Documentation request: Cilium set up

[mikeoleary]

Title

Documentation request: ideas to improve the Cilium set up documentation.

Description

I have just configured Cilium and VXLAN with a customer and we thought of some potential improvements to the documentation.

Actual Problem

1. To get this working, we ended up following TWO separate documents. https://github.com/f5devcentral/f5-ci-docs/blob/master/docs/cilium/cilium-bigip-info.rst -> Technical documentation but no screenshots. https://clouddocs.f5.com/containers/latest/userguide/cilium-config.html -> official documentation, screenshots included, but a little light on HA and IP address info Ideally, there would be only a single document available and it would contain everything we need.
2. The Self IP addresses chosen in the official documentation is not really explained. It took me a while to realize that the SelfIP on the tunnel simply comes from the chosen range for the tunnel.
3. While the route to pod CIDR block was explained in the documentation, we had to SNAT traffic from the tunnel self IP to get traffic to source from the correct IP address. Does that make sense? If we dont do this, the source IP address of traffic through the tunnel from the BIG-IP was the self IP of the interface, not the tunnel.
4. Also, the manifest of the VirtualServer needs to use the SNAT address, so it would be helpful to have an example of a VirtualServer creation after successful set up.
5. The IP address ranges are confusing when setting up Cilium and VXLAN. A diagram showing the CIDR block of the tunnel would really help, I think. Obviously it's different than VXLAN with flannel or OCP.
6. F5 engineer (myself) assumed we should create a "dummy node" in K8s, just like we do for VXLAN-based Flannel or Openshift integrations. However, this should NOT be done for Cilium - I realized this when reading the first link above because it's clearly called out. I realize I made a bad assumption but should we call this out in documentation?

Solution Proposed

Ideally we could update documentation. I think the following would go a long way:

• explain tunnel IP addressing with a diagram
• explain "no dummy node required"
• explain any SNATing requirement
• explain HA options (perhaps in a dedicated section).

Additional context

Also, I don't think this sentence makes grammatical sense. It's unclear to me:

As always, many thanks to CIS PM team!

[trinaths]

Created [CONTCNTR-4676] for internal tracking.