kubernetes-sigs · cyclinder · Nov 21, 2024 · VannTen · Nov 28, 2024 · cyclinder
diff --git a/docs/CNI/cilium.md b/docs/CNI/cilium.md
@@ -313,12 +313,21 @@ Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
 
 For further information, make sure to check the official [Cilium documentation](https://docs.cilium.io/en/latest/network/kubernetes/bandwidth-manager/)
 
-To use this function, set the following parameters
+To use this feature, set the following parameters:
 
 ```yml
 cilium_enable_bandwidth_manager: true
 ```
 
+The base infrastructure around MQ/FQ setup provided by Cilium’s bandwidth manager also allows for use of TCP BBR congestion control for Pods. BBR achieves higher bandwidths and lower latencies for Internet traffic. you can enable it by setting the following parameters:
+
+```yaml
+cilium_enable_bandwidth_manager: true
+cilium_enable_bbr: true
+```
+
+> BBR for Pods requires a v5.18.x or more recent Linux kernel.
+
 ## Host Firewall
 
 Host Firewall enforces security policies for Kubernetes nodes. It is disable by default, since it can break the cluster connectivity.

diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
@@ -55,7 +55,9 @@ cilium_enable_prometheus: false
 cilium_enable_portmap: false
 # Monitor aggregation level (none/low/medium/maximum)
 cilium_monitor_aggregation: medium
-# Kube Proxy Replacement mode (strict/partial)
+# Kube Proxy Replacement mode
+# cilium_version < 1.14.0: strict/partial/disabled
+# cilium_version >= 1.14.0: true/false
 cilium_kube_proxy_replacement: partial
 
 # If upgrading from Cilium < 1.5, you may want to override some of these options
@@ -120,6 +122,10 @@ cilium_wireguard_userspace_fallback: false
 # Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
 cilium_enable_bandwidth_manager: false
 
+# Enable BBR for the bandwidth manager
+# Requires cilium_enable_bandwidth_manager to be enabled
+cilium_enable_bbr: false
+
 # IP Masquerade Agent
 # https://docs.cilium.io/en/stable/concepts/networking/masquerading/
 # By default, all packets from a pod destined to an IP address outside of the cilium_native_routing_cidr range are masqueraded

diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
@@ -144,6 +144,11 @@ data:
   # Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
 {% if cilium_enable_bandwidth_manager %}
   enable-bandwidth-manager: "true"
+  # Enable BBR for the bandwidth manager
+  # BBR for Pods requires a v5.18.x or more recent Linux kernel.
+{% if cilium_enable_bbr %}
+  enable-bbr: "true"
+{% endif %}
-{% if cilium_enable_bbr %}
-  enable-bbr: "true"
-{% endif %}
+  enable-bbr: "{{ cilium_enable_bbr | lower }}"
-{% if cilium_enable_bbr %}
-  enable-bbr: "true"
-{% endif %}
+  enable-bbr: "{{ cilium_enable_bbr | lower }}"
 {% endif %}
 
   # Host Firewall and Policy Audit Mode