From 437c469641878d91387bace6b1bc2d8d2292746e Mon Sep 17 00:00:00 2001 From: yanrongshi Date: Thu, 25 Aug 2022 01:47:03 +0800 Subject: [PATCH] Update addons.md --- .../zh-cn/docs/concepts/cluster-administration/addons.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/content/zh-cn/docs/concepts/cluster-administration/addons.md b/content/zh-cn/docs/concepts/cluster-administration/addons.md index 93d3df13740..e19da471415 100644 --- a/content/zh-cn/docs/concepts/cluster-administration/addons.md +++ b/content/zh-cn/docs/concepts/cluster-administration/addons.md @@ -25,7 +25,7 @@ Add-ons 扩展了 Kubernetes 的功能。 * [Antrea](https://antrea.io/) operates at Layer 3/4 to provide networking and security services for Kubernetes, leveraging Open vSwitch as the networking data plane. * [Calico](https://docs.projectcalico.org/latest/introduction/) is a networking and network policy provider. Calico supports a flexible set of networking options so you can choose the most efficient option for your situation, including non-overlay and overlay networks, with or without BGP. Calico uses the same engine to enforce network policy for hosts, pods, and (if using Istio & Envoy) applications at the service mesh layer. * [Canal](https://projectcalico.docs.tigera.io/getting-started/kubernetes/flannel/flannel) unites Flannel and Calico, providing networking and network policy. -* [Cilium](https://github.com/cilium/cilium) is a L3 network and network policy plugin that can enforce HTTP/API/L7 policies transparently. Both routing and overlay/encapsulation mode are supported, and it can work on top of other CNI plugins. +* [Cilium](https://github.com/cilium/cilium) is a networking, observability, and security solution with an eBPF-based data plane. Cilium provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay/encapsulation mode, and can enforce network policies on L3-L7 using an identity-based security model that is decoupled from network addressing. Cilium can act as a replacement for kube-proxy; it also offers additional, opt-in observability and security features. --> ## 联网和网络策略 @@ -36,8 +36,11 @@ Add-ons 扩展了 Kubernetes 的功能。 Calico 支持一套灵活的网络选项,因此你可以根据自己的情况选择最有效的选项,包括非覆盖和覆盖网络,带或不带 BGP。 Calico 使用相同的引擎为主机、Pod 和(如果使用 Istio 和 Envoy)应用程序在服务网格层执行网络策略。 * [Canal](https://projectcalico.docs.tigera.io/getting-started/kubernetes/flannel/flannel) 结合 Flannel 和 Calico,提供联网和网络策略。 -* [Cilium](https://github.com/cilium/cilium) 是一个 L3 网络和网络策略插件,能够透明的实施 HTTP/API/L7 策略。 - 同时支持路由(routing)和覆盖/封装(overlay/encapsulation)模式,并且它可以在其他 CNI 插件之上工作。 +* [Cilium](https://github.com/cilium/cilium) 是一种网络、可观察性和安全解决方案,具有基于 eBPF 的数据平面。 + Cilium 提供了简单的 3 层扁平网络, + 能够以原生路由(routing)和覆盖/封装(overlay/encapsulation)模式跨越多个集群, + 并且可以使用与网络寻址分离的基于身份的安全模型在 L3 至 L7 上实施网络策略。 + Cilium 可以作为 kube-proxy 的替代品;它还提供额外的、可选的可观察性和安全功能。