github.com/datadog/cilium@v1.6.12/Documentation/concepts/failure_behavior.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 http://docs.cilium.io 6 7 **************** 8 Failure Behavior 9 **************** 10 11 If Cilium loses connectivity with the KV-Store, it guarantees that: 12 13 * Normal networking operations will continue; 14 15 * If policy enforcement is enabled, the existing `endpoints` will still have 16 their policy enforced but you will lose the ability to add additional 17 containers that belong to security identities which are unknown on the node; 18 19 * If services are enabled, you will lose the ability to add additional services 20 / loadbalancers; 21 22 * When the connectivity is restored to the KV-Store, Cilium can take up to 5 23 minutes to re-sync the out-of-sync state with the KV-Store. 24 25 Cilium will keep running even if it is out-of-sync with the KV-Store. 26 27 If Cilium crashes / or the DaemonSet is accidentally deleted, the following are 28 guaranteed: 29 30 * When running Cilium as a DaemonSet / container, with the specification files 31 provided in the documentation :ref:`admin_install_daemonset`, the endpoints / 32 containers which are already running will not lose any connectivity, and they 33 will keep running with the policy loaded before Cilium stopped unexpectedly. 34 35 * When running Cilium in a different way, just make sure the bpf fs is mounted 36 :ref:`admin_mount_bpffs`. 37