Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Cover image for Working with cilium Part-1
Akshay Rao
Akshay Rao

Posted on

Working with cilium Part-1

Introduction

Hi, this Akshay Rao
we will be setting up cilium in Kubernetes cluster in locally with kind.
Cilium is an open source project to provide networking, security, and observability for cloud native environments such as Kubernetes clusters and other container orchestration platforms.
At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security, visibility, and networking control logic into the Linux kernel. eBPF is used to provide high-performance networking, multi-cluster and multi-cloud capabilities, advanced load balancing, transparent encryption, extensive network security capabilities, transparent observability, and much more

Let's Start

need to have kubectl tool installed

Installation
Step1
for mac

brew install kind
Enter fullscreen modeExit fullscreen mode

for windows

choco install kind
Enter fullscreen modeExit fullscreen mode

make a directory to store all the yaml files

mkdir kind-cluster-ciliumcd kind-cluster-cilium
Enter fullscreen modeExit fullscreen mode

Step2
create a file

apiVersion: kind.x-k8s.io/v1alpha4kind: Clusternodes:   - role: control-plane  - role: worker  - role: workernetworking:  disableDefaultCNI: true
Enter fullscreen modeExit fullscreen mode

Run the following

[ kind-cluster-cilium (⎈|N/A:N/A)]$ kind create cluster --config kind-config.yamlCreating cluster "kind" ... ✓ Ensuring node image (kindest/node:v1.27.1) 🖼  ✓ Preparing nodes 📦 📦 📦   ✓ Writing configuration 📜  ✓ Starting control-plane 🕹️  ✓ Installing StorageClass 💾  ✓ Joining worker nodes 🚜 Set kubectl context to "kind-kind"You can now use your cluster with:kubectl cluster-info --context kind-kindHave a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ kubectl config current-contextkind-kind[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ k get nodesNAME                 STATUS     ROLES           AGE    VERSIONkind-control-plane   NotReady   control-plane   105s   v1.27.1kind-worker          NotReady   <none>          80s    v1.27.1kind-worker2         NotReady   <none>          81s    v1.27.1[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ k get nodesNAME                 STATUS     ROLES           AGE   VERSIONkind-control-plane   NotReady   control-plane   17m   v1.27.1kind-worker          NotReady   <none>          17m   v1.27.1kind-worker2         NotReady   <none>          17m   v1.27.1
Enter fullscreen modeExit fullscreen mode

step 2 - install cilium CLI tool

[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt)[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ CLI_ARCH=amd64[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ if [ "$(uname -m)" = "arm64" ]; then CLI_ARCH=arm64; ficurl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sumsudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/binrm cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ curl -L --fail --remote-name-all https://githuUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                 Dload  Upload   Total   Spent    Left  Speed  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 30.4M  100 30.4M    0     0  13.5M      0  0:00:02  0:00:02 --:--:-- 26.5M  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                 Dload  Upload   Total   Spent    Left  Speed  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100    93  100    93    0     0    144      0 --:--:-- --:--:-- --:--:--   144[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sumcilium-darwin-amd64.tar.gz: OK[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/binPassword:Sorry, try again.Password:x cilium[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium versioncilium-cli: v0.14.6 compiled with go1.20.4 on darwin/amd64cilium image (default): v1.13.3cilium image (stable): v1.13.3cilium image (running): unknown. Unable to obtain cilium version, no cilium pods found in namespace "kube-system"[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium install🔮 Auto-detected Kubernetes kind: kind✨ Running "kind" validation checks✅ Detected kind version "0.19.0"ℹ️  Using Cilium version 1.13.3🔮 Auto-detected cluster name: kind-kind🔮 Auto-detected datapath mode: tunnel🔮 Auto-detected kube-proxy has been installedℹ️  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlanℹ️  Storing helm values file in kube-system/cilium-cli-helm-values Secret🔑 Created CA in secret cilium-ca🔑 Generating certificates for Hubble...🚀 Creating Service accounts...🚀 Creating Cluster roles...🚀 Creating ConfigMap for Cilium version 1.13.3...🚀 Creating Agent DaemonSet...🚀 Creating Operator Deployment...⌛ Waiting for Cilium to be installed and ready...✅ Cilium was successfully installed! Run 'cilium status' to view installation health
Enter fullscreen modeExit fullscreen mode
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium versioncilium-cli: v0.14.6 compiled with go1.20.4 on darwin/amd64cilium image (default): v1.13.3cilium image (stable): v1.13.3cilium image (running): unknown. Unable to obtain cilium version, no cilium pods found in namespace "kube-system"
Enter fullscreen modeExit fullscreen mode

Install cilium

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium install🔮 Auto-detected Kubernetes kind: kind✨ Running "kind" validation checks✅ Detected kind version "0.19.0"ℹ️  Using Cilium version 1.13.3🔮 Auto-detected cluster name: kind-kind🔮 Auto-detected datapath mode: tunnel🔮 Auto-detected kube-proxy has been installedℹ️  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlanℹ️  Storing helm values file in kube-system/cilium-cli-helm-values Secret🔑 Created CA in secret cilium-ca🔑 Generating certificates for Hubble...🚀 Creating Service accounts...🚀 Creating Cluster roles...🚀 Creating ConfigMap for Cilium version 1.13.3...🚀 Creating Agent DaemonSet...🚀 Creating Operator Deployment...⌛ Waiting for Cilium to be installed and ready...✅ Cilium was successfully installed! Run 'cilium status' to view installation health
Enter fullscreen modeExit fullscreen mode

enable the hubble ui which will be used in further parts

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium hubble enable --ui🔑 Found CA in secret cilium-caℹ️  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,hubble.enabled=true,hubble.relay.enabled=true,hubble.ui.enabled=true,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tls.ca.cert=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNGVENDQWJxZ0F3SUJBZ0lVT3lGR0lhOW94cE81YVdWbCtodnQzK1VDeEo0d0NnWUlLb1pJemowRUF3SXcKYURFTE1Ba0dBMVVFQmhNQ1ZWTXhGakFVQmdOVkJBZ1REVk5oYmlCR2NtRnVZMmx6WTI4eEN6QUpCZ05WQkFjVApBa05CTVE4d0RRWURWUVFLRXdaRGFXeHBkVzB4RHpBTkJnTlZCQXNUQmtOcGJHbDFiVEVTTUJBR0ExVUVBeE1KClEybHNhWFZ0SUVOQk1CNFhEVEl6TURZeE1EQXdNVFF3TUZvWERUSTRNRFl3T0RBd01UUXdNRm93YURFTE1Ba0cKQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdURFZOaGJpQkdjbUZ1WTJselkyOHhDekFKQmdOVkJBY1RBa05CTVE4dwpEUVlEVlFRS0V3WkRhV3hwZFcweER6QU5CZ05WQkFzVEJrTnBiR2wxYlRFU01CQUdBMVVFQXhNSlEybHNhWFZ0CklFTkJNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU3NzhDU1hzYlNpUUlJT1BWbEY5SGsvZ20KeVpxSkRTTy9wWnZ6bjE2c3Vud3hzb2xXV2F3RFR0bG54TTFvcXB1c2dtNEJ0K2NQUGRjZllRcVBxZlVURXFOQwpNRUF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRkNOCkFxRVhQWWFhMU5lNlJzTENPNk9nMTJ5Sk1Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQ0lRRHVyMmJyeTFTYm84SVIKQThIL3U0WnlpbUdGdVEwZVgrcWd5WEx5bTdvTXl3SWhBSy91M1NJRDFBRlhYbEhMUnVaM3dTU1RnNmZxZnFCSQo3K1lzVzJQMHZEcmEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=,tls.ca.key=[--- REDACTED WHEN PRINTING TO TERMINAL (USE --redact-helm-certificate-keys=false TO PRINT) ---],tunnel=vxlan✨ Patching ConfigMap cilium-config to enable Hubble...🚀 Creating ConfigMap for Cilium version 1.13.3...♻️  Restarted Cilium pods⌛ Waiting for Cilium to become ready before deploying other Hubble component(s)...🚀 Creating Peer Service...✨ Generating certificates...🔑 Generating certificates for Relay...✨ Deploying Relay...✨ Deploying Hubble UI and Hubble UI Backend...⌛ Waiting for Hubble to be installed...ℹ️  Storing helm values file in kube-system/cilium-cli-helm-values Secret✅ Hubble was successfully enabled!
Enter fullscreen modeExit fullscreen mode

Step 3- Validation

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium status    /¯¯\ /¯¯\__/¯¯\    Cilium:             OK \__/¯¯\__/    Operator:           OK /¯¯\__/¯¯\    Envoy DaemonSet:    disabled (using embedded mode) \__/¯¯\__/    Hubble Relay:       OK    \__/       ClusterMesh:        disabledDeployment        hubble-ui          Desired: 1, Ready: 1/1, Available: 1/1Deployment        cilium-operator    Desired: 1, Ready: 1/1, Available: 1/1Deployment        hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1DaemonSet         cilium             Desired: 3, Ready: 3/3, Available: 3/3Containers:       hubble-relay       Running: 1                  cilium             Running: 3                  hubble-ui          Running: 1                  cilium-operator    Running: 1Cluster Pods:     5/5 managed by CiliumImage versions    cilium             quay.io/cilium/cilium:v1.13.3@sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314: 3                  hubble-ui          quay.io/cilium/hubble-ui:v0.11.0@sha256:bcb369c47cada2d4257d63d3749f7f87c91dde32e010b223597306de95d1ecc8: 1                  hubble-ui          quay.io/cilium/hubble-ui-backend:v0.11.0@sha256:14c04d11f78da5c363f88592abae8d2ecee3cbe009f443ef11df6ac5f692d839: 1                  cilium-operator    quay.io/cilium/operator-generic:v1.13.3@sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910: 1                  hubble-relay       quay.io/cilium/hubble-relay:v1.13.3@sha256:19e4aae5ff72cd9fbcb7d2d16a1570533320a478acc015fc91a4d41a177cadf6: 1
Enter fullscreen modeExit fullscreen mode

connectivity test

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium connectivity test --request-timeout 30s --connect-timeout 10sℹ️  Monitor aggregation detected, will skip some flow validation steps✨ [kind-kind] Creating namespace cilium-test for connectivity check...✨ [kind-kind] Deploying echo-same-node service...✨ [kind-kind] Deploying DNS test server configmap...✨ [kind-kind] Deploying same-node deployment...✨ [kind-kind] Deploying client deployment...✨ [kind-kind] Deploying client2 deployment...✨ [kind-kind] Deploying echo-other-node service...✨ [kind-kind] Deploying other-node deployment...✨ [host-netns] Deploying kind-kind daemonset...✨ [host-netns-non-cilium] Deploying kind-kind daemonset...✨ [kind-kind] Deploying echo-external-node deployment...⌛ [kind-kind] Waiting for deployments [client client2 echo-same-node] to become ready...⌛ [kind-kind] Waiting for deployments [echo-other-node] to become ready...⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/client-6965d549d5-rtx87 to appear...⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/client2-76f4d7c5bc-mcmdn to appear...⌛ [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach DNS server on cilium-test/echo-same-node-965bbc7d4-cq4f4 pod...⌛ [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach DNS server on cilium-test/echo-same-node-965bbc7d4-cq4f4 pod...⌛ [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach DNS server on cilium-test/echo-other-node-545c9b778b-wdgmn pod...⌛ [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach DNS server on cilium-test/echo-other-node-545c9b778b-wdgmn pod...⌛ [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach default/kubernetes service...⌛ [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach default/kubernetes service...⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/echo-other-node-545c9b778b-wdgmn to appear...⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/echo-same-node-965bbc7d4-cq4f4 to appear...
Enter fullscreen modeExit fullscreen mode

Step 4 - Examine Cluster with kubectl

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ k get nodesNAME                 STATUS   ROLES           AGE   VERSIONkind-control-plane   Ready    control-plane   74m   v1.27.1kind-worker          Ready    <none>          74m   v1.27.1kind-worker2         Ready    <none>          74m   v1.27.1[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ kubectl get daemonsets --all-namespacesNAMESPACE     NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                AGEcilium-test   host-netns              2         2         2       2            2           <none>                       36mcilium-test   host-netns-non-cilium   0         0         0       0            0           cilium.io/no-schedule=true   36mkube-system   cilium                  3         3         3       3            3           kubernetes.io/os=linux       42mkube-system   kube-proxy              3         3         3       3            3           kubernetes.io/os=linux       74m[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ kubectl get deployments --all-namespacesNAMESPACE            NAME                     READY   UP-TO-DATE   AVAILABLE   AGEcilium-test          client                   1/1     1            1           36mcilium-test          client2                  1/1     1            1           36mcilium-test          echo-external-node       0/1     1            0           36mcilium-test          echo-other-node          1/1     1            1           36mcilium-test          echo-same-node           1/1     1            1           36mkube-system          cilium-operator          1/1     1            1           42mkube-system          coredns                  2/2     2            2           75mkube-system          hubble-relay             1/1     1            1           38mkube-system          hubble-ui                1/1     1            1           38mlocal-path-storage   local-path-provisioner   1/1     1            1           75m
Enter fullscreen modeExit fullscreen mode

till this we have successfully installed cilium locally.
stay tuned for next parts.
Thank you

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Devops Engineer
  • Location
    Tokyo,Japan
  • Joined

More fromAkshay Rao

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp