Patrik Lundin
dd0493f869
Did not expect to create anonymous volumes, see
https://stackoverflow.com/questions/46166304/docker-compose-volumes-without-colon
for more details. Now the host directories should be mounted. While here
try setting :ro to the paths we are not expecting to modify. The
/lib/modules :ro flag is based on
3cbd8258eb/cilium-lb.yaml (L143-L145)
33 lines
1 KiB
Plaintext
33 lines
1 KiB
Plaintext
services:
|
|
l4lb:
|
|
image: "quay.io/cilium/cilium:<%= @cilium_version %>"
|
|
volumes:
|
|
- /sys/fs/bpf:/sys/fs/bpf
|
|
- /lib/modules:/lib/modules:ro
|
|
- /var/run/netns:/var/run/netns:ro
|
|
network_mode: "host"
|
|
privileged: true
|
|
command:
|
|
- "nsenter"
|
|
- "--net=/var/run/netns/l4lb"
|
|
- "cilium-agent"
|
|
- "--bpf-lb-algorithm=maglev"
|
|
- "--bpf-lb-mode=dsr"
|
|
- "--bpf-lb-acceleration=native"
|
|
- "--bpf-lb-dsr-dispatch=ipip"
|
|
- "--devices=<%= @cilium_devices %>"
|
|
- "--datapath-mode=lb-only"
|
|
- "--enable-l7-proxy=false"
|
|
- "--routing-mode=native"
|
|
- "--enable-bandwidth-manager=false"
|
|
- "--enable-local-redirect-policy=false"
|
|
- "--enable-hubble=true"
|
|
- "--enable-recorder=true"
|
|
- "--enable-l7-proxy=false"
|
|
- "--preallocate-bpf-maps=false"
|
|
- "--disable-envoy-version-check=true"
|
|
- "--auto-direct-node-routes=false"
|
|
- "--enable-xdp-prefilter=true"
|
|
- "--enable-ipv4=true"
|
|
- "--enable-ipv6=true"
|