Kube-OVN supports integration with Cilium, an eBPF-based networking and security component, using CNI Chaining mode. This integration combines Kube-OVN's rich network abstractions, such as subnet isolation and overlay networking, with Cilium's advanced monitoring, granular security policies, and application-layer observability. By leveraging the strengths of both solutions, this setup enhances performance, ensures robust security, and provides better multi-tenancy, making it ideal for complex Kubernetes workloads.
Steps to Integrate Kube-OVN with Cilium in Chaining Mode¶
To integrate Kube-OVN with Cilium, first create an add-on using the namespace kube-system
⚠️ Important Note
Add the following labels to the Kube-OVN add-on:
- Key: rafay.type and Value: cni
- Key: rafay.cni.name and Value: kube-ovn
- Upload the Kube-OVN Helm chart and its values file
- Update the following values in the Kube-OVN values file:
To integrate Kube-OVN with Cilium on Day 2 operations, the Blueprint-based Kube-OVN CNI must be deployed in the provisioned cluster. Perform the following steps:
⚠️ Important Note
Kube-OVN Controller Arguments
Update the kube-ovn-controller Deployment file with the below arguments using the command edit deploy kube-ovn-controller -n kube-system
Below is an example illustrating how the args are edited:
Once the args are added, update the configuration name (10-kube-ovn.conflist) for Kube-OVN on each node by copying the values from the original file to the 10-kube-ovn.conflist file
Create an add-on with chaining-yaml as defined in Step 3
Create an add-on with cilium and update the following values in the Cilium values file as shown in Step 4
⚠️ Important Note
Cilium Values for Networking Setup
Update the following values in the Cilium values file and apply the changes