Cilium
cilium is a Commodore component to manage the Cilium networkplugin.
See the parameters reference for further details on how to use the component to configure and deploy Cilium.
Metrics scraping
By default, the component enables the metrics endpoint for the Cilium agent.
The component assumes that prometheus-operator will be present on the target cluster, and creates a ServiceMonitor resource for the agent metrics endpoint.
See the Cilium docs for available agent metrics.
Enabled features recording rule
When component parameter release is set to enterprise, the component renders a PrometheusRule named cilium-features.
This PrometheusRule emits one time series for each managed feature via the feature label.
The component currently knows features clustermesh, egress-gateway, and transparent-encryption.
Each feature time series has value 1 when the feature is enabled and 0 otherwise, which makes it easy to use in alerts and/or dashboards.
Aggregated permissions
The component creates the following ClusterRoles which are aggregated to the cluster’s default ClusterRoles:
| Name | Resources | Aggregated to |
|---|---|---|
|
|
|
|
|
|
|
All resources in |
|
This enables users to view[1] ciliumnetworkpolicy and ciliumendpoint resources in their namespaces.
Users which have edit or admin permissions in a namespace, can additionally create, modify, and delete ciliumnetworkpolicy resources in that namespace.
Finally, users which have cluster-reader permissions can view[1] at all resources in cilium.io in all namespaces.