network-policy-provider: updating cilium documentation for v1.4.0 (#12627)
Signed-off-by: André Martins <aanm90@gmail.com>
This commit is contained in:
		
							parent
							
								
									9fcf418680
								
							
						
					
					
						commit
						0a5ff4417d
					
				|  | @ -302,31 +302,30 @@ kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/ | |||
| {{% /tab %}} | ||||
| 
 | ||||
| {{% tab name="Cilium" %}} | ||||
| For more information about using Cilium with Kubernetes, see [Quickstart for Cilium on Kubernetes](http://docs.cilium.io/en/v1.2/kubernetes/quickinstall/) and [Kubernetes Install guide for Cilium](http://docs.cilium.io/en/v1.2/kubernetes/install/). | ||||
| 
 | ||||
| Passing `--pod-network-cidr` option to `kubeadm init` is not required, but highly recommended. | ||||
| For more information about using Cilium with Kubernetes, see [Kubernetes Install guide for Cilium](https://docs.cilium.io/en/stable/kubernetes/). | ||||
| 
 | ||||
| These commands will deploy Cilium with its own etcd managed by etcd operator. | ||||
| 
 | ||||
| _Note_: If you are running kubeadm in a single node please untaint it so that | ||||
| etcd-operator pods can be scheduled in the control-plane node. | ||||
| 
 | ||||
| ```shell | ||||
| # Download required manifests from Cilium repository | ||||
| wget https://github.com/cilium/cilium/archive/v1.2.0.zip | ||||
| unzip v1.2.0.zip | ||||
| cd cilium-1.2.0/examples/kubernetes/addons/etcd-operator | ||||
| 
 | ||||
| # Generate and deploy etcd certificates | ||||
| export CLUSTER_DOMAIN=$(kubectl get ConfigMap --namespace kube-system coredns -o yaml | awk '/kubernetes/ {print $2}') | ||||
| tls/certs/gen-cert.sh $CLUSTER_DOMAIN | ||||
| tls/deploy-certs.sh | ||||
| 
 | ||||
| # Label kube-dns with fixed identity label | ||||
| kubectl label -n kube-system pod $(kubectl -n kube-system get pods -l k8s-app=kube-dns -o jsonpath='{range .items[]}{.metadata.name}{" "}{end}') io.cilium.fixed-identity=kube-dns | ||||
| 
 | ||||
| kubectl create -f ./ | ||||
| 
 | ||||
| # Wait several minutes for Cilium, coredns and etcd pods to converge to a working state | ||||
| kubectl taint nodes <node-name> node-role.kubernetes.io/master:NoSchedule- | ||||
| ``` | ||||
| 
 | ||||
| To deploy Cilium you just need to run: | ||||
| 
 | ||||
| ```shell | ||||
| kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.4/examples/kubernetes/1.13/cilium.yaml | ||||
| ``` | ||||
| 
 | ||||
| Once all Cilium pods are marked as `READY`, you start using your cluster. | ||||
| 
 | ||||
| ```shell | ||||
| $ kubectl get pods -n kube-system --selector=k8s-app=cilium | ||||
| NAME           READY   STATUS    RESTARTS   AGE | ||||
| cilium-drxkl   1/1     Running   0          18m | ||||
| ``` | ||||
| 
 | ||||
| {{% /tab %}} | ||||
| {{% tab name="Flannel" %}} | ||||
|  |  | |||
|  | @ -26,20 +26,22 @@ To get familiar with Cilium easily you can follow the | |||
| [Cilium Kubernetes Getting Started Guide](https://cilium.readthedocs.io/en/stable/gettingstarted/minikube/) | ||||
| to perform a basic DaemonSet installation of Cilium in minikube. | ||||
| 
 | ||||
| As Cilium requires a standalone etcd instance, for minikube you can deploy it | ||||
| by running: | ||||
| To start minikube, minimal version required is >= v0.33.1, run the with the | ||||
| following arguments: | ||||
| 
 | ||||
| ```shell | ||||
| kubectl create -n kube-system -f https://raw.githubusercontent.com/cilium/cilium/v1.3/examples/kubernetes/addons/etcd/standalone-etcd.yaml | ||||
| $ minikube version | ||||
| minikube version: v0.33.1 | ||||
| $ | ||||
| $ minikube start --network-plugin=cni --memory=4096 | ||||
| ``` | ||||
| 
 | ||||
| After etcd is up and running you can deploy Cilium Kubernetes descriptor which | ||||
| is a simple ''all-in-one'' YAML file that includes DaemonSet configurations for | ||||
| Cilium, to connect to the etcd instance previously deployed as well as | ||||
| appropriate RBAC settings: | ||||
| For minikube you can deploy this simple ''all-in-one'' YAML file that includes | ||||
| DaemonSet configurations for Cilium, and the necessary configurations to connect | ||||
| to the etcd instance deployed in minikube as well as appropriate RBAC settings: | ||||
| 
 | ||||
| ```shell | ||||
| $ kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.3/examples/kubernetes/1.12/cilium.yaml | ||||
| $ kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.4/examples/kubernetes/1.13/cilium-minikube.yaml | ||||
| configmap/cilium-config created | ||||
| daemonset.apps/cilium created | ||||
| clusterrolebinding.rbac.authorization.k8s.io/cilium created | ||||
|  | @ -54,7 +56,7 @@ policies using an example application. | |||
| ## Deploying Cilium for Production Use | ||||
| 
 | ||||
| For detailed instructions around deploying Cilium for production, see: | ||||
| [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/latest/kubernetes/install/) | ||||
| [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/stable/kubernetes/intro/) | ||||
| This documentation includes detailed requirements, instructions and example | ||||
| production DaemonSet files. | ||||
| 
 | ||||
|  | @ -83,7 +85,7 @@ There are two main components to be aware of: | |||
| - One `cilium` Pod runs on each node in your cluster and enforces network policy | ||||
| on the traffic to/from Pods on that node using Linux BPF. | ||||
| - For production deployments, Cilium should leverage a key-value store | ||||
| (e.g., etcd). The [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/latest/kubernetes/install/) | ||||
| (e.g., etcd). The [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/stable/kubernetes/intro/) | ||||
| will provide the necessary steps on how to install this required key-value | ||||
| store as well how to configure it in Cilium. | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue