github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/Documentation/kubernetes/requirements.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 http://docs.cilium.io 6 7 .. _k8s_requirements: 8 9 ************ 10 Requirements 11 ************ 12 13 Kubernetes Version 14 ================== 15 16 The following Kubernetes versions have been tested in the continuous integration 17 system for this version of Cilium: 18 19 * 1.10 20 * 1.11 21 * 1.12 22 * 1.13 23 * 1.14 24 * 1.15 25 * 1.16 26 27 System Requirements 28 =================== 29 30 Cilium requires a Linux kernel >= 4.9. See :ref:`admin_system_reqs` for the 31 full details on all systems requirements. 32 33 Enable CNI in Kubernetes 34 ======================== 35 36 `CNI` - Container Network Interface is the plugin layer used by Kubernetes to 37 delegate networking configuration. CNI must be enabled in your Kubernetes 38 cluster in order to install Cilium. This is done by passing 39 ``--network-plugin=cni`` to kubelet on all nodes. For more information, see 40 the `Kubernets CNI network-plugins documentation <https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/>`_. 41 42 .. _admin_mount_bpffs: 43 44 Mounted BPF filesystem 45 ====================== 46 47 This step is **required for production** environments but optional for testing 48 and development. It allows the ``cilium-agent`` to pin BPF resources to a 49 persistent filesystem and make them persistent across restarts of the agent. 50 If the BPF filesystem is not mounted in the host filesystem, Cilium will 51 automatically mount the filesystem but it will be unmounted and re-mounted when 52 the Cilium pod is restarted. This in turn will cause BPF resources to be 53 re-created which will cause network connectivity to be disrupted. Mounting the 54 BPF filesystem in the host mount namespace will ensure that the agent can be 55 restarted without affecting connectivity of any pods. 56 57 In order to mount the BPF filesystem, the following command must be run in the 58 host mount namespace. The command must only be run once during the boot process 59 of the machine. 60 61 .. code:: bash 62 63 mount bpffs /sys/fs/bpf -t bpf 64 65 A portable way to achieve this with persistence is to add the following line to 66 ``/etc/fstab`` and then run ``mount /sys/fs/bpf``. This will cause the 67 filesystem to be automatically mounted when the node boots. 68 69 .. code:: bash 70 71 bpffs /sys/fs/bpf bpf defaults 0 0 72 73 If you are using systemd to manage the kubelet, see the section 74 :ref:`bpffs_systemd`. 75 76 .. _k8s_req_kubedns: 77 78 kube-dns 79 ======== 80 81 The :ref:`k8s_install_etcd_operator` relies on the etcd-operator to manage an 82 etcd cluster. In order for the etcd cluster to be available, the Cilium pod is 83 being run with ``dnsPolicy: ClusterFirstWithHostNet`` in order for Cilium to be 84 able to look up Kubernetes service names via DNS. This creates a dependency on 85 kube-dns. If you would like to avoid running kube-dns, choose a different 86 installation method and remove the ``dnsPolicy`` field from the ``DaemonSet``. 87 88 Enable automatic node CIDR allocation (Recommended) 89 =================================================== 90 91 Kubernetes has the capability to automatically allocate and assign a per node IP 92 allocation CIDR. Cilium automatically uses this feature if enabled. This is the 93 easiest method to handle IP allocation in a Kubernetes cluster. To enable this 94 feature, simply add the following flag when starting 95 ``kube-controller-manager``: 96 97 .. code:: bash 98 99 --allocate-node-cidrs 100 101 This option is not required but highly recommended.