File tree Expand file tree Collapse file tree
infrastructure/networking/cilium Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -7,7 +7,7 @@ kind: Kustomization
77resources :
88- ip-pool.yaml
99- l2-policy.yaml
10- - l2-announcement.yaml
10+ # REMOVED: l2-announcement.yaml (duplicate of l2-policy.yaml - was causing ARP conflicts)
1111
1212helmCharts :
1313- name : cilium
File renamed without changes.
Original file line number Diff line number Diff line change @@ -51,9 +51,17 @@ socketLB:
5151 enabled : true
5252 hostNamespaceOnly : false
5353
54+ # Enable Bandwidth Manager for better TCP performance
55+ bandwidthManager :
56+ enabled : true
57+ bbr : true # Enable BBR congestion control
58+
5459# BPF Host Routing
5560bpf :
5661 masquerade : true
62+ # Connection tracking improvements for better session handling
63+ ctTcpTimeout : 21600 # 6 hours (default is 6 hours but explicit is better)
64+ ctAnyTimeout : 3600 # 1 hour for non-TCP connections
5765
5866# L2 Announcements for LoadBalancer Services
5967l2announcements :
@@ -79,6 +87,12 @@ k8sClientRateLimit:
7987# Gateway API Support
8088gatewayAPI :
8189 enabled : true
90+ # CRITICAL FIX: Use Local externalTrafficPolicy to preserve source IP
91+ # and enable proper connection tracking. This fixes intermittent connectivity.
92+ externalTrafficPolicy : Local
93+ # Enable session affinity for consistent routing
94+ sessionAffinity : true
95+ sessionAffinityTimeoutSeconds : 10800 # 3 hours
8296
8397# Hubble (Observability)
8498hubble :
@@ -90,4 +104,13 @@ hubble:
90104
91105# Operator Configuration
92106operator :
93- replicas : 1
107+ # CRITICAL FIX: Run 2 replicas for HA - single replica is a SPOF
108+ replicas : 2
109+ # Ensure replicas run on different nodes
110+ affinity :
111+ podAntiAffinity :
112+ requiredDuringSchedulingIgnoredDuringExecution :
113+ - labelSelector :
114+ matchLabels :
115+ io.cilium/app : operator
116+ topologyKey : kubernetes.io/hostname
You can’t perform that action at this time.
0 commit comments