Last modified February 20, 2025

Container network interface

Every Giant Swarm Kubernetes cluster uses Cilium as a container networking interface (CNI). This ensures proper connectivity between nodes, services and pods in the cluster.

Configuration

Since the CNI is an important component when bootstrapping a cluster, Cilium is installed ahead of the Giant Swarm App Platform.

To ensure smooth operation, some deviations from the default configuration of Cilium are taken. Among these are:

Increased policy BPF map size (bpf-policy-map-max: 65536)
Hubble is enabled by default
Local redirect policies are enabled
Ignore common, high cardinality labels from identity computation of pods and services. This means, it is not possible to use these labels in network policies. In addition to the default exclusions, the following labels are ignored:
- Flux labels (.*fluxcd\.io/.*)
- PSS labels (.*/enforce)
- .*kubernetes\.io/managed-by.*
- job-name
Install a PodDisruptionPolicy
Disable built in Envoy Proxy DaemonSet
Disable kube-proxy usage. See Kubernetes Without kube-proxy

All changes to the official Helm chart are recorded in https://github.com/giantswarm/cilium-app/tree/main/diffs.

Troubleshooting

In case you experience any problems that could be related to Cilium or network connectivity, please consult these documents:

Need help, got feedback?

We listen to your Slack support channel. You can also reach us at support@giantswarm.io. And of course, we welcome your pull requests!

Giant Swarm Offerings

Container network interface

Configuration

Troubleshooting

Need help, got feedback?

About the company