DEV Community

Cover image for Working with cilium Part-1
Akshay Rao
Akshay Rao

Posted on

Working with cilium Part-1

#kubernetes #kind #beginners #cilium

Introduction

Hi, this Akshay Rao
we will be setting up cilium in Kubernetes cluster in locally with kind.
Cilium is an open source project to provide networking, security, and observability for cloud native environments such as Kubernetes clusters and other container orchestration platforms.
At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security, visibility, and networking control logic into the Linux kernel. eBPF is used to provide high-performance networking, multi-cluster and multi-cloud capabilities, advanced load balancing, transparent encryption, extensive network security capabilities, transparent observability, and much more

Let's Start

need to have kubectl tool installed

Installation
Step1
for mac

brew install kind
Enter fullscreen mode Exit fullscreen mode

for windows

choco install kind
Enter fullscreen mode Exit fullscreen mode

make a directory to store all the yaml files

mkdir kind-cluster-cilium
cd kind-cluster-cilium
Enter fullscreen mode Exit fullscreen mode

Step2
create a file

apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
nodes: 
  - role: control-plane
  - role: worker
  - role: worker
networking:
  disableDefaultCNI: true
Enter fullscreen mode Exit fullscreen mode

Run the following

[ kind-cluster-cilium (⎈|N/A:N/A)]$ kind create cluster --config kind-config.yaml
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.27.1) đŸ–ŧ 
 ✓ Preparing nodes đŸ“Ļ đŸ“Ļ đŸ“Ļ  
 ✓ Writing configuration 📜 
 ✓ Starting control-plane 🕹ī¸ 
 ✓ Installing StorageClass 💾 
 ✓ Joining worker nodes 🚜 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ kubectl config current-context
kind-kind
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ k get nodes
NAME                 STATUS     ROLES           AGE    VERSION
kind-control-plane   NotReady   control-plane   105s   v1.27.1
kind-worker          NotReady   <none>          80s    v1.27.1
kind-worker2         NotReady   <none>          81s    v1.27.1
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ k get nodes
NAME                 STATUS     ROLES           AGE   VERSION
kind-control-plane   NotReady   control-plane   17m   v1.27.1
kind-worker          NotReady   <none>          17m   v1.27.1
kind-worker2         NotReady   <none>          17m   v1.27.1
Enter fullscreen mode Exit fullscreen mode

step 2 - install cilium CLI tool

[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt)
[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ CLI_ARCH=amd64
[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ if [ "$(uname -m)" = "arm64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}[ts-akshay.rao@JP-FVFZ91DHL414 kind-cluster-cilium (⎈|kind-kind:N/A)]$ curl -L --fail --remote-name-all https://githuUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 30.4M  100 30.4M    0     0  13.5M      0  0:00:02  0:00:02 --:--:-- 26.5M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100    93  100    93    0     0    144      0 --:--:-- --:--:-- --:--:--   144
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sum
cilium-darwin-amd64.tar.gz: OK
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/bin
Password:
Sorry, try again.
Password:
x cilium
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium version
cilium-cli: v0.14.6 compiled with go1.20.4 on darwin/amd64
cilium image (default): v1.13.3
cilium image (stable): v1.13.3
cilium image (running): unknown. Unable to obtain cilium version, no cilium pods found in namespace "kube-system"
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium install
🔮 Auto-detected Kubernetes kind: kind
✨ Running "kind" validation checks
✅ Detected kind version "0.19.0"
ℹī¸  Using Cilium version 1.13.3
🔮 Auto-detected cluster name: kind-kind
🔮 Auto-detected datapath mode: tunnel
🔮 Auto-detected kube-proxy has been installed
ℹī¸  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlan
ℹī¸  Storing helm values file in kube-system/cilium-cli-helm-values Secret
🔑 Created CA in secret cilium-ca
🔑 Generating certificates for Hubble...
🚀 Creating Service accounts...
🚀 Creating Cluster roles...
🚀 Creating ConfigMap for Cilium version 1.13.3...
🚀 Creating Agent DaemonSet...
🚀 Creating Operator Deployment...
⌛ Waiting for Cilium to be installed and ready...
✅ Cilium was successfully installed! Run 'cilium status' to view installation health
Enter fullscreen mode Exit fullscreen mode 
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium version
cilium-cli: v0.14.6 compiled with go1.20.4 on darwin/amd64
cilium image (default): v1.13.3
cilium image (stable): v1.13.3
cilium image (running): unknown. Unable to obtain cilium version, no cilium pods found in namespace "kube-system"
Enter fullscreen mode Exit fullscreen mode

Install cilium

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium install
🔮 Auto-detected Kubernetes kind: kind
✨ Running "kind" validation checks
✅ Detected kind version "0.19.0"
ℹī¸  Using Cilium version 1.13.3
🔮 Auto-detected cluster name: kind-kind
🔮 Auto-detected datapath mode: tunnel
🔮 Auto-detected kube-proxy has been installed
ℹī¸  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlan
ℹī¸  Storing helm values file in kube-system/cilium-cli-helm-values Secret
🔑 Created CA in secret cilium-ca
🔑 Generating certificates for Hubble...
🚀 Creating Service accounts...
🚀 Creating Cluster roles...
🚀 Creating ConfigMap for Cilium version 1.13.3...
🚀 Creating Agent DaemonSet...
🚀 Creating Operator Deployment...
⌛ Waiting for Cilium to be installed and ready...
✅ Cilium was successfully installed! Run 'cilium status' to view installation health
Enter fullscreen mode Exit fullscreen mode

enable the hubble ui which will be used in further parts

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium hubble enable --ui
🔑 Found CA in secret cilium-ca
ℹī¸  helm template --namespace kube-system cilium cilium/cilium --version 1.13.3 --set cluster.id=0,cluster.name=kind-kind,encryption.nodeEncryption=false,hubble.enabled=true,hubble.relay.enabled=true,hubble.ui.enabled=true,ipam.mode=kubernetes,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tls.ca.cert=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNGVENDQWJxZ0F3SUJBZ0lVT3lGR0lhOW94cE81YVdWbCtodnQzK1VDeEo0d0NnWUlLb1pJemowRUF3SXcKYURFTE1Ba0dBMVVFQmhNQ1ZWTXhGakFVQmdOVkJBZ1REVk5oYmlCR2NtRnVZMmx6WTI4eEN6QUpCZ05WQkFjVApBa05CTVE4d0RRWURWUVFLRXdaRGFXeHBkVzB4RHpBTkJnTlZCQXNUQmtOcGJHbDFiVEVTTUJBR0ExVUVBeE1KClEybHNhWFZ0SUVOQk1CNFhEVEl6TURZeE1EQXdNVFF3TUZvWERUSTRNRFl3T0RBd01UUXdNRm93YURFTE1Ba0cKQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdURFZOaGJpQkdjbUZ1WTJselkyOHhDekFKQmdOVkJBY1RBa05CTVE4dwpEUVlEVlFRS0V3WkRhV3hwZFcweER6QU5CZ05WQkFzVEJrTnBiR2wxYlRFU01CQUdBMVVFQXhNSlEybHNhWFZ0CklFTkJNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU3NzhDU1hzYlNpUUlJT1BWbEY5SGsvZ20KeVpxSkRTTy9wWnZ6bjE2c3Vud3hzb2xXV2F3RFR0bG54TTFvcXB1c2dtNEJ0K2NQUGRjZllRcVBxZlVURXFOQwpNRUF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRkNOCkFxRVhQWWFhMU5lNlJzTENPNk9nMTJ5Sk1Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQ0lRRHVyMmJyeTFTYm84SVIKQThIL3U0WnlpbUdGdVEwZVgrcWd5WEx5bTdvTXl3SWhBSy91M1NJRDFBRlhYbEhMUnVaM3dTU1RnNmZxZnFCSQo3K1lzVzJQMHZEcmEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=,tls.ca.key=[--- REDACTED WHEN PRINTING TO TERMINAL (USE --redact-helm-certificate-keys=false TO PRINT) ---],tunnel=vxlan
✨ Patching ConfigMap cilium-config to enable Hubble...
🚀 Creating ConfigMap for Cilium version 1.13.3...
â™ģī¸  Restarted Cilium pods
⌛ Waiting for Cilium to become ready before deploying other Hubble component(s)...
🚀 Creating Peer Service...
✨ Generating certificates...
🔑 Generating certificates for Relay...
✨ Deploying Relay...
✨ Deploying Hubble UI and Hubble UI Backend...
⌛ Waiting for Hubble to be installed...
ℹī¸  Storing helm values file in kube-system/cilium-cli-helm-values Secret
✅ Hubble was successfully enabled!
Enter fullscreen mode Exit fullscreen mode

Step 3- Validation

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium status
    /¯¯\
 /¯¯\__/¯¯\    Cilium:             OK
 \__/¯¯\__/    Operator:           OK
 /¯¯\__/¯¯\    Envoy DaemonSet:    disabled (using embedded mode)
 \__/¯¯\__/    Hubble Relay:       OK
    \__/       ClusterMesh:        disabled

Deployment        hubble-ui          Desired: 1, Ready: 1/1, Available: 1/1
Deployment        cilium-operator    Desired: 1, Ready: 1/1, Available: 1/1
Deployment        hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet         cilium             Desired: 3, Ready: 3/3, Available: 3/3
Containers:       hubble-relay       Running: 1
                  cilium             Running: 3
                  hubble-ui          Running: 1
                  cilium-operator    Running: 1
Cluster Pods:     5/5 managed by Cilium
Image versions    cilium             quay.io/cilium/cilium:v1.13.3@sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314: 3
                  hubble-ui          quay.io/cilium/hubble-ui:v0.11.0@sha256:bcb369c47cada2d4257d63d3749f7f87c91dde32e010b223597306de95d1ecc8: 1
                  hubble-ui          quay.io/cilium/hubble-ui-backend:v0.11.0@sha256:14c04d11f78da5c363f88592abae8d2ecee3cbe009f443ef11df6ac5f692d839: 1
                  cilium-operator    quay.io/cilium/operator-generic:v1.13.3@sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910: 1
                  hubble-relay       quay.io/cilium/hubble-relay:v1.13.3@sha256:19e4aae5ff72cd9fbcb7d2d16a1570533320a478acc015fc91a4d41a177cadf6: 1
Enter fullscreen mode Exit fullscreen mode

connectivity test

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ cilium connectivity test --request-timeout 30s --connect-timeout 10s
ℹī¸  Monitor aggregation detected, will skip some flow validation steps
✨ [kind-kind] Creating namespace cilium-test for connectivity check...
✨ [kind-kind] Deploying echo-same-node service...
✨ [kind-kind] Deploying DNS test server configmap...
✨ [kind-kind] Deploying same-node deployment...
✨ [kind-kind] Deploying client deployment...
✨ [kind-kind] Deploying client2 deployment...
✨ [kind-kind] Deploying echo-other-node service...
✨ [kind-kind] Deploying other-node deployment...
✨ [host-netns] Deploying kind-kind daemonset...
✨ [host-netns-non-cilium] Deploying kind-kind daemonset...
✨ [kind-kind] Deploying echo-external-node deployment...
⌛ [kind-kind] Waiting for deployments [client client2 echo-same-node] to become ready...
⌛ [kind-kind] Waiting for deployments [echo-other-node] to become ready...
⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/client-6965d549d5-rtx87 to appear...
⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/client2-76f4d7c5bc-mcmdn to appear...
⌛ [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach DNS server on cilium-test/echo-same-node-965bbc7d4-cq4f4 pod...
⌛ [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach DNS server on cilium-test/echo-same-node-965bbc7d4-cq4f4 pod...
⌛ [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach DNS server on cilium-test/echo-other-node-545c9b778b-wdgmn pod...
⌛ [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach DNS server on cilium-test/echo-other-node-545c9b778b-wdgmn pod...
⌛ [kind-kind] Waiting for pod cilium-test/client-6965d549d5-rtx87 to reach default/kubernetes service...
⌛ [kind-kind] Waiting for pod cilium-test/client2-76f4d7c5bc-mcmdn to reach default/kubernetes service...
⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/echo-other-node-545c9b778b-wdgmn to appear...
⌛ [kind-kind] Waiting for CiliumEndpoint for pod cilium-test/echo-same-node-965bbc7d4-cq4f4 to appear...
Enter fullscreen mode Exit fullscreen mode

Step 4 - Examine Cluster with kubectl

[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ k get nodes
NAME                 STATUS   ROLES           AGE   VERSION
kind-control-plane   Ready    control-plane   74m   v1.27.1
kind-worker          Ready    <none>          74m   v1.27.1
kind-worker2         Ready    <none>          74m   v1.27.1
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ kubectl get daemonsets --all-namespaces
NAMESPACE     NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                AGE
cilium-test   host-netns              2         2         2       2            2           <none>                       36m
cilium-test   host-netns-non-cilium   0         0         0       0            0           cilium.io/no-schedule=true   36m
kube-system   cilium                  3         3         3       3            3           kubernetes.io/os=linux       42m
kube-system   kube-proxy              3         3         3       3            3           kubernetes.io/os=linux       74m
[ kind-cluster-cilium (⎈|kind-kind:N/A)]$ kubectl get deployments --all-namespaces
NAMESPACE            NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
cilium-test          client                   1/1     1            1           36m
cilium-test          client2                  1/1     1            1           36m
cilium-test          echo-external-node       0/1     1            0           36m
cilium-test          echo-other-node          1/1     1            1           36m
cilium-test          echo-same-node           1/1     1            1           36m
kube-system          cilium-operator          1/1     1            1           42m
kube-system          coredns                  2/2     2            2           75m
kube-system          hubble-relay             1/1     1            1           38m
kube-system          hubble-ui                1/1     1            1           38m
local-path-storage   local-path-provisioner   1/1     1            1           75m
Enter fullscreen mode Exit fullscreen mode

till this we have successfully installed cilium locally.
stay tuned for next parts.
Thank you

Top comments (0)

Read next

paulund profile image

How to debug axios requests

Paulund -

kigazon profile image

React Memo Mayhem: Optimizing Functional Components

Josef Held -

borysshulyak profile image

High Level requirements and purposes

Boris Shulyak -

prasetyomuhdwi profile image

Setup path aliases in React + Vite + TS Project 🤓

Muhammad_Dwi_Prasetyo -