github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/aws-eni.rst

github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/aws-eni.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      http://docs.cilium.io
     6  
     7  .. _k8s_aws_eni:
     8  
     9  *********************************
    10  Setting up Cilium in AWS ENI mode
    11  *********************************
    12  
    13  Create an AWS cluster
    14  =====================
    15  
    16  Setup a Kubernetes on AWS. You can use any method you prefer, but for the
    17  simplicity of this tutorial, we are going to use `eksctl
    18  <https://github.com/weaveworks/eksctl>`_. For more details on how to set up an
    19  EKS cluster using ``eksctl``, see the section :ref:`k8s_install_eks`.
    20  
    21  .. code:: bash
    22  
    23     eksctl create cluster -n eni-cluster -N 0
    24  
    25  Disable the aws-node DaemonSet (EKS only)
    26  =========================================
    27  
    28  If you are running an EKS cluster, disable the ``aws-node`` DaemonSet so it
    29  does not interfere with the ENIs managed by Cilium:
    30  
    31  .. code:: bash
    32  
    33     kubectl -n kube-system set image daemonset/aws-node aws-node=docker.io/spaster/alpine-sleep
    34  
    35  Prepare & Deploy Cilium
    36  =======================
    37  
    38  .. include:: k8s-install-download-release.rst
    39  
    40  Generate the required YAML file and deploy it:
    41  
    42  .. code:: bash
    43  
    44     helm template cilium \
    45       --namespace kube-system \
    46       --set global.eni=true \
    47       --set global.egressMasqueradeInterfaces=eth0 \
    48       --set global.tunnel=disabled \
    49       --set global.nodeinit.enabled=true \
    50       > cilium.yaml
    51     kubectl create -f cilium.yaml
    52  
    53  .. note::
    54  
    55     The above options are assuming that masquerading is desired and that the VM
    56     is connected to the VPC using ``eth0``. It will route all traffic that does
    57     not stay in the VPC via ``eth0`` and masquerade it.
    58  
    59     If you want to avoid masquerading, set ``global.masquerade=false``. You must
    60     ensure that the security groups associated with the ENIs (``eth1``,
    61     ``eth2``, ...) allow for egress traffic to outside of the VPC. By default,
    62     the security groups for pod ENIs are derived from the primary ENI
    63     (``eth0``).
    64  
    65  Scale up the cluster
    66  ====================
    67  
    68  .. code:: bash
    69  
    70      eksctl get nodegroup --cluster eni-cluster
    71      CLUSTER			NODEGROUP	CREATED			MIN SIZE	MAX SIZE	DESIRED CAPACITY	INSTANCE TYPE	IMAGE ID
    72      test-cluster        	ng-25560078	2019-07-23T06:05:35Z	0		2		0			m5.large	ami-0923e4b35a30a5f53
    73  
    74  .. code:: bash
    75  
    76      eksctl scale nodegroup --cluster eni-cluster -n ng-25560078 -N 2
    77      [ℹ]  scaling nodegroup stack "eksctl-test-cluster-nodegroup-ng-25560078" in cluster eksctl-test-cluster-cluster
    78      [ℹ]  scaling nodegroup, desired capacity from 0 to 2
    79  
    80  .. include:: k8s-install-validate.rst