Is there an existing issue for this?

• I have searched the existing issues

What happened?

Yeah, we're running in EKS. Istio installed with hostNetwork: true due to us using a 3rd party CNI (currently Weave) and there's an admission controller or something that the K8s API needs to call back to Istio for and can't do so via CNI because the K8s API is managed, etc....

We're looking to move to Cilium and upon installing Cilium via helm install cilium cilium/cilium --version 1.11.4 -n kube-system, we've run into an issue where Cilium can't start on the nodes that istiod is also running on as istiod apparently listens on port 9876 for some controlz thing (https://istio.io/latest/docs/ops/diagnostic-tools/controlz/). Cilium also runs with hostNetwork: true and tries to bind 9876 as well and you see the problem :)

Are we the only people to ever run Cilium & Istio in an EKS cluster?

I think we can change the port in Istio --ctrlz_port but this might bite other people so FYI.

Cilium Version

1.11.4

Kernel Version

NA

Kubernetes Version

1.21

Sysdump

No response

Relevant log output

No response

Anything else?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct