}}).
- Talos has full kernel module support for eBPF, See:
- [Cilium System Requirements](https://docs.cilium.io/en/v1.14/operations/system_requirements/)
- [Talos Kernel Config AMD64](https://github.com/siderolabs/pkgs/blob/main/kernel/build/config-amd64)

6
website/content/v1.7/kubernetes-guides/network/deploying-cilium.md
View File

@ -288,6 +288,12 @@ For more details: [GCP ILB support / support scope local routes to be configured
## Other things to know
- After installing Cilium, `cilium connectivity test` might hang and/or fail with errors similar to
```Error creating: pods "client-69748f45d8-9b9jg" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (container "client" must not include "NET_RAW" in securityContext.capabilities.add)```
This is expected, you can workaround it by adding the `pod-security.kubernetes.io/enforce=priviledged` [label on the namespace level]({{< relref "../configuration/pod-security">}}).
- Talos has full kernel module support for eBPF, See:
- [Cilium System Requirements](https://docs.cilium.io/en/v1.14/operations/system_requirements/)
- [Talos Kernel Config AMD64](https://github.com/siderolabs/pkgs/blob/main/kernel/build/config-amd64)