From 41a042feefec74eb2d18fc943eb14698ee03792a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Martins?= Date: Sat, 24 Nov 2018 17:17:45 +0100 Subject: [PATCH] admin-cluster/network-policy-provider: update Cilium documentation (#11214) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Martins --- .../cilium-network-policy.md | 46 +++++++++++-------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md index 87bfffe583..ed3fd0f715 100644 --- a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md +++ b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md @@ -1,6 +1,7 @@ --- reviewers: - danwent +- aanm title: Use Cilium for NetworkPolicy content_template: templates/task weight: 20 @@ -9,7 +10,7 @@ weight: 20 {{% capture overview %}} This page shows how to use Cilium for NetworkPolicy. -For background on Cilium, read the [Introduction to Cilium](https://cilium.readthedocs.io/en/latest/intro). +For background on Cilium, read the [Introduction to Cilium](https://cilium.readthedocs.io/en/stable/intro). {{% /capture %}} {{% capture prerequisites %}} @@ -22,21 +23,28 @@ For background on Cilium, read the [Introduction to Cilium](https://cilium.readt ## Deploying Cilium on Minikube for Basic Testing To get familiar with Cilium easily you can follow the -[Cilium Kubernetes Getting Started Guide](https://docs.cilium.io/en/latest/gettingstarted/minikube/) +[Cilium Kubernetes Getting Started Guide](https://cilium.readthedocs.io/en/stable/gettingstarted/minikube/) to perform a basic DaemonSet installation of Cilium in minikube. -Installation in a minikube setup uses a simple ''all-in-one'' YAML -file that includes DaemonSet configurations for Cilium, to connect -to the minikube's etcd instance as well as appropriate RBAC settings: +As Cilium requires a standalone etcd instance, for minikube you can deploy it +by running: ```shell -$ kubectl create -f https://raw.githubusercontent.com/cilium/cilium/master/examples/kubernetes/cilium.yaml -configmap "cilium-config" created -secret "cilium-etcd-secrets" created -serviceaccount "cilium" created -clusterrolebinding "cilium" created -daemonset "cilium" created -clusterrole "cilium" created +kubectl create -n kube-system -f https://raw.githubusercontent.com/cilium/cilium/v1.3/examples/kubernetes/addons/etcd/standalone-etcd.yaml +``` + +After etcd is up and running you can deploy Cilium Kubernetes descriptor which +is a simple ''all-in-one'' YAML file that includes DaemonSet configurations for +Cilium, to connect to the etcd instance previously deployed as well as +appropriate RBAC settings: + +```shell +$ kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.3/examples/kubernetes/1.12/cilium.yaml +configmap/cilium-config created +daemonset.apps/cilium created +clusterrolebinding.rbac.authorization.k8s.io/cilium created +clusterrole.rbac.authorization.k8s.io/cilium created +serviceaccount/cilium created ``` The remainder of the Getting Started Guide explains how to enforce both L3/L4 @@ -65,8 +73,8 @@ kubectl get pods --namespace=kube-system You'll see a list of Pods similar to this: ```console -NAME DESIRED CURRENT READY NODE-SELECTOR AGE -cilium 1 1 1 2m +NAME READY STATUS RESTARTS AGE +cilium-6rxbd 1/1 Running 0 1m ... ``` @@ -74,12 +82,10 @@ There are two main components to be aware of: - One `cilium` Pod runs on each node in your cluster and enforces network policy on the traffic to/from Pods on that node using Linux BPF. -- For production deployments, Cilium should leverage the key-value store cluster -(e.g., etcd) used by Kubernetes, which typically runs on the Kubernetes master nodes. -The [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/latest/kubernetes/install/) -includes an example DaemonSet which can be customized to point to this key-value -store cluster. The simple ''all-in-one'' DaemonSet for minikube requires no such -configuration because it automatically connects to the minikube's etcd instance. +- For production deployments, Cilium should leverage a key-value store +(e.g., etcd). The [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/latest/kubernetes/install/) +will provide the necessary steps on how to install this required key-value +store as well how to configure it in Cilium. {{% /capture %}}