Skip to content

Commit

Permalink
docs: update the Cilium CNI deployment
Browse files Browse the repository at this point in the history
Upate the job method.

Signed-off-by: egrosdou01 <eimaigr@hotmail.gr>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
  • Loading branch information
egrosdou01 authored and smira committed Dec 2, 2024
1 parent 191825a commit ff13ccc
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 18 deletions.
27 changes: 18 additions & 9 deletions website/content/v1.8/kubernetes-guides/network/deploying-cilium.md
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,8 @@ We can utilize a job pattern run arbitrary logic during bootstrap time.
We can leverage this to our advantage to install Cilium by using an inline manifest as shown in the example below:

``` yaml
inlineManifests:
cluster:
inlineManifests:
- name: cilium-install
contents: |
---
Expand Down Expand Up @@ -359,14 +360,22 @@ We can leverage this to our advantage to install Cilium by using an inline manif
command:
- cilium
- install
- --set ipam.mode=kubernetes
- --set kubeProxyReplacement=true
- --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
- --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
- --set cgroup.autoMount.enabled=false
- --set cgroup.hostRoot=/sys/fs/cgroup
- --set k8sServiceHost=localhost
- --set k8sServicePort=7445
- --set
- ipam.mode=kubernetes
- --set
- kubeProxyReplacement=true
- --set
- securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
- --set
- securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
- --set
- cgroup.autoMount.enabled=false
- --set
- cgroup.hostRoot=/sys/fs/cgroup
- --set
- k8sServiceHost=localhost
- --set
- k8sServicePort=7445
```

Because there is no CNI present at installation time the kubernetes.default.svc cannot be used to install Cilium, to overcome this limitation we'll utilize the host network connection to connect back to itself with 'hostNetwork: true' in tandem with the environment variables KUBERNETES_SERVICE_PORT and KUBERNETES_SERVICE_HOST.
Expand Down
27 changes: 18 additions & 9 deletions website/content/v1.9/kubernetes-guides/network/deploying-cilium.md
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,8 @@ We can utilize a job pattern run arbitrary logic during bootstrap time.
We can leverage this to our advantage to install Cilium by using an inline manifest as shown in the example below:

``` yaml
inlineManifests:
cluster:
inlineManifests:
- name: cilium-install
contents: |
---
Expand Down Expand Up @@ -359,14 +360,22 @@ We can leverage this to our advantage to install Cilium by using an inline manif
command:
- cilium
- install
- --set ipam.mode=kubernetes
- --set kubeProxyReplacement=true
- --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
- --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
- --set cgroup.autoMount.enabled=false
- --set cgroup.hostRoot=/sys/fs/cgroup
- --set k8sServiceHost=localhost
- --set k8sServicePort=7445
- --set
- ipam.mode=kubernetes
- --set
- kubeProxyReplacement=true
- --set
- securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
- --set
- securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
- --set
- cgroup.autoMount.enabled=false
- --set
- cgroup.hostRoot=/sys/fs/cgroup
- --set
- k8sServiceHost=localhost
- --set
- k8sServicePort=7445
```

Because there is no CNI present at installation time the kubernetes.default.svc cannot be used to install Cilium, to overcome this limitation we'll utilize the host network connection to connect back to itself with 'hostNetwork: true' in tandem with the environment variables KUBERNETES_SERVICE_PORT and KUBERNETES_SERVICE_HOST.
Expand Down

0 comments on commit ff13ccc

Please sign in to comment.