Skip to content

Commit 55dcfc7

Browse files
committed
up
1 parent 924da9a commit 55dcfc7

3 files changed

Lines changed: 25 additions & 2 deletions

File tree

infrastructure/networking/cilium/kustomization.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ kind: Kustomization
77
resources:
88
- ip-pool.yaml
99
- l2-policy.yaml
10-
- l2-announcement.yaml
10+
# REMOVED: l2-announcement.yaml (duplicate of l2-policy.yaml - was causing ARP conflicts)
1111

1212
helmCharts:
1313
- name: cilium

infrastructure/networking/cilium/l2-announcement.yaml renamed to infrastructure/networking/cilium/l2-announcement.yaml.disabled

File renamed without changes.

infrastructure/networking/cilium/values.yaml

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,17 @@ socketLB:
5151
enabled: true
5252
hostNamespaceOnly: false
5353

54+
# Enable Bandwidth Manager for better TCP performance
55+
bandwidthManager:
56+
enabled: true
57+
bbr: true # Enable BBR congestion control
58+
5459
# BPF Host Routing
5560
bpf:
5661
masquerade: true
62+
# Connection tracking improvements for better session handling
63+
ctTcpTimeout: 21600 # 6 hours (default is 6 hours but explicit is better)
64+
ctAnyTimeout: 3600 # 1 hour for non-TCP connections
5765

5866
# L2 Announcements for LoadBalancer Services
5967
l2announcements:
@@ -79,6 +87,12 @@ k8sClientRateLimit:
7987
# Gateway API Support
8088
gatewayAPI:
8189
enabled: true
90+
# CRITICAL FIX: Use Local externalTrafficPolicy to preserve source IP
91+
# and enable proper connection tracking. This fixes intermittent connectivity.
92+
externalTrafficPolicy: Local
93+
# Enable session affinity for consistent routing
94+
sessionAffinity: true
95+
sessionAffinityTimeoutSeconds: 10800 # 3 hours
8296

8397
# Hubble (Observability)
8498
hubble:
@@ -90,4 +104,13 @@ hubble:
90104

91105
# Operator Configuration
92106
operator:
93-
replicas: 1
107+
# CRITICAL FIX: Run 2 replicas for HA - single replica is a SPOF
108+
replicas: 2
109+
# Ensure replicas run on different nodes
110+
affinity:
111+
podAntiAffinity:
112+
requiredDuringSchedulingIgnoredDuringExecution:
113+
- labelSelector:
114+
matchLabels:
115+
io.cilium/app: operator
116+
topologyKey: kubernetes.io/hostname

0 commit comments

Comments
 (0)