Add docs on using etcd-manager for cilium

kubernetes · Apr 8, 2020 · 0aa621a · 0aa621a
1 parent 4d6cb7a
commit 0aa621a
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/docs/networking.md b/docs/networking.md
@@ -491,6 +491,31 @@ The following command will launch your cluster with desired Cilium configuration
 $ kops update cluster myclustername.mydns.io --yes
 ```
 
+##### Using etcd for agent state sync
+
+By default, Cilium will use CRDs for synchronizing agent state. This can cause performance problems on larger clusters. As of kops 1.18, kops can manage an etcd cluster using etcd-manager dedicated for cilium agent state sync. The [Cilium docs](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-external-etcd/) contains recommendations for this must be enabled.
+
+Add this to `spec.etcdClusters`
+
+```
+  - etcdMembers:
+    - instanceGroup: master-eu-central-1a
+      name: a
+    - instanceGroup: master-eu-central-1b
+      name: b
+    - instanceGroup: master-eu-central-1c
+      name: c
+    name: cilium
+```
+
+Then enable etcd as kvstore:
+
+```
+  networking:
+    cilium:
+      etcdManaged: true
+```
+
 ##### Enabling BPF NodePort
 
 As of Kops 1.18 you can safely enable Cilium NodePort.

diff --git a/docs/releases/1.18-NOTES.md b/docs/releases/1.18-NOTES.md
@@ -8,7 +8,9 @@
 
 * [containerd](https://github.com/containerd/containerd/blob/master/README.md) can now be selected as an alternate container runtime for Kubernetes. Use the `--container-runtime containerd` flag to create such a cluster.
 
-* Cilium CNI can now use AWS networking natively through the AWS ENI IPAM mode. Kops can also run a Kubernetes cluster entirely without kube-proxy using Cilium's BPF NodePort implementation
+* Cilium CNI can now use AWS networking natively through the AWS ENI IPAM mode. Kops can also run a Kubernetes cluster entirely without kube-proxy using Cilium's BPF NodePort implementation.
+
+* Cilium CNI can now use a dedicated etcd cluster managed by etcd-manager for synchronizing agent state instead of CRDs.
 
 * New clusters in GCE are configured to run the [metadata-proxy](https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/metadata-proxy) by default. The proxy runs as a DaemonSet and lands on nodes with the nodeLabel `cloud.google.com/metadata-proxy-ready: "true"`. If you want to enable metadata-proxy on an existing cluster/instance group, add that nodeLabel to your instancegroup specs (`kops edit ig ...`) and run `kops update cluster`. When the changes are applied, the proxy will roll out to those targeted nodes.