Generic Veth Chaining

The generic veth chaining plugin enables CNI chaining on top of any CNI plugin that is using a veth device model. The majority of CNI plugins use such a model.

Note

Some advanced Cilium features may be limited when chaining with other CNI plugins, such as:

Validate that the current CNI plugin is using veth

  1. Log into one of the worker nodes using SSH

  2. Run ip -d link to list all network devices on the node. You should be able spot network devices representing the pods running on that node.

  3. A network device might look something like this:

    1. 103: lxcb3901b7f9c02@if102: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    2.     link/ether 3a:39:92:17:75:6f brd ff:ff:ff:ff:ff:ff link-netnsid 18 promiscuity 0
    3.     veth addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

  4. The veth keyword on line 3 indicates that the network device type is virtual ethernet.

If the CNI plugin you are chaining with is currently not using veth then the generic-veth plugin is not suitable. In that case, a full CNI chaining plugin is required which understands the device model of the underlying plugin. Writing such a plugin is trivial, contact us on Slack for more details.

Create a CNI configuration to define your chaining configuration

Create a chaining.yaml file based on the following template to specify the desired CNI chaining configuration:

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4.   name: cni-configuration
  5.   namespace: kube-system
  6. data:
  7.   cni-config: |-
  8.     {
  9.       "name": "generic-veth",
  10.       "cniVersion": "0.3.1",
  11.       "plugins": [
  12.         {
  13.           "type": "XXX",
  14.           [...]
  15.         },
  16.         {
  17.           "type": "cilium-cni"
  18.         }
  19.       ]
  20.     }

Deploy the ConfigMap:

  1. kubectl apply -f chaining.yaml

Deploy Cilium with the portmap plugin enabled

Note

First, make sure you have Helm 3 installed. Helm 2 is no longer supported.

Setup Helm repository:

  1. helm repo add cilium https://helm.cilium.io/

Deploy Cilium release via Helm:

  1. helm install cilium cilium/cilium --version 1.9.8 \
  2.   --namespace=kube-system \
  3.   --set cni.chainingMode=generic-veth \
  4.   --set cni.customConf=true \
  5.   --set cni.configMap=cni-configuration \
  6.   --set tunnel=disabled \
  7.   --set masquerade=false