feat(managed_kubernetes): Add customizing cilium configuration guide

Author: LoicBlo

pages/index.md

@@ -1155,6 +1155,7 @@
                 + [Working with vRack example - Communicating between different private networks](public_cloud/containers_orchestration/managed_kubernetes/vrack-example-between-private-networks)
                 + [Customizing Kube-proxy on an OVHcloud Managed Kubernetes cluster](public_cloud/containers_orchestration/managed_kubernetes/customizing-kubeproxy)
                 + [Customizing CoreDNS on an OVHcloud Managed Kubernetes cluster](public_cloud/containers_orchestration/managed_kubernetes/customizing-coredns)
+                + [Customizing Cilium on an OVHcloud Managed Kubernetes cluster](public_cloud/containers_orchestration/managed_kubernetes/customizing-cilium)
             + [Traffic Management](public-cloud-containers-orchestration-managed-kubernetes-k8s-traffic-management)
                 + [Installing Nginx Ingress on OVHcloud Managed Kubernetes](public_cloud/containers_orchestration/managed_kubernetes/installing-nginx-ingress)
                 + [Expose your applications using OVHcloud Public Cloud Load Balancer](public_cloud/containers_orchestration/managed_kubernetes/expose_your_applications_using_a_load_balancer)

pages/public_cloud/containers_orchestration/managed_kubernetes/customizing-cilium/guide.en-gb.md

@@ -0,0 +1,85 @@
+---
+title: Customizing Cilium on an OVHcloud Managed Kubernetes cluster
+excerpt: 'Find out how to customize Cilium on an OVHcloud Managed Kubernetes cluster'
+updated: 2025-12-09
+---
+
+## Objective
+
+The OVHcloud Managed Kubernetes service provides you with Kubernetes clusters without the hassle of installing or operating them.
+
+The Standard plan of OVHcloud Managed Kubernetes clusters are using [Cilium](https://cilium.io/) as default cni.
+
+The Cilium agent process (a.k.a. DaemonSet) supports setting configuration on a per-node basis.
+
+This allows overriding cilium-config ConfigMap for a node or set of nodes by using `CiliumNodeConfig` objects.
+
+> [!warning]
+> Without using `CiliumNodeConfig` object it will not be possible to update cilium-config ConfigMap.
+
+## What is CiliumNodeConfig
+
+As stated in [cilium documentation](https://docs.cilium.io/en/stable/configuration/per-node-config/#ciliumnodeconfig-objects).
+
+A `CiliumNodeConfig` object allows for overriding ConfigMap / Agent arguments.
+
+It consists of a set of fields and a label selector. The label selector defines to which nodes the configuration applies.
+
+As is the standard with Kubernetes, an empty LabelSelector (e.g. {}) selects all nodes.
+
+## Requirements
+
+- An OVHcloud Managed Kubernetes cluster with standard plan.
+
+## Customization example
+
+### Enable topology aware routing for 3AZ region
+
+> [!note]
+> To discover this feature you can read [Discover Kubernetes 1.33 features – Topology aware routing in multi-zones Kubernetes clusters](https://blog.ovhcloud.com/discover-kubernetes-1-33-features-topology-aware-routing-in-multi-zones-kubernetes-clusters/) By [Aurélie Vache](https://blog.ovhcloud.com/author/aurelie-vache/).
+
+To enable it on cilium side, apply this configuration of `CiliumNodeConfig`.
+
+```yaml
+apiVersion: cilium.io/v2
+kind: CiliumNodeConfig
+metadata:
+  namespace: kube-system
+  name: enable-service-topology
+spec:
+  nodeSelector: {}
+  defaults:
+    enable-service-topology: "true"
+```
+
+Then restart the cilium agent.
+
+```bash
+kubectl -n kube-system rollout restart daemonset cilium
+```
+
+Check if the configuration as been applied.
+
+```bash
+kubectl -n kube-system logs $(kubectl -n kube-system get pod -l k8s-app=cilium -o name) | head -n 500 | grep enable-service-topology
+
+time=2025-12-09T15:57:06.161145191Z level=info msg="  --config-sources='[{\"kind\":\"config-map\",\"namespace\":\"kube-system\",\"name\":\"cilium-config\"},{\"kind\":\"cilium-node-config\",\"namespace\":\"kube-system\",\"name\":\"enable-service-topology\"}]'"
+time=2025-12-09T15:57:06.165626171Z level=info msg="  --enable-service-topology='true'"
+```
+
+## CiliumNodeConfig possible values
+
+You can retrieve all keys / values in the cilium-configmap file of the [Cilium](https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/templates/cilium-configmap.yaml) github repository.
+
+> [!warning]
+> Be aware that some keys could need some feature enablement in the cilium operator which could be disabled by default
+
+## Go further
+
+To have an overview of the OVHcloud Managed Kubernetes service, you can go to the [OVHcloud Managed Kubernetes page](/links/public-cloud/kubernetes).
+
+To learn more about how to use your Kubernetes cluster the practical way, we invite you to read our [tutorials](/products/public-cloud-containers-orchestration-managed-kubernetes-k8s).
+
+- If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](/links/professional-services) to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.
+
+- Join our [community of users](https://community.ovh.com/en/).

pages/public_cloud/containers_orchestration/managed_kubernetes/customizing-cilium/guide.fr-fr.md

@@ -0,0 +1,85 @@
+---
+title: Customizing Cilium on an OVHcloud Managed Kubernetes cluster
+excerpt: 'Find out how to customize Cilium on an OVHcloud Managed Kubernetes cluster'
+updated: 2025-12-09
+---
+
+## Objective
+
+The OVHcloud Managed Kubernetes service provides you with Kubernetes clusters without the hassle of installing or operating them.
+
+The Standard plan of OVHcloud Managed Kubernetes clusters are using [Cilium](https://cilium.io/) as default cni.
+
+The Cilium agent process (a.k.a. DaemonSet) supports setting configuration on a per-node basis.
+
+This allows overriding cilium-config ConfigMap for a node or set of nodes by using `CiliumNodeConfig` objects.
+
+> [!warning]
+> Without using `CiliumNodeConfig` object it will not be possible to update cilium-config ConfigMap.
+
+## What is CiliumNodeConfig
+
+As stated in [cilium documentation](https://docs.cilium.io/en/stable/configuration/per-node-config/#ciliumnodeconfig-objects).
+
+A `CiliumNodeConfig` object allows for overriding ConfigMap / Agent arguments.
+
+It consists of a set of fields and a label selector. The label selector defines to which nodes the configuration applies.
+
+As is the standard with Kubernetes, an empty LabelSelector (e.g. {}) selects all nodes.
+
+## Requirements
+
+- An OVHcloud Managed Kubernetes cluster with standard plan.
+
+## Customization example
+
+### Enable topology aware routing for 3AZ region
+
+> [!note]
+> To discover this feature you can read [Discover Kubernetes 1.33 features – Topology aware routing in multi-zones Kubernetes clusters](https://blog.ovhcloud.com/discover-kubernetes-1-33-features-topology-aware-routing-in-multi-zones-kubernetes-clusters/) By [Aurélie Vache](https://blog.ovhcloud.com/author/aurelie-vache/).
+
+To enable it on cilium side, apply this configuration of `CiliumNodeConfig`.
+
+```yaml
+apiVersion: cilium.io/v2
+kind: CiliumNodeConfig
+metadata:
+  namespace: kube-system
+  name: enable-service-topology
+spec:
+  nodeSelector: {}
+  defaults:
+    enable-service-topology: "true"
+```
+
+Then restart the cilium agent.
+
+```bash
+kubectl -n kube-system rollout restart daemonset cilium
+```
+
+Check if the configuration as been applied.
+
+```bash
+kubectl -n kube-system logs $(kubectl -n kube-system get pod -l k8s-app=cilium -o name) | head -n 500 | grep enable-service-topology
+
+time=2025-12-09T15:57:06.161145191Z level=info msg="  --config-sources='[{\"kind\":\"config-map\",\"namespace\":\"kube-system\",\"name\":\"cilium-config\"},{\"kind\":\"cilium-node-config\",\"namespace\":\"kube-system\",\"name\":\"enable-service-topology\"}]'"
+time=2025-12-09T15:57:06.165626171Z level=info msg="  --enable-service-topology='true'"
+```
+
+## CiliumNodeConfig possible values
+
+You can retrieve all keys / values in the cilium-configmap file of the [Cilium](https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/templates/cilium-configmap.yaml) github repository.
+
+> [!warning]
+> Be aware that some keys could need some feature enablement in the cilium operator which could be disabled by default
+
+## Go further
+
+To have an overview of the OVHcloud Managed Kubernetes service, you can go to the [OVHcloud Managed Kubernetes page](/links/public-cloud/kubernetes).
+
+To learn more about how to use your Kubernetes cluster the practical way, we invite you to read our [tutorials](/products/public-cloud-containers-orchestration-managed-kubernetes-k8s).
+
+- If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](/links/professional-services) to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.
+
+- Join our [community of users](https://community.ovh.com/en/).

pages/public_cloud/containers_orchestration/managed_kubernetes/customizing-cilium/meta.yaml

@@ -0,0 +1,2 @@
+id: 3d2d260e-c0b3-423e-897a-79d15cf5d84d
+full_slug: public-cloud-kubernetes-customizing-cilium