github.com/datadog/cilium@v1.6.12/Documentation/concepts/failure_behavior.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      http://docs.cilium.io
     6  
     7  ****************
     8  Failure Behavior
     9  ****************
    10  
    11  If Cilium loses connectivity with the KV-Store, it guarantees that:
    12  
    13  * Normal networking operations will continue;
    14  
    15  * If policy enforcement is enabled, the existing `endpoints` will still have
    16    their policy enforced but you will lose the ability to add additional
    17    containers that belong to security identities which are unknown on the node;
    18  
    19  * If services are enabled, you will lose the ability to add additional services
    20    / loadbalancers;
    21  
    22  * When the connectivity is restored to the KV-Store, Cilium can take up to 5
    23    minutes to re-sync the out-of-sync state with the KV-Store.
    24  
    25  Cilium will keep running even if it is out-of-sync with the KV-Store.
    26  
    27  If Cilium crashes / or the DaemonSet is accidentally deleted, the following are
    28  guaranteed:
    29  
    30  * When running Cilium as a DaemonSet / container, with the specification files
    31    provided in the documentation :ref:`admin_install_daemonset`, the endpoints /
    32    containers which are already running will not lose any connectivity, and they
    33    will keep running with the policy loaded before Cilium stopped unexpectedly.
    34  
    35  * When running Cilium in a different way, just make sure the bpf fs is mounted
    36    :ref:`admin_mount_bpffs`.
    37