DEV Community

Cover image for Working with cilium Part-1
Akshay Rao
Akshay Rao

Posted on

Working with cilium Part-1

#kubernetes #kind #beginners #cilium

Introduction

Hi, this Akshay Rao
we will be setting up cilium in Kubernetes cluster in locally with kind.
Cilium is an open source project to provide networking, security, and observability for cloud native environments such as Kubernetes clusters and other container orchestration platforms.
At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security, visibility, and networking control logic into the Linux kernel. eBPF is used to provide high-performance networking, multi-cluster and multi-cloud capabilities, advanced load balancing, transparent encryption, extensive network security capabilities, transparent observability, and much more

Let's Start

need to have kubectl tool installed

Installation
Step1
for mac

brew install kind
Enter fullscreen mode Exit fullscreen mode

for windows

choco install kind
Enter fullscreen mode Exit fullscreen mode

make a directory to store all the yaml files

mkdir kind-cluster-cilium
cd kind-cluster-cilium
Enter fullscreen mode Exit fullscreen mode

Step2
create a file

apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
nodes: 
  - role: control-plane
  - role: worker
  - role: worker
networking:
  disableDefaultCNI: true
Enter fullscreen mode Exit fullscreen mode

Run the following

[ kind-cluster-cilium (โŽˆ|N/A:N/A)]$ kind create cluster --config kind-config.yaml
Creating cluster "kind" ...
 โœ“ Ensuring node image (kindest/node:v1.27.1) ๐Ÿ–ผ 
 โœ“ Preparing nodes ๐Ÿ“ฆ ๐Ÿ“ฆ ๐Ÿ“ฆ  
 โœ“ Writing configuration ๐Ÿ“œ 
 โœ“ Starting control-plane ๐Ÿ•น๏ธ 
 โœ“ Installing StorageClass ๐Ÿ’พ 
 โœ“ Joining worker nodes ๐Ÿšœ 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community ๐Ÿ™‚
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ kubectl config current-context
kind-kind
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ k get nodes
NAME                 STATUS     ROLES           AGE    VERSION
kind-control-plane   NotReady   control-plane   105s   v1.27.1
kind-worker          NotReady   <none>          80s    v1.27.1
kind-worker2         NotReady   <none>          81s    v1.27.1
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ k get nodes
NAME                 STATUS     ROLES           AGE   VERSION
kind-control-plane   NotReady   control-plane   17m   v1.27.1
kind-worker          NotReady   <none>          17m   v1.27.1
kind-worker2         NotReady   <none>          17m   v1.27.1
Enter fullscreen mode Exit fullscreen mode

step 2 - install cilium CLI tool

[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt)
[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ CLI_ARCH=amd64
[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ if [ "$(uname -m)" = "arm64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ curl -L --fail --remote-name-all https://githuUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 30.4M  100 30.4M    0     0  13.5M      0  0:00:02  0:00:02 --:--:-- 26.5M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100    93  100    93    0     0    144      0 --:--:-- --:--:-- --:--:--   144
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sum
cilium-darwin-amd64.tar.gz: OK
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/bin
Password:
Sorry, try again.
Password:
x cilium
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ cilium version
cilium-cli: v0.14.6 compiled with go1.20.4 on darwin/amd64
cilium image (default): v1.13.3
cilium image (stable): v1.13.3
cilium image (running): unknown. Unable to obtain cilium version, no cilium pods found in namespace "kube-system"
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ cilium install
๐Ÿ”ฎ Auto-detected Kubernetes kind: kind
โœจ Running "kind" validation checks
โœ… Detected kind version "0.19.0"
โ„น๏ธ  Using Cilium version 1.13.3
๐Ÿ”ฎ Auto-detected cluster name: kind-kind
๐Ÿ”ฎ Auto-detected datapath mode: tunnel
๐Ÿ”ฎ Auto-detected kube-proxy has been installed
โ„น๏ธ  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlan
โ„น๏ธ  Storing helm values file in kube-system/cilium-cli-helm-values Secret
๐Ÿ”‘ Created CA in secret cilium-ca
๐Ÿ”‘ Generating certificates for Hubble...
๐Ÿš€ Creating Service accounts...
๐Ÿš€ Creating Cluster roles...
๐Ÿš€ Creating ConfigMap for Cilium version 1.13.3...
๐Ÿš€ Creating Agent DaemonSet...
๐Ÿš€ Creating Operator Deployment...
โŒ› Waiting for Cilium to be installed and ready...
โœ… Cilium was successfully installed! Run 'cilium status' to view installation health
Enter fullscreen mode Exit fullscreen mode 
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ cilium version
cilium-cli: v0.14.6 compiled with go1.20.4 on darwin/amd64
cilium image (default): v1.13.3
cilium image (stable): v1.13.3
cilium image (running): unknown. Unable to obtain cilium version, no cilium pods found in namespace "kube-system"
Enter fullscreen mode Exit fullscreen mode

Install cilium

[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ cilium install
๐Ÿ”ฎ Auto-detected Kubernetes kind: kind
โœจ Running "kind" validation checks
โœ… Detected kind version "0.19.0"
โ„น๏ธ  Using Cilium version 1.13.3
๐Ÿ”ฎ Auto-detected cluster name: kind-kind
๐Ÿ”ฎ Auto-detected datapath mode: tunnel
๐Ÿ”ฎ Auto-detected kube-proxy has been installed
โ„น๏ธ  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlan
โ„น๏ธ  Storing helm values file in kube-system/cilium-cli-helm-values Secret
๐Ÿ”‘ Created CA in secret cilium-ca
๐Ÿ”‘ Generating certificates for Hubble...
๐Ÿš€ Creating Service accounts...
๐Ÿš€ Creating Cluster roles...
๐Ÿš€ Creating ConfigMap for Cilium version 1.13.3...
๐Ÿš€ Creating Agent DaemonSet...
๐Ÿš€ Creating Operator Deployment...
โŒ› Waiting for Cilium to be installed and ready...
โœ… Cilium was successfully installed! Run 'cilium status' to view installation health
Enter fullscreen mode Exit fullscreen mode

enable the hubble ui which will be used in further parts

[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ cilium hubble enable --ui
๐Ÿ”‘ Found CA in secret cilium-ca
โ„น๏ธ  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,hubble.enabled=true,hubble.relay.enabled=true,hubble.ui.enabled=true,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tls.ca.cert=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNGVENDQWJxZ0F3SUJBZ0lVT3lGR0lhOW94cE81YVdWbCtodnQzK1VDeEo0d0NnWUlLb1pJemowRUF3SXcKYURFTE1Ba0dBMVVFQmhNQ1ZWTXhGakFVQmdOVkJBZ1REVk5oYmlCR2NtRnVZMmx6WTI4eEN6QUpCZ05WQkFjVApBa05CTVE4d0RRWURWUVFLRXdaRGFXeHBkVzB4RHpBTkJnTlZCQXNUQmtOcGJHbDFiVEVTTUJBR0ExVUVBeE1KClEybHNhWFZ0SUVOQk1CNFhEVEl6TURZeE1EQXdNVFF3TUZvWERUSTRNRFl3T0RBd01UUXdNRm93YURFTE1Ba0cKQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdURFZOaGJpQkdjbUZ1WTJselkyOHhDekFKQmdOVkJBY1RBa05CTVE4dwpEUVlEVlFRS0V3WkRhV3hwZFcweER6QU5CZ05WQkFzVEJrTnBiR2wxYlRFU01CQUdBMVVFQXhNSlEybHNhWFZ0CklFTkJNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU3NzhDU1hzYlNpUUlJT1BWbEY5SGsvZ20KeVpxSkRTTy9wWnZ6bjE2c3Vud3hzb2xXV2F3RFR0bG54TTFvcXB1c2dtNEJ0K2NQUGRjZllRcVBxZlVURXFOQwpNRUF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRkNOCkFxRVhQWWFhMU5lNlJzTENPNk9nMTJ5Sk1Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQ0lRRHVyMmJyeTFTYm84SVIKQThIL3U0WnlpbUdGdVEwZVgrcWd5WEx5bTdvTXl3SWhBSy91M1NJRDFBRlhYbEhMUnVaM3dTU1RnNmZxZnFCSQo3K1lzVzJQMHZEcmEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=,tls.ca.key=[--- REDACTED WHEN PRINTING TO TERMINAL (USE --redact-helm-certificate-keys=false TO PRINT) ---],tunnel=vxlan
โœจ Patching ConfigMap cilium-config to enable Hubble...
๐Ÿš€ Creating ConfigMap for Cilium version 1.13.3...
โ™ป๏ธ  Restarted Cilium pods
โŒ› Waiting for Cilium to become ready before deploying other Hubble component(s)...
๐Ÿš€ Creating Peer Service...
โœจ Generating certificates...
๐Ÿ”‘ Generating certificates for Relay...
โœจ Deploying Relay...
โœจ Deploying Hubble UI and Hubble UI Backend...
โŒ› Waiting for Hubble to be installed...
โ„น๏ธ  Storing helm values file in kube-system/cilium-cli-helm-values Secret
โœ… Hubble was successfully enabled!
Enter fullscreen mode Exit fullscreen mode

Step 3- Validation

[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ cilium status
    /ยฏยฏ\
 /ยฏยฏ\__/ยฏยฏ\    Cilium:             OK
 \__/ยฏยฏ\__/    Operator:           OK
 /ยฏยฏ\__/ยฏยฏ\    Envoy DaemonSet:    disabled (using embedded mode)
 \__/ยฏยฏ\__/    Hubble Relay:       OK
    \__/       ClusterMesh:        disabled

Deployment        hubble-ui          Desired: 1, Ready: 1/1, Available: 1/1
Deployment        cilium-operator    Desired: 1, Ready: 1/1, Available: 1/1
Deployment        hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet         cilium             Desired: 3, Ready: 3/3, Available: 3/3
Containers:       hubble-relay       Running: 1
                  cilium             Running: 3
                  hubble-ui          Running: 1
                  cilium-operator    Running: 1
Cluster Pods:     5/5 managed by Cilium
Image versions    cilium             quay.io/cilium/cilium:v1.13.3@sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314: 3
                  hubble-ui          quay.io/cilium/hubble-ui:v0.11.0@sha256:bcb369c47cada2d4257d63d3749f7f87c91dde32e010b223597306de95d1ecc8: 1
                  hubble-ui          quay.io/cilium/hubble-ui-backend:v0.11.0@sha256:14c04d11f78da5c363f88592abae8d2ecee3cbe009f443ef11df6ac5f692d839: 1
                  cilium-operator    quay.io/cilium/operator-generic:v1.13.3@sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910: 1
                  hubble-relay       quay.io/cilium/hubble-relay:v1.13.3@sha256:19e4aae5ff72cd9fbcb7d2d16a1570533320a478acc015fc91a4d41a177cadf6: 1
Enter fullscreen mode Exit fullscreen mode

connectivity test

[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ cilium connectivity test --request-timeout 30s --connect-timeout 10s
โ„น๏ธ  Monitor aggregation detected, will skip some flow validation steps
โœจ [kind-kind] Creating namespace cilium-test for connectivity check...
โœจ [kind-kind] Deploying echo-same-node service...
โœจ [kind-kind] Deploying DNS test server configmap...
โœจ [kind-kind] Deploying same-node deployment...
โœจ [kind-kind] Deploying client deployment...
โœจ [kind-kind] Deploying client2 deployment...
โœจ [kind-kind] Deploying echo-other-node service...
โœจ [kind-kind] Deploying other-node deployment...
โœจ [host-netns] Deploying kind-kind daemonset...
โœจ [host-netns-non-cilium] Deploying kind-kind daemonset...
โœจ [kind-kind] Deploying echo-external-node deployment...
โŒ› [kind-kind] Waiting for deployments [client client2 echo-same-node] to become ready...
โŒ› [kind-kind] Waiting for deployments [echo-other-node] to become ready...
โŒ› [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/client-6965d549d5-rtx87 to appear...
โŒ› [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/client2-76f4d7c5bc-mcmdn to appear...
โŒ› [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach DNS server on cilium-test/echo-same-node-965bbc7d4-cq4f4 pod...
โŒ› [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach DNS server on cilium-test/echo-same-node-965bbc7d4-cq4f4 pod...
โŒ› [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach DNS server on cilium-test/echo-other-node-545c9b778b-wdgmn pod...
โŒ› [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach DNS server on cilium-test/echo-other-node-545c9b778b-wdgmn pod...
โŒ› [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach default/kubernetes service...
โŒ› [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach default/kubernetes service...
โŒ› [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/echo-other-node-545c9b778b-wdgmn to appear...
โŒ› [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/echo-same-node-965bbc7d4-cq4f4 to appear...
Enter fullscreen mode Exit fullscreen mode

Step 4 - Examine Cluster with kubectl

[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ k get nodes
NAME                 STATUS   ROLES           AGE   VERSION
kind-control-plane   Ready    control-plane   74m   v1.27.1
kind-worker          Ready    <none>          74m   v1.27.1
kind-worker2         Ready    <none>          74m   v1.27.1
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ kubectl get daemonsets --all-namespaces
NAMESPACE     NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                AGE
cilium-test   host-netns              2         2         2       2            2           <none>                       36m
cilium-test   host-netns-non-cilium   0         0         0       0            0           cilium.io/no-schedule=true   36m
kube-system   cilium                  3         3         3       3            3           kubernetes.io/os=linux       42m
kube-system   kube-proxy              3         3         3       3            3           kubernetes.io/os=linux       74m
[ kind-cluster-cilium (โŽˆ|kind-kind:N/A)]$ kubectl get deployments --all-namespaces
NAMESPACE            NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
cilium-test          client                   1/1     1            1           36m
cilium-test          client2                  1/1     1            1           36m
cilium-test          echo-external-node       0/1     1            0           36m
cilium-test          echo-other-node          1/1     1            1           36m
cilium-test          echo-same-node           1/1     1            1           36m
kube-system          cilium-operator          1/1     1            1           42m
kube-system          coredns                  2/2     2            2           75m
kube-system          hubble-relay             1/1     1            1           38m
kube-system          hubble-ui                1/1     1            1           38m
local-path-storage   local-path-provisioner   1/1     1            1           75m
Enter fullscreen mode Exit fullscreen mode

till this we have successfully installed cilium locally.
stay tuned for next parts.
Thank you

Top comments (0)

Read next

prasannajatla profile image

How to measure GitOps success?

Prasanna Jatla -

ankita482 profile image

Microsoft Authentication Library Modules

Ankita -

kueiapp profile image

Start to use VueJS

Kueiapp -

urzahmed profile image

Quantum AI โ€”Introduction - A better future?

Urooj Ahmad -