github.com/cilium/cilium@v1.16.2/Documentation/installation/cni-chaining-calico.rst

github.com/cilium/cilium@v1.16.2/Documentation/installation/cni-chaining-calico.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      https://docs.cilium.io
     6  
     7  ******
     8  Calico
     9  ******
    10  
    11  This guide instructs how to install Cilium in chaining configuration on top of
    12  `Calico <https://github.com/projectcalico/calico>`_.
    13  
    14  .. include:: cni-chaining-limitations.rst
    15  
    16  Create a CNI configuration
    17  ==========================
    18  
    19  Create a ``chaining.yaml`` file based on the following template to specify the
    20  desired CNI chaining configuration:
    21  
    22  
    23  .. code-block:: yaml
    24  
    25      apiVersion: v1
    26      kind: ConfigMap
    27      metadata:
    28        name: cni-configuration
    29        namespace: kube-system
    30      data:
    31        cni-config: |-
    32          {
    33            "name": "generic-veth",
    34            "cniVersion": "0.3.1",
    35            "plugins": [
    36              {
    37                "type": "calico",
    38                "log_level": "info",
    39                "datastore_type": "kubernetes",
    40                "mtu": 1440,
    41                "ipam": {
    42                    "type": "calico-ipam"
    43                },
    44                "policy": {
    45                    "type": "k8s"
    46                },
    47                "kubernetes": {
    48                    "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
    49                }
    50              },
    51              {
    52                "type": "portmap",
    53                "snat": true,
    54                "capabilities": {"portMappings": true}
    55              },
    56              {
    57                "type": "cilium-cni"
    58              }
    59            ]
    60          }
    61  
    62  Deploy the :term:`ConfigMap`:
    63  
    64  .. code-block:: shell-session
    65  
    66     kubectl apply -f chaining.yaml
    67  
    68  Deploy Cilium with the portmap plugin enabled
    69  =============================================
    70  
    71  .. include:: k8s-install-download-release.rst
    72  
    73  Deploy Cilium release via Helm:
    74  
    75  .. parsed-literal::
    76  
    77      helm install cilium |CHART_RELEASE| \\
    78        --namespace=kube-system \\
    79        --set cni.chainingMode=generic-veth \\
    80        --set cni.customConf=true \\
    81        --set cni.configMap=cni-configuration \\
    82        --set routingMode=native \\
    83        --set enableIPv4Masquerade=false \\
    84        --set enableIdentityMark=false
    85  
    86  .. note::
    87  
    88     The new CNI chaining configuration will *not* apply to any pod that is
    89     already running the cluster. Existing pods will be reachable and Cilium will
    90     load-balance to them but policy enforcement will not apply to them and
    91     load-balancing is not performed for traffic originating from existing pods.
    92  
    93     You must restart these pods in order to invoke the chaining configuration on
    94     them.
    95  
    96  .. include:: k8s-install-validate.rst
    97  
    98  .. include:: next-steps.rst
    99