Add docs on using etcd-manager for cilium

docs/networking.md

@@ -491,6 +491,32 @@ The following command will launch your cluster with desired Cilium configuration
 $ kops update cluster myclustername.mydns.io --yes
 ```
 
+##### Using etcd for agent state sync
+
+By default, Cilium will use CRDs for synchronizing agent state. This can cause performance problems on larger clusters. As of kops 1.18, kops can manage an etcd cluster using etcd-manager dedicated for cilium agent state sync. The [Cilium docs](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-external-etcd/) contains recommendations for this must be enabled.
+
+Add the following to `spec.etcdClusters`:
+Make sure `instanceGroup` match the other etcd clusters.
+
+```
+  - etcdMembers:
+    - instanceGroup: master-az-1a
+      name: a
+    - instanceGroup: master-az-1b
+      name: b
+    - instanceGroup: master-az-1c
+      name: c
+    name: cilium
+```
+
+Then enable etcd as kvstore:
+
+```
+  networking:
+    cilium:
+      etcdManaged: true
+```
+
 ##### Enabling BPF NodePort
 
 As of Kops 1.18 you can safely enable Cilium NodePort.

docs/releases/1.18-NOTES.md

@@ -14,7 +14,9 @@
 
 * Rolling updates now support surging and parallelism within an instance group. For details see [the documentation](../operations/rolling-update.md).
 
-* Cilium CNI can now use AWS networking natively through the AWS ENI IPAM mode. Kops can also run a Kubernetes cluster entirely without kube-proxy using Cilium's BPF NodePort implementation
+* Cilium CNI can now use AWS networking natively through the AWS ENI IPAM mode. Kops can also run a Kubernetes cluster entirely without kube-proxy using Cilium's BPF NodePort implementation.
+
+* Cilium CNI can now use a dedicated etcd cluster managed by etcd-manager for synchronizing agent state instead of CRDs.
 
 * The Terraform target now supports Terraform 0.12 syntax (HCL2) by default. See the Required Actions item below.