github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/kube-router.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 http://docs.cilium.io 6 7 .. _kube-router: 8 9 **************************** 10 Using kube-router to run BGP 11 **************************** 12 13 This guide explains how to configure Cilium and kube-router to co-operate to 14 use kube-router for BGP peering and route propagation and Cilium for policy 15 enforcement and load-balancing. 16 17 .. note:: 18 19 This is a beta feature. Please provide feedback and file a GitHub issue if 20 you experience any problems. 21 22 Deploy kube-router 23 ################## 24 25 Download the kube-router DaemonSet template: 26 27 .. code:: bash 28 29 curl -LO https://raw.githubusercontent.com/cloudnativelabs/kube-router/v0.2.0-beta.7/daemonset/generic-kuberouter-only-advertise-routes.yaml 30 31 Open the file ``generic-kuberouter-only-advertise-routes.yaml`` and edit the 32 ``args:`` section. The following arguments are **requried** to be set to 33 exactly these values: 34 35 .. code:: bash 36 37 - --run-router=true 38 - --run-firewall=false 39 - --run-service-proxy=false 40 - --enable-cni=false 41 - --enable-pod-egress=false 42 43 The following arguments are **optional** and may be set according to your 44 needs. For the purpose of keeping this guide simple, the following values are 45 being used which require the least preparations in your cluster. Please see the 46 `kube-router user guide 47 <https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md>`_ 48 for more information. 49 50 .. code:: bash 51 52 - --enable-ibgp=true 53 - --enable-overlay=true 54 - --advertise-cluster-ip=true 55 - --advertise-external-ip=true 56 - --advertise-loadbalancer-ip=true 57 58 The following arguments are **optional** and should be set if you want BGP peering 59 with an external router. This is useful if you want externally routable Kubernetes 60 Pod and Service IPs. Note the values used here should be changed to 61 whatever IPs and ASNs are configured on your external router. 62 63 .. code:: bash 64 65 - --cluster-asn=65001 66 - --peer-router-ips=10.0.0.1,10.0.2 67 - --peer-router-asns=65000,65000 68 69 Apply the DaemonSet file to deploy kube-router and verify it has come up 70 correctly: 71 72 .. code:: bash 73 74 $ kubectl apply -f generic-kuberouter-only-advertise-routes.yaml 75 $ kubectl -n kube-system get pods -l k8s-app=kube-router 76 NAME READY STATUS RESTARTS AGE 77 kube-router-n6fv8 1/1 Running 0 10m 78 kube-router-nj4vs 1/1 Running 0 10m 79 kube-router-xqqwc 1/1 Running 0 10m 80 kube-router-xsmd4 1/1 Running 0 10m 81 82 Deploy Cilium 83 ############# 84 85 In order for routing to be delegated to kube-router, tunneling/encapsulation 86 must be disabled. This is done by setting the ``tunnel=disabled`` in the 87 ConfigMap ``cilium-config`` or by adjusting the DaemonSet to run the 88 ``cilium-agent`` with the argument ``--tunnel=disabled``: 89 90 .. code:: bash 91 92 # Encapsulation mode for communication between nodes 93 # Possible values: 94 # - disabled 95 # - vxlan (default) 96 # - geneve 97 tunnel: "disabled" 98 99 You can then install Cilium according to the instructions in section 100 :ref:`ds_deploy`. 101 102 Ensure that Cilium is up and running: 103 104 .. code:: bash 105 106 $ kubectl -n kube-system get pods -l k8s-app=cilium 107 NAME READY STATUS RESTARTS AGE 108 cilium-fhpk2 1/1 Running 0 45m 109 cilium-jh6kc 1/1 Running 0 44m 110 cilium-rlx6n 1/1 Running 0 44m 111 cilium-x5x9z 1/1 Running 0 45m 112 113 Verify Installation 114 ################### 115 116 Verify that kube-router has installed routes: 117 118 .. code:: bash 119 120 $ kubectl -n kube-system exec -ti cilium-fhpk2 -- ip route list scope global 121 default via 172.0.32.1 dev eth0 proto dhcp src 172.0.50.227 metric 1024 122 10.2.0.0/24 via 10.2.0.172 dev cilium_host src 10.2.0.172 123 10.2.1.0/24 via 172.0.51.175 dev eth0 proto 17 124 10.2.2.0/24 dev tun-172011760 proto 17 src 172.0.50.227 125 10.2.3.0/24 dev tun-1720186231 proto 17 src 172.0.50.227 126 127 In the above example, we see three categories of routes that have been 128 installed: 129 130 * *Local PodCIDR:* This route points to all pods running on the host and makes 131 these pods available to 132 * ``10.2.0.0/24 via 10.2.0.172 dev cilium_host src 10.2.0.172`` 133 * *BGP route:* This type of route is installed if kube-router determines that 134 the remote PodCIDR can be reached via a router known to the local host. It 135 will instruct pod to pod traffic to be forwarded directly to that router 136 without requiring any encapsulation. 137 * ``10.2.1.0/24 via 172.0.51.175 dev eth0 proto 17`` 138 * *IPIP tunnel route:* If no direct routing path exists, kube-router will fall 139 back to using an overlay and establish an IPIP tunnel between the nodes. 140 * ``10.2.2.0/24 dev tun-172011760 proto 17 src 172.0.50.227`` 141 * ``10.2.3.0/24 dev tun-1720186231 proto 17 src 172.0.50.227`` 142 143 You can test connectivity by deploying the following connectivity checker pods: 144 145 .. parsed-literal:: 146 147 $ kubectl create -f \ |SCM_WEB|\/examples/kubernetes/connectivity-check/connectivity-check.yaml 148 $ kubectl get pods 149 NAME READY STATUS RESTARTS AGE 150 echo-7d9f9564df-2vbpw 1/1 Running 0 26m 151 echo-7d9f9564df-ff8xh 1/1 Running 0 26m 152 echo-7d9f9564df-pnbgc 1/1 Running 0 26m 153 echo-7d9f9564df-sbrxh 1/1 Running 0 26m 154 echo-7d9f9564df-wzfrc 1/1 Running 0 26m 155 probe-8689f6579-7l7w7 1/1 Running 0 27m 156 probe-8689f6579-fvqp8 1/1 Running 0 27m 157 probe-8689f6579-lvjlh 1/1 Running 0 27m 158 probe-8689f6579-m26g8 1/1 Running 0 27m 159 probe-8689f6579-tzbjk 1/1 Running 0 27m