Cilium#
License: Apache 2.0
Cillium is used as the Container Network Interface for the Platform. It was chosen over more basic CNIs for ease of observing traffic along with a strong set of accompanying tools.
EKS-A#
On EKS-A, Cilium is the default CNI, it's version is coordinated as part of the EKSA opinionated code, getting upgraded with the EKSA version. With this being a new change, we are planning to use EKS-A to determine the installed version there and use it as a recommendation to deploy that version on the EKS cluster.
EKS#
On EKS, we remove the default Amazon provided CNI and install Cilium via their supported helm chart.
Links#
-
Documentation:
- General Documentation: https://docs.cilium.io/en/stable/
- Upgrade Documentation: https://docs.cilium.io/en/stable/operations/upgrade/
Cilium Documentation Versioning
Make sure to select the version of the documentation you need in the bottom left.
-
Helm:
- Releases: https://helm.cilium.io/
- Helm Documentation: https://docs.cilium.io/en/stable/helm-reference/
-
Implementation:
- EKS: Remove Amazon VPC CNI
- EKS: Install Cilium
- EKS-A: Default CNI
https://anywhere.eks.amazonaws.com/docs/clustermgmt/networking/networking-and-security/
Update Concerns#
Critical Concerns#
- Any Interruption of the CNI will cause an outage
General Concerns#
- EKS-A Cilium version is governed by the EKS-A version. On EKS, the version of Cilium should target the EKS-A installed version.
- Cilium has a upgrade instructions https://docs.cilium.io/en/stable/operations/upgrade/. You must run preflight checks. On EKS, the namespace is not standard, you will need to pay attention and add it in the arguments.