Portmap (HostPort)

If you want to use the Kubernetes HostPort feature, you must enable CNI chaining with the portmap plugin which implements HostPort. This guide documents how to do so. For more information about the Kubernetes HostPort feature , check out the upstream documentation: Kubernetes hostPort-CNI plugin documentation.

Note

Before using HostPort, read the Kubernetes Configuration Best Practices to understand the implications of this feature.

Deploy Cilium with the portmap plugin enabled

Download the Cilium release tarball and change to the kubernetes install directory:

curl -LO https://github.com/cilium/cilium/archive/master.tar.gz
tar xzvf master.tar.gz
cd cilium-master/install/kubernetes

Install Helm to prepare generating the deployment artifacts based on the Helm templates.

Generate the required YAML file and deploy it:

helm template cilium \
  --namespace=kube-system \
  --set global.cni.chainingMode=portmap \
  > cilium.yaml
kubectl create -f cilium.yaml

Note

You can combine the global.cni.chainingMode=portmap option with any of the other installation guides.

As Cilium is deployed as a DaemonSet, it will write a new CNI configuration 05-cilium.conflist and remove the standard 05-cilium.conf. The new configuration now enables HostPort. Any new pod scheduled is now able to make use of the HostPort functionality.

Restart existing pods

The new CNI chaining configuration will not apply to any pod that is already running the cluster. Existing pods will be reachable and Cilium will load-balance to them but policy enforcement will not apply to them and load-balancing is not performed for traffic originating from existing pods. You must restart these pods in order to invoke the chaining configuration on them.