External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-01-09 15:02:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

docs(cilium): update documentation for unprivileged agent configuration (#12628)

Browse Source
This commit is contained in:
r3m8 2025-12-14 04:39:44 +01:00 committed by GitHub
parent 31cce09fbc
commit d80318301d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/CNI/cilium.md
View File

@ -1,5 +1,13 @@
# Cilium # Cilium
## Unprivileged agent configuration
By default, Cilium is installed with `securityContext.privileged: false`. You need to set the `kube_owner` variable to `root` in the inventory:
```yml
kube_owner: root
```
## IP Address Management (IPAM) ## IP Address Management (IPAM)
IP Address Management (IPAM) is responsible for the allocation and management of IP addresses used by network endpoints (container and others) managed by Cilium. The default mode is "Cluster Scope". IP Address Management (IPAM) is responsible for the allocation and management of IP addresses used by network endpoints (container and others) managed by Cilium. The default mode is "Cluster Scope".

3
inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
View File

@ -22,7 +22,8 @@ local_release_dir: "/tmp/releases"
# Random shifts for retrying failed ops like pushing/downloading # Random shifts for retrying failed ops like pushing/downloading
retry_stagger: 5 retry_stagger: 5
# This is the user that owns tha cluster installation. # This is the user that owns the cluster installation.
# Note: cilium needs to set kube_owner to root https://kubespray.io/#/docs/CNI/cilium?id=unprivileged-agent-configuration
kube_owner: kube kube_owner: kube
# This is the group that the cert creation scripts chgrp the # This is the group that the cert creation scripts chgrp the