github.com/kubearmor/cilium@v1.6.12/Documentation/kubernetes/requirements.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 http://docs.cilium.io 6 7 .. _k8s_requirements: 8 9 ************ 10 Requirements 11 ************ 12 13 Kubernetes Version 14 ================== 15 16 All Kubernetes versions listed are e2e tested and guaranteed to be compatible 17 with this Cilium version. Older Kubernetes versions not listed here do not have 18 Cilium support. Newer Kubernetes versions, while not listed, will depend on the 19 backward compatibility offered by Kubernetes. 20 21 * 1.10 22 * 1.11 23 * 1.12 24 * 1.13 25 * 1.14 26 * 1.15 27 * 1.16 28 29 System Requirements 30 =================== 31 32 Cilium requires a Linux kernel >= 4.9. See :ref:`admin_system_reqs` for the 33 full details on all systems requirements. 34 35 Enable CNI in Kubernetes 36 ======================== 37 38 `CNI` - Container Network Interface is the plugin layer used by Kubernetes to 39 delegate networking configuration. CNI must be enabled in your Kubernetes 40 cluster in order to install Cilium. This is done by passing 41 ``--network-plugin=cni`` to kubelet on all nodes. For more information, see 42 the `Kubernets CNI network-plugins documentation <https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/>`_. 43 44 .. _admin_mount_bpffs: 45 46 Mounted BPF filesystem 47 ====================== 48 49 This step is **required for production** environments but optional for testing 50 and development. It allows the ``cilium-agent`` to pin BPF resources to a 51 persistent filesystem and make them persistent across restarts of the agent. 52 If the BPF filesystem is not mounted in the host filesystem, Cilium will 53 automatically mount the filesystem but it will be unmounted and re-mounted when 54 the Cilium pod is restarted. This in turn will cause BPF resources to be 55 re-created which will cause network connectivity to be disrupted. Mounting the 56 BPF filesystem in the host mount namespace will ensure that the agent can be 57 restarted without affecting connectivity of any pods. 58 59 In order to mount the BPF filesystem, the following command must be run in the 60 host mount namespace. The command must only be run once during the boot process 61 of the machine. 62 63 .. code:: bash 64 65 mount bpffs /sys/fs/bpf -t bpf 66 67 A portable way to achieve this with persistence is to add the following line to 68 ``/etc/fstab`` and then run ``mount /sys/fs/bpf``. This will cause the 69 filesystem to be automatically mounted when the node boots. 70 71 .. code:: bash 72 73 bpffs /sys/fs/bpf bpf defaults 0 0 74 75 If you are using systemd to manage the kubelet, see the section 76 :ref:`bpffs_systemd`. 77 78 .. _k8s_req_kubedns: 79 80 kube-dns 81 ======== 82 83 The :ref:`k8s_install_etcd_operator` relies on the etcd-operator to manage an 84 etcd cluster. In order for the etcd cluster to be available, the Cilium pod is 85 being run with ``dnsPolicy: ClusterFirstWithHostNet`` in order for Cilium to be 86 able to look up Kubernetes service names via DNS. This creates a dependency on 87 kube-dns. If you would like to avoid running kube-dns, choose a different 88 installation method and remove the ``dnsPolicy`` field from the ``DaemonSet``. 89 90 Enable automatic node CIDR allocation (Recommended) 91 =================================================== 92 93 Kubernetes has the capability to automatically allocate and assign a per node IP 94 allocation CIDR. Cilium automatically uses this feature if enabled. This is the 95 easiest method to handle IP allocation in a Kubernetes cluster. To enable this 96 feature, simply add the following flag when starting 97 ``kube-controller-manager``: 98 99 .. code:: bash 100 101 --allocate-node-cidrs 102 103 This option is not required but highly recommended.