github.com/cilium/cilium@v1.16.2/Documentation/network/kube-router.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 https://docs.cilium.io 6 7 .. _kube-router: 8 9 ***************************************** 10 Using Kube-Router to Run BGP (deprecated) 11 ***************************************** 12 13 This guide explains how to configure Cilium and kube-router to co-operate to 14 use kube-router for BGP peering and route propagation and Cilium for policy 15 enforcement and load-balancing. 16 17 .. include:: ../beta.rst 18 19 Deploy kube-router 20 ################## 21 22 Download the kube-router DaemonSet template: 23 24 .. code-block:: shell-session 25 26 curl -LO https://raw.githubusercontent.com/cloudnativelabs/kube-router/v1.2/daemonset/generic-kuberouter-only-advertise-routes.yaml 27 28 Open the file ``generic-kuberouter-only-advertise-routes.yaml`` and edit the 29 ``args:`` section. The following arguments are **required** to be set to 30 exactly these values: 31 32 .. code-block:: yaml 33 34 - "--run-router=true" 35 - "--run-firewall=false" 36 - "--run-service-proxy=false" 37 - "--enable-cni=false" 38 - "--enable-pod-egress=false" 39 40 The following arguments are **optional** and may be set according to your 41 needs. For the purpose of keeping this guide simple, the following values are 42 being used which require the least preparations in your cluster. Please see the 43 `kube-router user guide 44 <https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md>`_ 45 for more information. 46 47 .. code-block:: yaml 48 49 - "--enable-ibgp=true" 50 - "--enable-overlay=true" 51 - "--advertise-cluster-ip=true" 52 - "--advertise-external-ip=true" 53 - "--advertise-loadbalancer-ip=true" 54 55 The following arguments are **optional** and should be set if you want BGP peering 56 with an external router. This is useful if you want externally routable Kubernetes 57 Pod and Service IPs. Note the values used here should be changed to 58 whatever IPs and ASNs are configured on your external router. 59 60 .. code-block:: yaml 61 62 - "--cluster-asn=65001" 63 - "--peer-router-ips=10.0.0.1,10.0.2" 64 - "--peer-router-asns=65000,65000" 65 66 Apply the DaemonSet file to deploy kube-router and verify it has come up 67 correctly: 68 69 .. code-block:: shell-session 70 71 $ kubectl apply -f generic-kuberouter-only-advertise-routes.yaml 72 $ kubectl -n kube-system get pods -l k8s-app=kube-router 73 NAME READY STATUS RESTARTS AGE 74 kube-router-n6fv8 1/1 Running 0 10m 75 kube-router-nj4vs 1/1 Running 0 10m 76 kube-router-xqqwc 1/1 Running 0 10m 77 kube-router-xsmd4 1/1 Running 0 10m 78 79 Deploy Cilium 80 ############# 81 82 In order for routing to be delegated to kube-router, tunneling/encapsulation 83 must be disabled. This is done by setting the ``routing-mode=native`` in the 84 ConfigMap ``cilium-config`` or by adjusting the DaemonSet to run the 85 ``cilium-agent`` with the argument ``--routing-mode=native``. Moreover, in the 86 same ConfigMap, we must explicitly set ``ipam: kubernetes`` since kube-router 87 pulls the pod CIDRs directly from K8s: 88 89 .. code-block:: yaml 90 91 # Encapsulation mode for communication between nodes 92 # Possible values: 93 # - disabled 94 # - vxlan (default) 95 # - geneve 96 routing-mode: "native" 97 ipam: "kubernetes" 98 99 You can then install Cilium according to the instructions in section 100 :ref:`ds_deploy`. 101 102 Ensure that Cilium is up and running: 103 104 .. code-block:: shell-session 105 106 $ kubectl -n kube-system get pods -l k8s-app=cilium 107 NAME READY STATUS RESTARTS AGE 108 cilium-fhpk2 1/1 Running 0 45m 109 cilium-jh6kc 1/1 Running 0 44m 110 cilium-rlx6n 1/1 Running 0 44m 111 cilium-x5x9z 1/1 Running 0 45m 112 113 Verify Installation 114 ################### 115 116 Verify that kube-router has installed routes: 117 118 .. code-block:: shell-session 119 120 $ kubectl -n kube-system exec ds/cilium -- ip route list scope global 121 default via 172.0.32.1 dev eth0 proto dhcp src 172.0.50.227 metric 1024 122 10.2.0.0/24 via 10.2.0.172 dev cilium_host src 10.2.0.172 123 10.2.1.0/24 via 172.0.51.175 dev eth0 proto 17 124 10.2.2.0/24 dev tun-172011760 proto 17 src 172.0.50.227 125 10.2.3.0/24 dev tun-1720186231 proto 17 src 172.0.50.227 126 127 In the above example, we see three categories of routes that have been 128 installed: 129 130 * *Local PodCIDR:* This route points to all pods running on the host and makes 131 these pods available to 132 * ``10.2.0.0/24 via 10.2.0.172 dev cilium_host src 10.2.0.172`` 133 * *BGP route:* This type of route is installed if kube-router determines that 134 the remote PodCIDR can be reached via a router known to the local host. It 135 will instruct pod to pod traffic to be forwarded directly to that router 136 without requiring any encapsulation. 137 * ``10.2.1.0/24 via 172.0.51.175 dev eth0 proto 17`` 138 * *IPIP tunnel route:* If no direct routing path exists, kube-router will fall 139 back to using an overlay and establish an IPIP tunnel between the nodes. 140 * ``10.2.2.0/24 dev tun-172011760 proto 17 src 172.0.50.227`` 141 * ``10.2.3.0/24 dev tun-1720186231 proto 17 src 172.0.50.227`` 142 143 .. include:: ../installation/k8s-install-validate.rst