dynamicconfig: Enables dynamic-config and drift-checker by default#36510
Merged
tklauser merged 4 commits intocilium:mainfrom Jan 23, 2025
Merged
dynamicconfig: Enables dynamic-config and drift-checker by default#36510tklauser merged 4 commits intocilium:mainfrom
tklauser merged 4 commits intocilium:mainfrom
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
Contributor
Author
bimmlerd
requested changes
Dec 11, 2024
Member
bimmlerd
left a comment
bimmlerd
left a comment
There was a problem hiding this comment.
Hi- code changes are trivial and are ok, but the implications aren't clear to me yet
Can you motivate a bit more why this should be enabled by default? Has it seen prod use already? I'm asking because turning it on seems to cause a related panic in tests https://github.com/cilium/cilium/actions/runs/12275147175/job/34249594941#step:13:894 so I'm not sure this is ready.
Re 1.17 - I believe the feature freeze is in effect until 1.17 is branched, so I'm not sure this can still go in unfortunately.
Contributor
Author
|
@bimmlerd, coverted to draft until I investigate the failure as it was not failing previously. |
ovidiutirla
force-pushed
the
feature/enable-dynamicconfig
branch
from
e632886 to
f135972
Compare
aanm
added
the
release-note/major
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
Member
Instead of "Introduces dynamic configuration monitoring" I would change it to something more user-friendly such as: "Introduces cilium-config ConfigMap monitoring..." |
joestringer
added
the
dont-merge/wait-until-release
Some tests have no config populated so the table is empty and the tests are stuck waiting to get elements in the table. Signed-off-by: Ovidiu Tirla <[email protected]>
Signed-off-by: Ovidiu Tirla <[email protected]>
Signed-off-by: Ovidiu Tirla <[email protected]>
Signed-off-by: Ovidiu Tirla <[email protected]>
ovidiutirla
force-pushed
the
feature/enable-dynamicconfig
branch
from
f135972 to
5a28c87
Compare
Member
|
Can you motivate why this should be enabled by default? |
Contributor
Author
|
@bimmlerd, yes, forgot about it, I think the main motivation is in #27972. But the benefits dynamic-config brings can be used in multiple features and the overhead it brings is low and should be safe, from scalability perspective is not significantly impacting the cluster stability. Basically, we'll want to provide these benefits by default instead of another configuration the end user needs to make in order to get this. |
aanm
removed
the
dont-merge/wait-until-release
|
This pull request has been automatically marked as stale because it |
github-actions
bot
added
the
stale
ovidiutirla
removed
the
stale
bimmlerd
approved these changes
Jan 21, 2025
viktor-kurchenko
approved these changes
Jan 22, 2025
maintainer-s-little-helper
bot
added
the
ready-to-merge
github-merge-queue bot
pushed a commit
to chezmoidotsh/arcane
that referenced
this pull request
Jul 29, 2025
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cilium](https://cilium.io/) ([source](https://redirect.github.com/cilium/cilium)) | HelmChart | minor | `1.17.6` -> `1.18.0` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0): 1.18.0 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0) We are excited to announce the **[Cilium 1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)** release! A total of **3298 new commits** have been contributed to this release by a growing community of over **955 developers** and over **22,000 GitHub stars**! ⭐ To keep up to date with all the latest Cilium releases, see [Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements) Here's what's new in [v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0): #### 🚠 Networking - **⚖️ Load Balancing Redesign**: The service load-balancing control-plane in the Cilium agent has been redesigned to reduce memory usage and improve future extensibility of load-balancing features ([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469), [@​joamaki](https://redirect.github.com/joamaki)) - **🔌 Virtual Network Devices**: Added support for new virtual network device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels ([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723), [@​ldelossa](https://redirect.github.com/ldelossa); [cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346), [@​gyutaeb](https://redirect.github.com/gyutaeb)) - **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now direct traffic towards multiple gateway nodes ([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304), [@​carlos-abad](https://redirect.github.com/carlos-abad)) - **🚦 Ingress Rate Limiting**: The bandwidth manager now supports ingress rate limiting ([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351), [@​l1b0k](https://redirect.github.com/l1b0k)) - **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature now supports multiple devices ([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198), [@​dylandreimerink](https://redirect.github.com/dylandreimerink)) - **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more resilient through a new system that reconciles desired neighbor entries with the kernel state ([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987), [@​dylandreimerink](https://redirect.github.com/dylandreimerink)) #### 🌐 IPv6 - **🚇 Tunneling Underlay**: The tunneling datapath mode now supports using an IPv6 network underlay, including when configured with IPsec transparent encryption ([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296), [cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497), [@​pchaigno](https://redirect.github.com/pchaigno)) - **💬 Kube Proxy Replacement**: Cilium now implements service translation when running on an IPv6 underlay ([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074), [@​pchaigno](https://redirect.github.com/pchaigno)) - **📋 Delegated IPAM**: When delegating IP address management to a third party plugin, Cilium now configures IPv6 routes for connectivity if the plugin supports IPv6 ([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249), [@​caorui-io](https://redirect.github.com/caorui-io), [@​kadevu](https://redirect.github.com/kadevu)) - **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments to apply policy and routing functionality ([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - **🚪 Egress gateway policies** can now match IPv6 address ranges ([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452), [@​rgo3](https://redirect.github.com/rgo3)) #### 🛡️ Policy & Observability - **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that allowed or denied traffic when monitoring flows in Hubble ([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453), [@​antonipp](https://redirect.github.com/antonipp)) - **📝 Policy Log Fields**: A new free-text log field is added to policies, which is exposed in Hubble flows for easy correlation and searching ([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902), [@​squeed](https://redirect.github.com/squeed)) - **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated traffic for deeper introspection into traffic flows ([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634), [@​kaworu](https://redirect.github.com/kaworu)) - **🏰 ClusterMesh Policy Restriction**: A new option allows the **cluster** entity to apply only to the local cluster in ClusterMesh environment ([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium Grafana dashboard has been improved to show more relevant graphs, including policy drops in both directions ([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492), [cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445), [@​squeed](https://redirect.github.com/squeed)) #### 🌅 Performance - **📊 Scale Test Results**: Cilium implements policies and services up to 45% faster in higher scale environments (Various; [@​marseel](https://redirect.github.com/marseel), [cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227)) - **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on arm64 architecture images ([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005), [@​marseel](https://redirect.github.com/marseel)) - **⚡ Improved Policy Performance**: The DNS proxy can process large numbers of IPs faster, and the EndpointSelector match implementation has been optimized ([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340), [@​squeed](https://redirect.github.com/squeed); [cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414), [@​marseel](https://redirect.github.com/marseel)) - **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh mirrors EndpointSlice from the local cluster instead of copying the Service selectors when using the MCS-API controller ([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is optimized by only synchronizing identities keyed by ID, not by value ([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471), [@​HadrienPatte](https://redirect.github.com/HadrienPatte)) - **🧠 Egress Gateway Processing**: Egress gateway policy processing is significantly improved when matching a large number of pods ([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714), [@​giorio94](https://redirect.github.com/giorio94)) - **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium leverages batched iterators for CTMap GC ([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288), [@​tommyp1ckles](https://redirect.github.com/tommyp1ckles)) #### ⚙️ Operations - **📈 API Server Connections at Scale**: Improve kube-apiserver connections behavior at scale through failover and setting better jitter and backoff configurations ([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601), [@​aditighag](https://redirect.github.com/aditighag); [cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031), [@​orange30](https://redirect.github.com/orange30); [cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648), [@​wedaly](https://redirect.github.com/wedaly)) - **🔄 ConfigMap Synchronization**: New option to automatically synchronize ConfigMap changes into the agent and report metrics for when the effective configuration is different from the desired configuration ([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510), [@​ovidiutirla](https://redirect.github.com/ovidiutirla)) - **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**, **CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API ([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940), [@​christarazi](https://redirect.github.com/christarazi); [cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090), [@​pippolo84](https://redirect.github.com/pippolo84); [cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765), [@​rastislavs](https://redirect.github.com/rastislavs)) - **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new default set of taints which avoids deploying to a drained node ([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137), [@​Murat](https://redirect.github.com/Murat) Parlakisik) - **:wood: Migrate to Slog**: Cilium now uses slog as log library for all components ([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664), [@​aanm](https://redirect.github.com/aanm)) - **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy v1.34, LLVM 19.1, and CNI v1.1 ([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124), [cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175), [cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868), [@​squeed](https://redirect.github.com/squeed)) - **🐧 Minimum Linux Requirements**: The minimum kernel version for this release series is Linux v5.10 or similar, such as RHEL 8.6 ([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) #### 🕸️ Service Mesh & Gateway API - **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0 ([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590), [@​sayboras](https://redirect.github.com/sayboras)) - **🔗 Improved GatewayClass Configuration**: The new CiliumGatewayClassConfig object adds service type validation allows the configuration of extra settings on a per-GatewayClass level: LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium to reconcile multiple GatewayClasses with different configurations ([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792), [cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402), [cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138), [@​sayboras](https://redirect.github.com/sayboras)) - **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching multiple HTTPRoutes to the same Service ([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922), [@​youngnick](https://redirect.github.com/youngnick)) - **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all changes to routes. This allows label updates to trigger reconciliation correctly, amongst other things ([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798), [@​sayboras](https://redirect.github.com/sayboras)) #### 🏷️ IP Address Management - **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal instances is now supported natively in Cilium's AWS ENI IPAM mode ([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678), [@​41ks](https://redirect.github.com/41ks)) - **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in external KVstore mode ([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638), [@​pippolo84](https://redirect.github.com/pippolo84)) - **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode with IPSec transparent encryption in tunnel routing mode ([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442), [@​pippolo84](https://redirect.github.com/pippolo84)) - **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in multi-pool IPAM mode ([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483), [@​pippolo84](https://redirect.github.com/pippolo84)) #### 🛣️ BGP - **📇 Route Aggregation**: Add support for BGP route aggregation in the control plane ([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275), [@​romanspb80](https://redirect.github.com/romanspb80)) - **🎯 Overlapping Selector Matches**: Support overlapping selector matches in **CiliumBGPAdvertisement** resources ([cilium/cilium#36414](
tl;dr
The agent will monitor the designated ConfigMap and automatically synchronize any changes with its in-memory database, StateDB. Create a new cell in the Agent that watches the configured ConfigMap and creates a StateDB table to store the key-value pairs. The Agent cell will expose the read-only version of the StateDB table.
The monitored sources are configured by the initContainer at start-up, see
cilium/pkg/option/resolver/resolver.go
Line 110 in 236bc2e
--
Drift Checker will compare the DynamicConfig Table content with the Agent config and compute the drift delta, logging the deltas and publish relevant metrics. This functionality allows the cluster administrators to easily track config drifts.
Publishes metrics counting the delta length and labeling by the checksum.
Grafana metrics
Agent start -> Drift appears -> delete all agent podsStart -> Drift -> kubectl rollout restart daemonset cilium -n kube-system
Related: #27972, #34101