yaml定义如下:
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: eks-cilium
region: us-west-2
tags:
'auto-delete': 'no'
managedNodeGroups:
- name: ng-1
volumeSize: 20
instanceType: m5.large
ssh:
publicKeyName: eks-key
# taint nodes so that application pods are
# not scheduled/executed until Cilium is deployed.
# 由于Cilium要接管node上的CNI,所以要提前设置这个taint,防止pod提前由其他的CNI分配了IP。在cilium跑在节点上后,它会自动移除这个taint,然后pod正式启动,由Cilium管理它的网络
taints:
- key: "node.cilium.io/agent-not-ready"
value: "true"
effect: "NoExecute"
iam:
attachPolicyARNs:
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
将Cilium安装到EKS集群:
cilium install
cilium status --wait
sed -i 's+arn:aws:eks:us-west-2:145197526627:cluster/eks-cilium+eks-cilium+g' ~/.kube/config
删除
kongpingfan:~/environment $ kubectl get ds -A
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system aws-node 0 0 0 0 0 io.cilium/aws-node-enabled=true 47m
kube-system cilium 2 2 2 2 2 kubernetes.io/os=linux 90s
kube-system cilium-node-init 2 2 2 2 2 kubernetes.io/os=linux 90s
kube-system kube-proxy 2 2 2 2 2 <none> 47m
kongpingfan:~/environment $ kubectl delete ds aws-node -n kube-system
daemonset.apps "aws-node" deleted