The EWC Managed Kubernetes Service allows you to select CNI while creating a cluster. In this page we describe example cilium configuration which can be used to work with Ingress or Gateway API.
In order for Cilium to work as ingress controller or gateway controller we need to enable this explicitly. In a KKP user cluster this can be done while creating the cluster or on an existing cluster.
The point of change is the Cilium chart values which is deployed by KKP as an Addon application.
Change Cilium Values During Cluster Creation
Change Cilium Values for Existing Cluster
Example Values to Enable Cilium Ingress Controller
Besides existing values add the following:
ingressController:
enforceHttps: false
enabled: true
default: true
loadbalancerMode: shared
enableProxyProtocol: true
service:
annotations:
loadbalancer.openstack.org/proxy-protocol: "true"
name: cilium-ingress
type: LoadBalancer
Example Values to Enable Gateway API With Cilium
gatewayAPI: enabled: true enableProxyProtocol: true
Save changes
If you edited the Cilium values during cluster creation, nothing else needs to be done and once the cluster comes up, it will have the required settings to support Ingress or Gateway API.
If you made the changes on an existing cluster:
KKP would now try to redeploy Cilium with new values:
wait for the status to turn green:
gateway-api-crds
Please make sure you have Gateway API CRDs installed before enabling Gateway API in Cilium. If you installed CRDs later, restart the cilium operator:
~ kubectl -n kube-system rollout restart deployment/cilium-operator ~ kubectl -n kube-system rollout restart ds/cilium
Install Gateway API CRDs
The Gateway API CRDs can be installed (v1.4.1) as:
~ kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml
crd compatibility
Make sure that the Cilium version installed on the cluster supports the version of Gateway API CRDs.