checkout cilium repo and run it in kind
git clone https://github.com/cilium/cilium.git
cd cilium
REPO_ROOT=$PWD
KUBEPROXY_MODE="none" make kind
make kind-image
make kind-install-cilium
Antonio Ojea aojea
Install ingress-nginx
kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user $(gcloud config get-value account)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml
Scale the ingress-controller to have two replicas:
$ wget https://gist.githubusercontent.com/aojea/50ec0d10807d1907ecc6ece526f991da/raw/15371f0f2cf48f2e6a75db7f71a7e674e8dfc624/ipmasq.yaml -O ipmasq-noop.yaml
$ kubectl apply -f ipmasq-noop.yaml
configmap/ip-masq-agent configured
daemonset.apps/ip-masq-agent unchanged
These scripts create an IPv6 only cluster on GCE using GUA for both Pods and Services. The scripts use kubeadm and there are not fully automated, this is some personal and exploratory work, so some manual steps are required.
Using GUAs everywhere allows to connect directly to Pod and Services:
- with the benefit that everything is routed and there is no need for lodabalancers or nodePorts
- with the con that everything is public and you need to create firewall rules accordenly
- Create the deployment and expose it using a Load Balancer
kubectl apply -f demo.yaml
- Wait for the LoadBalancer
aojea
/ terminating_service.yaml
Last active
September 6, 2024 05:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: server-deployment | |
| labels: | |
| app: MyApp | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: |
- Create cluster
$ gcloud container clusters create aojea
- Install the statefulset and wait until it is ready
$ kubectl apply -f test.yaml
- Use the stable bind server
docker run -d --rm --name=bind9 internetsystemsconsortium/bind9:9.18
- Exec into the container
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _output/local/bin/linux/amd64/e2e.test --ginkgo.focus="should be able to preserve UDP traffic when server pod cycles for a LoadBalancer service" --context gke_aojea-gke-dev_us-central1-c_cluster-2 --kubeconfig $PWD/kconfig --provider gke --gce-zone us-central1 | |
| Nov 9 10:38:18.592: INFO: Fetching cloud provider for "gke" | |
| I1109 10:38:18.593029 1207706 gce.go:928] Using DefaultTokenSource &oauth2.reuseTokenSource{new:(*oauth2.tokenRefresher)(0xc000a94c00), mu:sync.Mutex{state:0, sema:0x0}, t:(*oauth2.Token)(0xc00098d500)} | |
| W1109 10:38:18.662520 1207706 gce.go:483] No network name or URL specified. | |
| I1109 10:38:18.662698 1207706 e2e.go:125] Starting e2e run "01bf689f-eecf-431c-b464-2e56764338bf" on Ginkgo node 1 | |
| Nov 9 10:38:18.672: INFO: Enabling in-tree volume drivers | |
| Running Suite: Kubernetes e2e suite - /usr/local/google/home/aojea/src/kubernetes | |
| ================================================================================= | |
| Random Seed: 1667990298 - will randomize all specs |