Cilium is an open source, cloud native solution for providing, securing, and observing network connectivity between workloads, fueled by the revolutionary Kernel technology eBPF.
For more information about Cilium refer to cilium documentation
The deployment of Cilium consists of a DaemonSet running on all nodes, and a operator Deployment. Additionally, we deploy hubble component as an observability tool on the network connections between pods in the cluster.
⚠️ please notice that the Cilium package is for cluster with less than 200 nodes.
- cilium images:
registry.sighup.io/fury/cilium/cilium:v1.13.3
registry.sighup.io/fury/cilium/operator-generic:v1.13.3
registry.sighup.io/fury/cilium/hubble-ui-backend:v0.11.0
registry.sighup.io/fury/cilium/hubble-ui:v0.11.0
registry.sighup.io/fury/cilium/hubble-relay:v1.13.3
- Kubernetes >=
1.24.X
. - Kustomize >=
v3.5.3
. - prometheus-operator from KFD monitoring module
- cert-manager from KFD ingress module
The Cilium package is deployed with the following configuration:
- Cilium configured in IPAM Cluster Scope The default one
- Default pod CIDR: 10.0.0.0/8
- Default netmask per node: 24
⚠️ Make sure to change the Default pod CIDR if it's conflicting with your network otherwise if your node network is in the same range you will lose connectivity to other nodes.
To change the default pod CIDR you can use the following kustomize patch:
kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
configMapGenerator:
- name: cilium-config
behavior: merge
namespace: kube-system
envs:
- patches/cilium-cidr.env
patches/cilium-cidr.env
cluster-pool-ipv4-cidr=10.100.0.0/8
cluster-pool-ipv4-mask-size=24
:info: The CIDR used by Cilium can be different than the one used by Kubeadm.
You can deploy Cilium by running the following command in the root of this package:
kustomize build . | kubectl apply -f -
If you want to install Cilium without hubble, use the following command from the root of this package:
kustomize build core | kubectl apply -f -
For license details please see LICENSE