kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

network-policy-provider: updating cilium documentation for v1.4.0 (#12627) 

Signed-off-by: André Martins <aanm90@gmail.com>
This commit is contained in:
André Martins 2019-02-15 06:50:21 +01:00 committed by Kubernetes Prow Robot
parent 9fcf418680
commit 0a5ff4417d
2 changed files with 30 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
content/en/docs/setup/independent/create-cluster-kubeadm.md
View File

@ -302,31 +302,30 @@ kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/
{{% /tab %}}
{{% tab name="Cilium" %}}
For more information about using Cilium with Kubernetes, see [Quickstart for Cilium on Kubernetes](http://docs.cilium.io/en/v1.2/kubernetes/quickinstall/) and [Kubernetes Install guide for Cilium](http://docs.cilium.io/en/v1.2/kubernetes/install/).
Passing `--pod-network-cidr` option to `kubeadm init` is not required, but highly recommended.
For more information about using Cilium with Kubernetes, see [Kubernetes Install guide for Cilium](https://docs.cilium.io/en/stable/kubernetes/).
These commands will deploy Cilium with its own etcd managed by etcd operator.
_Note_: If you are running kubeadm in a single node please untaint it so that
etcd-operator pods can be scheduled in the control-plane node.
```shell
# Download required manifests from Cilium repository
wget https://github.com/cilium/cilium/archive/v1.2.0.zip
unzip v1.2.0.zip
cd cilium-1.2.0/examples/kubernetes/addons/etcd-operator
# Generate and deploy etcd certificates
export CLUSTER_DOMAIN=$(kubectl get ConfigMap --namespace kube-system coredns -o yaml | awk '/kubernetes/ {print $2}')
tls/certs/gen-cert.sh $CLUSTER_DOMAIN
tls/deploy-certs.sh
# Label kube-dns with fixed identity label
kubectl label -n kube-system pod $(kubectl -n kube-system get pods -l k8s-app=kube-dns -o jsonpath='{range .items[]}{.metadata.name}{" "}{end}') io.cilium.fixed-identity=kube-dns
kubectl create -f ./
# Wait several minutes for Cilium, coredns and etcd pods to converge to a working state
kubectl taint nodes <node-name> node-role.kubernetes.io/master:NoSchedule-
```
To deploy Cilium you just need to run:
```shell
kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.4/examples/kubernetes/1.13/cilium.yaml
```
Once all Cilium pods are marked as `READY`, you start using your cluster.
```shell
$ kubectl get pods -n kube-system --selector=k8s-app=cilium
NAME READY STATUS RESTARTS AGE
cilium-drxkl 1/1 Running 0 18m
```
{{% /tab %}}
{{% tab name="Flannel" %}}

22
content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md
View File

@ -26,20 +26,22 @@ To get familiar with Cilium easily you can follow the
[Cilium Kubernetes Getting Started Guide](https://cilium.readthedocs.io/en/stable/gettingstarted/minikube/)
to perform a basic DaemonSet installation of Cilium in minikube.
As Cilium requires a standalone etcd instance, for minikube you can deploy it
by running:
To start minikube, minimal version required is >= v0.33.1, run the with the
following arguments:
```shell
kubectl create -n kube-system -f https://raw.githubusercontent.com/cilium/cilium/v1.3/examples/kubernetes/addons/etcd/standalone-etcd.yaml
$ minikube version
minikube version: v0.33.1
$
$ minikube start --network-plugin=cni --memory=4096
```
After etcd is up and running you can deploy Cilium Kubernetes descriptor which
is a simple ''all-in-one'' YAML file that includes DaemonSet configurations for
Cilium, to connect to the etcd instance previously deployed as well as
appropriate RBAC settings:
For minikube you can deploy this simple ''all-in-one'' YAML file that includes
DaemonSet configurations for Cilium, and the necessary configurations to connect
to the etcd instance deployed in minikube as well as appropriate RBAC settings:
```shell
$ kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.3/examples/kubernetes/1.12/cilium.yaml
$ kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.4/examples/kubernetes/1.13/cilium-minikube.yaml
configmap/cilium-config created
daemonset.apps/cilium created
clusterrolebinding.rbac.authorization.k8s.io/cilium created
@ -54,7 +56,7 @@ policies using an example application.
## Deploying Cilium for Production Use
For detailed instructions around deploying Cilium for production, see:
[Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/latest/kubernetes/install/)
[Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/stable/kubernetes/intro/)
This documentation includes detailed requirements, instructions and example
production DaemonSet files.
@ -83,7 +85,7 @@ There are two main components to be aware of:
- One `cilium` Pod runs on each node in your cluster and enforces network policy
on the traffic to/from Pods on that node using Linux BPF.
- For production deployments, Cilium should leverage a key-value store
(e.g., etcd). The [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/latest/kubernetes/install/)
(e.g., etcd). The [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/stable/kubernetes/intro/)
will provide the necessary steps on how to install this required key-value
store as well how to configure it in Cilium.