github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/k8s-install-external-etcd.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 http://docs.cilium.io 6 7 .. _admin_install_daemonset: 8 .. _k8s_install_etcd: 9 10 ******************************* 11 Installation with external etcd 12 ******************************* 13 14 This guide walks you through the steps required to set up Cilium on Kubernetes 15 using an external etcd. Use of an external etcd provides better performance and 16 is suitable for larger environments. If you are looking for a simple 17 installation method to get started, refer to the section 18 :ref:`k8s_install_etcd_operator`. 19 20 Should you encounter any issues during the installation, please refer to the 21 :ref:`troubleshooting_k8s` section and / or seek help on :ref:`slack`. 22 23 When do I need to use a kvstore? 24 ================================ 25 26 Unlike the section :ref:`k8s_quick_install`, this guide explains how to 27 configure Cilium to use an external kvstore such as etcd. If you are unsure 28 whether you need to use a kvstore at all, the following is a list of reasons 29 when to use a kvstore: 30 31 * If you want to use the :ref:`Cluster Mesh` functionality. 32 * If you are running in an environment with more than 250 nodes, 5k pods, or 33 if you observe a high overhead in state propagation caused by Kubernetes 34 events. 35 * If you do not want Cilium to store state in Kubernetes custom resources 36 (CRDs). 37 38 .. _ds_deploy: 39 40 .. include:: requirements_intro.rst 41 42 Configure the External Etcd 43 =========================== 44 45 When using an external kvstore, the address of the external kvstore needs to be 46 configured in the ConfigMap. Download the base YAML and configure it with 47 `Helm`: 48 49 .. include:: k8s-install-download-release.rst 50 51 Change the etcd endpoints accordingly: 52 53 .. code:: bash 54 55 helm template cilium \ 56 --namespace kube-system \ 57 --set global.etcd.enabled=true \ 58 --set global.etcd.endpoints[0]=http://etcd-endpoint1:2379 \ 59 --set global.etcd.endpoints[1]=http://etcd-endpoint2:2379 \ 60 > cilium.yaml 61 62 63 Optional: Configure the SSL certificates 64 ---------------------------------------- 65 66 Create a Kubernetes secret with the root certificate authority, and client-side 67 key and certificate of etcd: 68 69 .. code:: bash 70 71 kubectl create secret generic -n kube-system cilium-etcd-secrets \ 72 --from-file=etcd-client-ca.crt=ca.crt \ 73 --from-file=etcd-client.key=client.key \ 74 --from-file=etcd-client.crt=client.crt 75 76 Adjust the helm template generation to enable SSL for etcd and use https instead 77 of http for the etcd endpoint URLs: 78 79 .. code:: bash 80 81 helm template cilium \ 82 --namespace kube-system \ 83 --set global.etcd.enabled=true \ 84 --set global.etcd.ssl=true \ 85 --set global.etcd.endpoints[0]=https://etcd-endpoint1:2379 \ 86 --set global.etcd.endpoints[1]=https://etcd-endpoint2:2379 \ 87 > cilium.yaml 88 89 Deploy Cilium 90 ------------- 91 92 .. code:: bash 93 94 kubectl create -f cilium.yaml 95 96 Validate the Installation 97 ========================= 98 99 Verify that Cilium pods were started on each of your worker nodes 100 101 .. code:: bash 102 103 kubectl --namespace kube-system get ds cilium 104 NAME DESIRED CURRENT READY NODE-SELECTOR AGE 105 cilium 4 4 4 <none> 2m 106 107 kubectl -n kube-system get deployments cilium-operator 108 NAME READY UP-TO-DATE AVAILABLE AGE 109 cilium-operator 1/1 1 1 5m25s