github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/nodeport.rst

github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/nodeport.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      http://docs.cilium.io
     6  
     7  .. _nodeport:
     8  
     9  **************************
    10  Kubernetes NodePort (beta)
    11  **************************
    12  
    13  This guide explains how to configure Cilium to enable Kubernetes NodePort
    14  services in BPF which can replace NodePort implemented by ``kube-proxy``.
    15  Enabling the feature allows to run a fully functioning Kubernetes cluster
    16  without ``kube-proxy``.
    17  
    18  .. note::
    19  
    20      This is a beta feature. Please provide feedback and file a GitHub issue if
    21      you experience any problems.
    22  
    23  .. note::
    24  
    25     NodePort services depend on the :ref:`host-services` feature, therefore
    26     a v4.19.57, v5.1.16, v5.2.0 or more recent Linux kernel is required. Note
    27     that v5.0.y kernels do not have the fix required to run BPF NodePort since
    28     at this point in time the v5.0.y stable kernel is end-of-life (EOL) and
    29     not maintained anymore.
    30  
    31  .. include:: k8s-install-download-release.rst
    32  
    33  Generate the required YAML file and deploy it:
    34  
    35  .. code:: bash
    36  
    37     helm template cilium \
    38       --namespace kube-system \
    39       --set global.nodePort.enabled=true \
    40       > cilium.yaml
    41  
    42  By default, a NodePort service will be accessible via an IP address of a native
    43  device which has a default route on the host. To change a device, set its name
    44  in the ``global.nodePort.device`` option.
    45  
    46  In addition, thanks to the :ref:`host-services` feature, the NodePort service
    47  can be accessed from a host or a Pod within a cluster via it's public,
    48  cilium_host device or loopback address, e.g. ``127.0.0.1:$NODE_PORT``.
    49  
    50  Cilium's BPF-based NodePort implementation is supported in direct routing as
    51  well as in tunneling mode.
    52  
    53  If ``kube-apiserver`` was configured to use a non-default NodePort port range,
    54  then the same range must be passed to Cilium via the ``global.nodePort.range``
    55  option.
    56  
    57  Once configured, apply the DaemonSet file to deploy Cilium and verify that it
    58  has come up correctly:
    59  
    60  .. parsed-literal::
    61  
    62      kubectl create -f cilium.yaml
    63      kubectl -n kube-system get pods -l k8s-app=cilium
    64      NAME                READY     STATUS    RESTARTS   AGE
    65      cilium-crf7f        1/1       Running   0          10m
    66  
    67  Limitations
    68  ###########
    69  
    70      * Both Service's ``externalTrafficPolicy: Local`` and ``healthCheckNodePort``
    71        are currently not supported.
    72      * NodePort services are currently exposed through the native device which has
    73        the default route on the host or a user specified device. In tunneling mode,
    74        they are additionally exposed through the tunnel interface (``cilium_vxlan``
    75        or ``cilium_geneve``). Exposing services through multiple native devices
    76        will be supported in upcoming Cilium versions.