Update Cilium related docs (#18563)

* Extend Cilium CNI plugin description Mention that it works on top of other CNI plugins due to the CNI chaining [1]. [1]: http://docs.cilium.io/en/v1.6/gettingstarted/cni-chaining/ Signed-off-by: Martynas Pumputis <m@lambda.lt> * Update Cilium installation steps for kubeadm - Use the latest v1.6 Cilium. - By default, Cilium no longer needs/deploys ETCD store. Signed-off-by: Martynas Pumputis <m@lambda.lt> * Update Cilium NetworkPolicy guide - Update minikube min version requirement. - Use Cilium v1.6. - Remove the etcd store bits, as Cilium v1.6 no longer depend on it by default. Signed-off-by: Martynas Pumputis <m@lambda.lt> * Update Cilium installation steps for kubeadm - How to run without kube-proxy. Signed-off-by: Martynas Pumputis <m@lambda.lt> Co-authored-by: Martynas Pumputis <m@lambda.lt>
2020-01-13 13:35:36 +01:00 · 2020-01-13 13:35:36 +01:00 · 5cb0e3d7b4
parent 7969a84110
commit 5cb0e3d7b4
4 changed files with 29 additions and 33 deletions
--- a/content/en/docs/concepts/cluster-administration/addons.md
+++ b/content/en/docs/concepts/cluster-administration/addons.md
@ -23,7 +23,7 @@ Add-ons in each section are sorted alphabetically - the ordering does not imply
 * [ACI](https://www.github.com/noironetworks/aci-containers) provides integrated container networking and network security with Cisco ACI.
 * [Calico](https://docs.projectcalico.org/latest/getting-started/kubernetes/) is a secure L3 networking and network policy provider.
 * [Canal](https://github.com/tigera/canal/tree/master/k8s-install) unites Flannel and Calico, providing networking and network policy.
-* [Cilium](https://github.com/cilium/cilium) is a L3 network and network policy plugin that can enforce HTTP/API/L7 policies transparently. Both routing and overlay/encapsulation mode are supported.
+* [Cilium](https://github.com/cilium/cilium) is a L3 network and network policy plugin that can enforce HTTP/API/L7 policies transparently. Both routing and overlay/encapsulation mode are supported, and it can work on top of other CNI plugins.
 * [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie) enables Kubernetes to seamlessly connect to a choice of CNI plugins, such as Calico, Canal, Flannel, Romana, or Weave.
 * [Contiv](http://contiv.github.io) provides configurable networking (native L3 using BGP, overlay using vxlan, classic L2, and Cisco-SDN/ACI) for various use cases and a rich policy framework. Contiv project is fully [open sourced](http://github.com/contiv). The [installer](http://github.com/contiv/install) provides both kubeadm and non-kubeadm based installation options.
 * [Contrail](http://www.juniper.net/us/en/products-services/sdn/contrail/contrail-networking/), based on [Tungsten Fabric](https://tungsten.io), is an open source, multi-cloud network virtualization and policy management platform. Contrail and Tungsten Fabric are integrated with orchestration systems such as Kubernetes, OpenShift, OpenStack and Mesos, and provide isolation modes for virtual machines, containers/pods and bare metal workloads.
--- a/content/en/docs/concepts/cluster-administration/networking.md
+++ b/content/en/docs/concepts/cluster-administration/networking.md
@ -125,7 +125,7 @@ BCF was recognized by Gartner as a visionary in the latest [Magic Quadrant](http
 providing and transparently securing network connectivity between application
 containers. Cilium is L7/HTTP aware and can enforce network policies on L3-L7
 using an identity based security model that is decoupled from network
-addressing.
+addressing, and it can be used in combination with other CNI plugins.

 ### CNI-Genie from Huawei

--- a/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
@ -319,23 +319,12 @@ kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/canal.yaml
 {{% /tab %}}

 {{% tab name="Cilium" %}}
-For more information about using Cilium with Kubernetes, see [Kubernetes Install guide for Cilium](https://docs.cilium.io/en/stable/kubernetes/).
-
 For Cilium to work correctly, you must pass `--pod-network-cidr=10.217.0.0/16` to `kubeadm init`.

-These commands will deploy Cilium with its own etcd managed by etcd operator.
-
-_Note_: If you are running kubeadm in a single node please untaint it so that
-etcd-operator pods can be scheduled in the control-plane node.
-
-```shell
-kubectl taint nodes <node-name> node-role.kubernetes.io/master:NoSchedule-
-```
-
 To deploy Cilium you just need to run:

 ```shell
-kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.5/examples/kubernetes/1.14/cilium.yaml
+kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.6/install/kubernetes/quick-install.yaml
 ```

 Once all Cilium pods are marked as `READY`, you start using your cluster.
@ -349,6 +338,10 @@ NAME           READY   STATUS    RESTARTS   AGE
 cilium-drxkl   1/1     Running   0          18m
 ```

+Cilium can be used as a replacement for kube-proxy, see [Kubernetes without kube-proxy](https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free).
+
+For more information about using Cilium with Kubernetes, see [Kubernetes Install guide for Cilium](https://docs.cilium.io/en/stable/kubernetes/).
+
 {{% /tab %}}

 {{% tab name="Contiv-VPP" %}}
--- a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md
+++ b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md
@ -10,7 +10,7 @@ weight: 20
 {{% capture overview %}}
 This page shows how to use Cilium for NetworkPolicy.

-For background on Cilium, read the [Introduction to Cilium](https://cilium.readthedocs.io/en/stable/intro).
+For background on Cilium, read the [Introduction to Cilium](https://docs.cilium.io/en/stable/intro).
 {{% /capture %}}

 {{% capture prerequisites %}}
@ -23,36 +23,45 @@ For background on Cilium, read the [Introduction to Cilium](https://cilium.readt
 ## Deploying Cilium on Minikube for Basic Testing

 To get familiar with Cilium easily you can follow the
-[Cilium Kubernetes Getting Started Guide](https://cilium.readthedocs.io/en/stable/gettingstarted/minikube/)
+[Cilium Kubernetes Getting Started Guide](https://docs.cilium.io/en/stable/gettingstarted/minikube/)
 to perform a basic DaemonSet installation of Cilium in minikube.

-To start minikube, minimal version required is >= v0.33.1, run the with the
+To start minikube, minimal version required is >= v1.3.1, run the with the
 following arguments:

 ```shell
 minikube version
 ```
 ```
-minikube version: v0.33.1
+minikube version: v1.3.1
 ```

 ```shell
 minikube start --network-plugin=cni --memory=4096
 ```

-For minikube you can deploy this simple ''all-in-one'' YAML file that includes
-DaemonSet configurations for Cilium, and the necessary configurations to connect
-to the etcd instance deployed in minikube as well as appropriate RBAC settings:
+Mount the BPF filesystem:

 ```shell
-kubectl create -f  https://raw.githubusercontent.com/cilium/cilium/v1.5/examples/kubernetes/1.14/cilium-minikube.yaml
+minikube ssh -- sudo mount bpffs -t bpf /sys/fs/bpf
+```
+
+For minikube you can deploy this simple ''all-in-one'' YAML file that includes
+DaemonSet configurations for Cilium as well as appropriate RBAC settings:
+
+```shell
+kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.6/install/kubernetes/quick-install.yaml
 ```
 ```
 configmap/cilium-config created
-daemonset.apps/cilium created
-clusterrolebinding.rbac.authorization.k8s.io/cilium created
-clusterrole.rbac.authorization.k8s.io/cilium created
 serviceaccount/cilium created
+serviceaccount/cilium-operator created
+clusterrole.rbac.authorization.k8s.io/cilium created
+clusterrole.rbac.authorization.k8s.io/cilium-operator created
+clusterrolebinding.rbac.authorization.k8s.io/cilium created
+clusterrolebinding.rbac.authorization.k8s.io/cilium-operator created
+daemonset.apps/cilium create
+deployment.apps/cilium-operator created
 ```

 The remainder of the Getting Started Guide explains how to enforce both L3/L4
@ -62,7 +71,7 @@ policies using an example application.
 ## Deploying Cilium for Production Use

 For detailed instructions around deploying Cilium for production, see:
-[Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/stable/kubernetes/intro/)
+[Cilium Kubernetes Installation Guide](https://docs.cilium.io/en/stable/kubernetes/intro/)
 This documentation includes detailed requirements, instructions and example
 production DaemonSet files.

@ -86,14 +95,8 @@ cilium-6rxbd    1/1     Running   0          1m
 ...
 ```

-There are two main components to be aware of:
-
- One `cilium` Pod runs on each node in your cluster and enforces network policy
+A `cilium` Pod runs on each node in your cluster and enforces network policy
 on the traffic to/from Pods on that node using Linux BPF.
- For production deployments, Cilium should leverage a key-value store
-(e.g., etcd). The [Cilium Kubernetes Installation Guide](https://cilium.readthedocs.io/en/stable/kubernetes/intro/)
-will provide the necessary steps on how to install this required key-value
-store as well how to configure it in Cilium.

 {{% /capture %}}