docs: cleanup

jpayne3506 · jpayne3506 · commit 8b7897308719 · 2025-11-04T17:52:44.000-06:00
diff --git a/docs/feature/swift-v2/setup-guide-azcni.md b/docs/feature/swift-v2/setup-guide-azcni.md
@@ -1,4 +1,4 @@
-# Swiftv2 Cilium Setup Guide
+# Swiftv2 Cilium Upgrade Guide
 
 ## Steps
 ### Clone repo + checkout branch for *.yamls
@@ -7,6 +7,20 @@ git clone https://github.com/Azure/azure-container-networking.git
 git checkout jpayne3506/conflist-generation < TODO Change before merge >
 ```
 
+### Update Conflist
+Leverage a cni build from branch or use `acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0` < TODO Change before merge >
+- This will install our chained conflist through the use of `test/integration/manifests/cni/conflist-installer.yaml`
+
+```
+export CONFLIST=azure-chained-cilium.conflist
+export CONFLIST_PRIORITY=05
+export CNI_IMAGE=acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0
+envsubst '${CONFLIST},${CONFLIST_PRIORITY},${CNI_IMAGE}' < test/integration/manifests/cni/conflist-installer.yaml | kubectl apply -f -
+```
+
+> NOTE: if your current conflist file name starts with `05` then change our previous filename to one with higher priority to ensure that it is consumed. i.e. `03-azure-chained-cilium.conflist`
+
+
 ### Apply cilium config
 ```
 export DIR=1.17
@@ -17,15 +31,12 @@ kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-
 
 - Remove `kube-proxy-replacement-healthz-bind-address: "0.0.0.0:10256"` from configmap if kube-proxy is current on nodes
 
-### Apply cilium Agent + Operator
+### Apply cilium Agent + Operator + RBAC
 ```
 kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-operator/files
 kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-agent/files
-```
-
-### Apply/Edit CNS configmap
-```
-kubectl apply -f test/integration/manifests/cnsconfig/azcnichainedciliumconfigmap.yaml
+envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-agent/templates/daemonset.yaml | kubectl apply -f -
+envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-operator/templates/deployment.yaml | kubectl apply -f -
 ```
 
 !!!! TODO !!!!
@@ -42,11 +53,6 @@ Remove `#### Must have configmap values`
 "CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"
 ```
 
-### Update CNS image
-Leverage a cns build from branch or use `acnpublic.azurecr.io/azure-cns:v1.7.5-2-g94c36c070` < TODO Change before merge >
-- This will install our chained conflist through the use of `"CNIConflistScenario": "azurecni-chained-cilium"` and it will be installed on the node here `"CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"`
-
-> NOTE: if your current conflist file name starts with `05` then change our previous filename to one with higher priority to ensure that it is consumed on restart. I.e. `03-azure-chained-cilium.conflist`
 
 ### If kube-proxy was present
 #### Remove kube-proxy
@@ -65,11 +71,14 @@ kubectl rollout restart ds -n kube-system cilium
     - You do not need to remove if node does not have kube-proxy enabled
   - If applied before agent is in ready state then no need to restart agent
 - Apply Agent + Operator
+
+!!! TODO REPLACE WITH INSTALLER !!!
 - Apply/Edit CNS config with
   - "ProgramSNATIPTables": false
   - "CNIConflistScenario": "azurecni-chained-cilium"
   - "CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"
-- Update CNS image with build from branch or < TODO IMAGE NAME >
+!!!
+- Update CNI image with build from branch or < TODO IMAGE NAME >
   - This will install chained conflist
 
 #### If kube-proxy was present
@@ -96,27 +105,3 @@ kubectl rollout restart ds -n kube-system cilium
   - confirm CNP working by attempting to ping coredns pods
     - should fail if both are being maintained by cilium
     - confirm with `kubectl get cep -A`
-
-
-
-
-Managed Cil setup
-- Watcher deployment
-  - CIL DS
-  - RBAC
-  - CM
-    - Overwritten by DS
-- Conflist installer
-  - CONFLIST
-
-
-
-
-AZCNI Cil setup
-- Deploy from test/integration/manifests/cilium/v1.17
-  - CIL DS
-  - RBAC
-  - CM
-    - custom for sv2 test/integration/manifests/cilium/v1.17/cilium-config/cilium-chained-config.yaml
-- Conflist installer
-  - CONFLIST
diff --git a/docs/feature/swift-v2/setup-guide-cil.md b/docs/feature/swift-v2/setup-guide-cil.md
@@ -7,68 +7,37 @@ git clone https://github.com/Azure/azure-container-networking.git
 git checkout jpayne3506/conflist-generation < TODO Change before merge >
 ```
 
-### Apply cilium config
+### Update Conflist
+Leverage a cni build from branch or use `acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0` < TODO Change before merge >
+- This will install our chained conflist through the use of `test/integration/manifests/cni/conflist-installer.yaml`
+
 ```
-export DIR=1.17
-export CILIUM_VERSION_TAG=v1.17.7-250927
-export CILIUM_IMAGE_REGISTRY=mcr.microsoft.com/containernetworking
-kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-chained-config.yaml
+export CONFLIST=azure-chained-cilium.conflist
+export CONFLIST_PRIORITY=05
+export CNI_IMAGE=acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0
+envsubst '${CONFLIST},${CONFLIST_PRIORITY},${CNI_IMAGE}' < test/integration/manifests/cni/conflist-installer.yaml | kubectl apply -f -
 ```
 
-- Remove `kube-proxy-replacement-healthz-bind-address: "0.0.0.0:10256"` from configmap if kube-proxy is current on nodes
+> NOTE: if your current conflist file name starts with `05` then change our previous filename to one with higher priority to ensure that it is consumed. i.e. `03-azure-chained-cilium.conflist`
 
-### Apply cilium Agent + Operator
-```
-kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-operator/files
-kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-agent/files
-```
 
-### Apply/Edit CNS configmap
+### Apply Watcher
 ```
-kubectl apply -f test/integration/manifests/cnsconfig/azcnichainedciliumconfigmap.yaml
+kubectl apply -f test/integration/manifests/cilium/watcher/deployment.yaml
 ```
-#### Must have configmap values
+
+- Watcher obtains existing RBAC and DS from managed node
+  - We overwrite CM values through the use of DS args on the `cilium-agent` container
+i.e. overwrites `--cni-chaining-mode`
 ```
-"ProgramSNATIPTables": false
-"CNIConflistScenario": "azurecni-chained-cilium"
-"CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"
+yq eval '.spec.template.spec.containers[0].args += ["--cni-chaining-mode=generic-veth"]' -i "$temp_file"
 ```
 
-### Update CNS image
-Leverage a cns build from branch or use `acnpublic.azurecr.io/azure-cns:v1.7.5-2-g94c36c070` < TODO Change before merge >
-- This will install our chained conflist through the use of `"CNIConflistScenario": "azurecni-chained-cilium"` and it will be installed on the node here `"CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"`
-
-> NOTE: if your current conflist file name starts with `05` then change our previous filename to one with higher priority to ensure that it is consumed on restart. I.e. `03-azure-chained-cilium.conflist`
-
-### If kube-proxy was present
-#### Remove kube-proxy
-> NOTE: Reapply `kube-proxy-replacement-healthz-bind-address: "0.0.0.0:10256"` to cilium configmap if previously removed
-
-This can be done either by editing the node-selectors or deleting the ds. Both work...
-
-#### Restart Cilium
-kubectl rollout restart ds -n kube-system cilium
 
 
 ### Quick Summary
-- Apply/Edit Cilium Config with
-  - `cni-chaining-mode: generic-veth`
-  - remove `kube-proxy-replacement-healthz-bind-address`
-    - You do not need to remove if node does not have kube-proxy enabled
-  - If applied before agent is in ready state then no need to restart agent
-- Apply Agent + Operator
-- Apply/Edit CNS config with
-  - "ProgramSNATIPTables": false
-  - "CNIConflistScenario": "azurecni-chained-cilium"
-  - "CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"
-- Update CNS image with build from branch or < TODO IMAGE NAME >
-  - This will install chained conflist
-
-#### If kube-proxy was present
-- Reapply `kube-proxy-replacement-healthz-bind-address: "0.0.0.0:10256"` to cilium configmap
-- Remove Kube-proxy
-- Restart Cilium
-
+- Apply conflist installer to update conflist on BYON
+- Apply Watcher and Overwrite existing CM values through `cilium-agent` container
 
 ## Quick Vaildation testing
 - Create pods from deploy
@@ -88,27 +57,3 @@ kubectl rollout restart ds -n kube-system cilium
   - confirm CNP working by attempting to ping coredns pods
     - should fail if both are being maintained by cilium
     - confirm with `kubectl get cep -A`
-
-
-
-
-Managed Cil setup
-- Watcher deployment
-  - CIL DS
-  - RBAC
-  - CM
-    - Overwritten by DS
-- Conflist installer
-  - CONFLIST
-
-
-
-
-AZCNI Cil setup
-- Deploy from test/integration/manifests/cilium/v1.17
-  - CIL DS
-  - RBAC
-  - CM
-    - custom for sv2 test/integration/manifests/cilium/v1.17/cilium-config/cilium-chained-config.yaml
-- Conflist installer
-  - CONFLIST
