github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/kubeproxy-free.rst

github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/kubeproxy-free.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      http://docs.cilium.io
     6  
     7  .. _kubeproxy-free:
     8  
     9  ************************************
    10  Kubernetes without kube-proxy (beta)
    11  ************************************
    12  
    13  This guide explains how to provision a Kubernetes cluster without
    14  ``kube-proxy``, and to use Cilium to replace it. For simplicity,
    15  we will use ``kubeadm`` to bootstrap the cluster.
    16  
    17  For installing ``kubeadm`` and for more provisioning options please refer to
    18  `the official kubeadm documentation <https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm>`__.
    19  
    20  Initialize the control-plane node:
    21  
    22  .. tabs::
    23  
    24    .. group-tab:: K8s 1.16 and newer
    25  
    26      .. code:: bash
    27  
    28        kubeadm init --pod-network-cidr=10.217.0.0/16 --skip-phases=addon/kube-proxy
    29  
    30    .. group-tab:: K8s 1.15 and older
    31  
    32      In K8s 1.15 and older it is not yet possible to disable kube-proxy via ``--skip-phases=addon/kube-proxy``
    33      in kubeadm, therefore the below workaround for manually removing the ``kube-proxy`` DaemonSet and
    34      cleaning the corresponding iptables rules after kubeadm initialization is still necessary (`kubeadm#1733 <https://github.com/kubernetes/kubeadm/issues/1733>`__).
    35  
    36      Initialize control-plane as first step:
    37  
    38      .. code:: bash
    39  
    40        kubeadm init --pod-network-cidr=10.217.0.0/16
    41  
    42      Then delete the ``kube-proxy`` DaemonSet and remove its iptables rules as following:
    43  
    44      .. code:: bash
    45  
    46        kubectl -n kube-system delete ds kube-proxy
    47        iptables-restore <(iptables-save | grep -v KUBE)
    48  
    49  Afterwards, join worker nodes by specifying the control-plane node IP address
    50  and the token returned by ``kubeadm init``:
    51  
    52  .. code:: bash
    53  
    54     kubeadm join <..>
    55  
    56  .. include:: k8s-install-download-release.rst
    57  
    58  Next, generate the required YAML files and deploy them. Replace ``$API_SERVER_IP``
    59  and ``$API_SERVER_PORT`` with the control-plane node IP address and the kube-apiserver
    60  port number reported by ``kubeadm init`` (usually it is ``6443``).
    61  
    62  .. code:: bash
    63  
    64      helm template cilium \
    65          --namespace kube-system \
    66          --set global.nodePort.enabled=true \
    67          --set global.k8sServiceHost=$API_SERVER_IP \
    68          --set global.k8sServicePort=$API_SERVER_PORT \
    69      > cilium.yaml
    70      kubectl apply -f cilium.yaml
    71  
    72  This will install Cilium as a CNI plugin with the BPF kube-proxy replacement.
    73  See :ref:`nodeport` for requirements and configuration options for NodePort
    74  services.
    75  
    76  Finally, verify that Cilium has come up correctly on all nodes:
    77  
    78  .. parsed-literal::
    79  
    80      kubectl -n kube-system get pods -l k8s-app=cilium
    81      NAME                READY     STATUS    RESTARTS   AGE
    82      cilium-crf7f        1/1       Running   0          10m
    83      cilium-mkcmb        1/1       Running   0          10m