github.com/cilium/cilium@v1.16.2/Documentation/installation/cni-chaining-portmap.rst

github.com/cilium/cilium@v1.16.2/Documentation/installation/cni-chaining-portmap.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      https://docs.cilium.io
     6  
     7  
     8  .. _k8s_install_portmap:
     9  
    10  ******************
    11  Portmap (HostPort)
    12  ******************
    13  
    14  Starting from Cilium 1.8, the Kubernetes HostPort feature is supported natively
    15  through Cilium's eBPF-based kube-proxy replacement. CNI chaining is therefore
    16  not needed anymore. For more information, see section :ref:`kubeproxyfree_hostport`.
    17  
    18  However, for the case where Cilium is deployed as ``kubeProxyReplacement=false``,
    19  the HostPort feature can then be enabled via CNI chaining with the portmap plugin which
    20  implements HostPort. This guide documents how to enable the latter for the chaining
    21  case.
    22  
    23  For more general information about the Kubernetes HostPort feature, check out the
    24  upstream documentation:
    25  `Kubernetes hostPort-CNI plugin documentation
    26  <https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#support-hostport>`_.
    27  
    28  .. note::
    29  
    30     Before using HostPort, read the `Kubernetes Configuration Best Practices
    31     <https://kubernetes.io/docs/concepts/configuration/overview/>`_ to
    32     understand the implications of this feature.
    33  
    34  Deploy Cilium with the portmap plugin enabled
    35  =============================================
    36  
    37  .. include:: k8s-install-download-release.rst
    38  
    39  Deploy Cilium release via Helm:
    40  
    41  .. parsed-literal::
    42  
    43      helm install cilium |CHART_RELEASE| \\
    44        --namespace=kube-system \\
    45        --set cni.chainingMode=portmap
    46  
    47  .. note::
    48  
    49     You can combine the ``cni.chainingMode=portmap`` option with any of
    50     the other installation guides.
    51  
    52  As Cilium is deployed as a DaemonSet, it will write a new CNI configuration. The new
    53  configuration now enables HostPort. Any new pod scheduled is now able to make
    54  use of the HostPort functionality.
    55  
    56  Restart existing pods
    57  =====================
    58  
    59  The new CNI chaining configuration will *not* apply to any pod that is already
    60  running the cluster. Existing pods will be reachable and Cilium will
    61  load-balance to them but policy enforcement will not apply to them and
    62  load-balancing is not performed for traffic originating from existing pods.
    63  You must restart these pods in order to invoke the chaining configuration on
    64  them.