github.com/cilium/cilium@v1.16.2/Documentation/installation/k8s-install-external-etcd.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 https://docs.cilium.io 6 7 .. _admin_install_daemonset: 8 .. _k8s_install_etcd: 9 10 ******************************* 11 Installation with external etcd 12 ******************************* 13 14 This guide walks you through the steps required to set up Cilium on Kubernetes 15 using an external etcd. Use of an external etcd provides better performance and 16 is suitable for larger environments. 17 18 Should you encounter any issues during the installation, please refer to the 19 :ref:`troubleshooting_k8s` section and/or seek help on `Cilium Slack`_. 20 21 When do I need to use a kvstore? 22 ================================ 23 24 Unlike the section :ref:`k8s_quick_install`, this guide explains how to 25 configure Cilium to use an external kvstore such as etcd. If you are unsure 26 whether you need to use a kvstore at all, the following is a list of reasons 27 when to use a kvstore: 28 29 * If you are running in an environment where you observe a high overhead in 30 state propagation caused by Kubernetes events. 31 * If you do not want Cilium to store state in Kubernetes custom resources 32 (CRDs). 33 * If you run a cluster with more pods and more nodes than the ones tested 34 in the :ref:`scalability_guide`. 35 36 .. _ds_deploy: 37 38 .. include:: requirements-intro.rst 39 40 You will also need an external etcd version 3.4.0 or higher. 41 42 Kvstore and Cilium dependency 43 ============================= 44 When using an external kvstore, it's important to break the circular dependency between Cilium and kvstore. 45 If kvstore pods are running within the same cluster and are using a pod network then kvstore relies on Cilium. 46 However, Cilium also relies on the kvstore, which creates a circular dependency. 47 There are two recommended ways of breaking this dependency: 48 49 * Deploy kvstore outside of cluster or on separately managed cluster. 50 * Deploy kvstore pods with a host network, by specifying ``hostNetwork: true`` in the pod spec. 51 52 Configure Cilium 53 =========================== 54 55 When using an external kvstore, the address of the external kvstore needs to be 56 configured in the ConfigMap. Download the base YAML and configure it with 57 :term:`Helm`: 58 59 .. include:: k8s-install-download-release.rst 60 61 Deploy Cilium release via Helm: 62 63 .. parsed-literal:: 64 65 helm install cilium |CHART_RELEASE| \\ 66 --namespace kube-system \\ 67 --set etcd.enabled=true \\ 68 --set "etcd.endpoints[0]=http://etcd-endpoint1:2379" \\ 69 --set "etcd.endpoints[1]=http://etcd-endpoint2:2379" \\ 70 --set "etcd.endpoints[2]=http://etcd-endpoint3:2379" 71 72 If you do not want Cilium to store state in Kubernetes custom resources (CRDs), 73 consider setting ``identityAllocationMode``:: 74 75 --set identityAllocationMode=kvstore 76 77 78 Optional: Configure the SSL certificates 79 ---------------------------------------- 80 81 Create a Kubernetes secret with the root certificate authority, and client-side 82 key and certificate of etcd: 83 84 .. code-block:: shell-session 85 86 kubectl create secret generic -n kube-system cilium-etcd-secrets \ 87 --from-file=etcd-client-ca.crt=ca.crt \ 88 --from-file=etcd-client.key=client.key \ 89 --from-file=etcd-client.crt=client.crt 90 91 Adjust the helm template generation to enable SSL for etcd and use https instead 92 of http for the etcd endpoint URLs: 93 94 .. parsed-literal:: 95 96 helm install cilium |CHART_RELEASE| \\ 97 --namespace kube-system \\ 98 --set etcd.enabled=true \\ 99 --set etcd.ssl=true \\ 100 --set "etcd.endpoints[0]=https://etcd-endpoint1:2379" \\ 101 --set "etcd.endpoints[1]=https://etcd-endpoint2:2379" \\ 102 --set "etcd.endpoints[2]=https://etcd-endpoint3:2379" 103 104 .. include:: k8s-install-validate.rst 105 106 .. include:: next-steps.rst