search

hcloud-talos / terraform-hcloud-talos

This repository contains a Terraform module for creating a Kubernetes cluster with Talos in the Hetzner Cloud.
https://registry.terraform.io/modules/hcloud-talos/talos
MIT License
28 stars 7 forks source link

feat: Enhancing Cilium with BPF/XDP Support and Encryption #32

Closed M4t7e closed 1 week ago

M4t7e commented 1 week ago

This PR adds a few Cilium features to improve the network performance and security:

Before:

# kubectl exec -n kube-system ds/cilium -- cilium status --verbose
Host Routing: Legacy
Masquerading: IPTables [IPv4: Enabled, IPv6: Disabled]
[...]
KubeProxyReplacement Details:
  XDP Acceleration: Disabled
[...]
Encryption: Disabled

After:

# kubectl exec -n kube-system ds/cilium -- cilium status --verbose
Host Routing: BPF
Masquerading: BPF [eth0, eth1] 10.0.16.0/20 [IPv4: Enabled, IPv6: Disabled]
[...]
KubeProxyReplacement Details:
  XDP Acceleration: Native
[...]
Encryption: Wireguard [NodeEncryption: Disabled, cilium_wg0 (Pubkey: 70TbXMoHvbEtRmsvDck+io/bK1M+QA3y2cBczPWou08=, Port: 51871, Peers: 4)]

Info: endpointRoutes is excluded here due to https://github.com/cilium/cilium/issues/28812. Additionally, this configuration will automatically become the default in one of the upcoming releases of Cilium (https://github.com/cilium/cilium/issues/14955).

Force Cilium to apply changes: kubectl -n kube-system rollout restart ds/cilium

github-actions[bot] commented 1 week ago

Commitlint-Check

Thanks for your contribution :heart:

Unfortunately, commitlint has detected that this PR has one ore more commit messages that do not follow the conventional commit format :scream_cat:

⧗   input: Merge branch 'cilium-improvements' of github.com:M4t7e/terraform-hcloud-talos into cilium-improvements

✔   found 0 problems, 0 warnings
⧗   input: feat(cilium): Added BPF/XDP and support for encryption
✖   subject must not be sentence-case, start-case, pascal-case, upper-case [subject-case]

✖   found 1 problems, 0 warnings
ⓘ   Get help: https://github.com/conventional-changelog/commitlint/#what-is-commitlint

⧗   input: Added BPF/XDP and support for encryption
✖   subject may not be empty [subject-empty]
✖   type may not be empty [type-empty]

✖   found 2 problems, 0 warnings
ⓘ   Get help: https://github.com/conventional-changelog/commitlint/#what-is-commitlint

⧗   input: ci(release): no release for style

Signed-off-by: Marcel Richter <mail@mrclrchtr.de>
✔   found 0 problems, 0 warnings

Please update the commit messages accordingly.

github-actions[bot] commented 1 week ago

Terraform-Check: ✅

🖌 Terraform Format: ✅ ``` # Outputs: # Errors: ```
⚙️ Terraform Init: ✅ ``` # Outputs: Initializing the backend... Initializing provider plugins... - Finding hashicorp/tls versions matching ">= 4.0.5"... - Finding hetznercloud/hcloud versions matching "1.47.0"... - Finding siderolabs/talos versions matching "0.5.0"... - Finding hashicorp/http versions matching ">= 3.4.2"... - Finding hashicorp/helm versions matching ">= 2.12.1"... - Finding gavinbunney/kubectl versions matching "1.14.0"... - Installing hashicorp/tls v4.0.5... - Installed hashicorp/tls v4.0.5 (signed by HashiCorp) - Installing hetznercloud/hcloud v1.47.0... - Installed hetznercloud/hcloud v1.47.0 (signed by a HashiCorp partner, key ID 5219EACB3A77198B) - Installing siderolabs/talos v0.5.0... - Installed siderolabs/talos v0.5.0 (signed by a HashiCorp partner, key ID AF0815C7E2EC16A8) - Installing hashicorp/http v3.4.3... - Installed hashicorp/http v3.4.3 (signed by HashiCorp) - Installing hashicorp/helm v2.14.0... - Installed hashicorp/helm v2.14.0 (signed by HashiCorp) - Installing gavinbunney/kubectl v1.14.0... - Installed gavinbunney/kubectl v1.14.0 (self-signed, key ID AD64217B5ADD572F) Partner and community providers are signed by their developers. If you'd like to know more about provider signing, you can read about it here: https://www.terraform.io/docs/cli/plugins/signing.html Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. # Errors: ```
🤖 Terraform Validate: ✅ ``` # Outputs: Success! The configuration is valid. # Errors: ```