Setting cni.exclusive: false and socketLB.hostNamespaceOnly: true.
See Cilium's docs https://docs.cilium.io/en/latest/network/servicemesh/istio/. Without these value Cilium can interfere with Istio functionality, by always cleaning up cni config directory on the host, thus preventing Istio Pods from coming up, and interfere with Istio load-balancing once they do come up.
It's safe to always set these value, because it is not Cilium's responsibility to prevent other applications from acting like a network plugin.
What problem does this PR solve?:
Setting
cni.exclusive: falseandsocketLB.hostNamespaceOnly: true.See Cilium's docs https://docs.cilium.io/en/latest/network/servicemesh/istio/. Without these value Cilium can interfere with Istio functionality, by always cleaning up cni config directory on the host, thus preventing Istio Pods from coming up, and interfere with Istio load-balancing once they do come up.
It's safe to always set these value, because it is not Cilium's responsibility to prevent other applications from acting like a network plugin.
Which issue(s) this PR fixes: Fixes #
How Has This Been Tested?:
Special notes for your reviewer: