github.com/cilium/cilium@v1.16.2/Documentation/installation/requirements-eks.rst

github.com/cilium/cilium@v1.16.2/Documentation/installation/requirements-eks.rst (about)

     1  To install Cilium on `Amazon Elastic Kubernetes Service (EKS) <https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html>`_,
     2  perform the following steps:
     3  
     4  **Default Configuration:**
     5  
     6  ===================== =================== ==============
     7  Datapath              IPAM                Datastore
     8  ===================== =================== ==============
     9  Direct Routing (ENI)  AWS ENI             Kubernetes CRD
    10  ===================== =================== ==============
    11  
    12  For more information on AWS ENI mode, see :ref:`ipam_eni`.
    13  
    14  .. tip::
    15  
    16     To chain Cilium on top of the AWS CNI, see :ref:`chaining_aws_cni`.
    17  
    18     You can also bring up Cilium in a Single-Region, Multi-Region, or Multi-AZ environment for EKS.
    19  
    20  
    21  **Requirements:**
    22  
    23  * The `EKS Managed Nodegroups <https://eksctl.io/usage/eks-managed-nodes>`_ must
    24    be properly tainted to ensure applications pods are properly managed by
    25    Cilium:
    26  
    27    * ``managedNodeGroups`` should be tainted with
    28      ``node.cilium.io/agent-not-ready=true:NoExecute`` to ensure application
    29      pods will only be scheduled once Cilium is ready to manage them. However,
    30      there are other options. Please make sure to read and understand the
    31      documentation page on :ref:`taint effects and unmanaged pods<taint_effects>`.
    32    
    33      Below is an example on how to use `ClusterConfig <https://eksctl.io/usage/creating-and-managing-clusters/#using-config-files>`_
    34      file to create the cluster:
    35  
    36      .. code-block:: yaml
    37  
    38          apiVersion: eksctl.io/v1alpha5
    39          kind: ClusterConfig
    40          ...
    41          managedNodeGroups:
    42          - name: ng-1
    43            ...
    44            # taint nodes so that application pods are
    45            # not scheduled/executed until Cilium is deployed.
    46            # Alternatively, see the note above regarding taint effects.
    47            taints:
    48             - key: "node.cilium.io/agent-not-ready"
    49               value: "true"
    50               effect: "NoExecute"
    51  
    52  **Limitations:**
    53  
    54  * The AWS ENI integration of Cilium is currently only enabled for IPv4. If you
    55    want to use IPv6, use a datapath/IPAM mode other than ENI.