Last active
August 18, 2021 04:11
-
-
Save nyrahul/e38287ac45b3f8ae4fca05ed596645ff to your computer and use it in GitHub Desktop.
cilium quick notes for dev VM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -------[ Cilium installation on GKE ]--------- | |
| NATIVE_CIDR="$(gcloud container clusters describe "cluster-core-backend" --zone "us-central1-c" --format 'value(clusterIpv4Cidr)')" | |
| # with hubble-relay | |
| helm install cilium cilium/cilium --version 1.9.6 \ | |
| --namespace kube-system \ | |
| --set nodeinit.enabled=true \ | |
| --set nodeinit.reconfigureKubelet=true \ | |
| --set nodeinit.removeCbrBridge=true \ | |
| --set cni.binPath=/home/kubernetes/bin \ | |
| --set gke.enabled=true \ | |
| --set ipam.mode=kubernetes \ | |
| --set hubble.relay.enabled=true \ | |
| --set hubble.ui.enabled=true \ | |
| --set nativeRoutingCIDR=$NATIVE_CIDR | |
| #----------------------------------------- | |
| # Enable debug for envoy, datapath ... edit /etc/sysconfig/cilium | |
| --debug-verbose=envoy --debug-verbose=datapath --debug-verbose=flow | |
| # Edit cilium configuration at runtime | |
| kubectl edit configmap cilium-config -n kube-system | |
| # Mounting bpffs | |
| minikube ssh -- sudo mount bpffs -t bpf /sys/fs/bpf | |
| # Port-forward hubble-relay | |
| kubectl -n cilium port-forward service/hubble-relay --address 0.0.0.0 --address :: 4245:80 | |
| # Curl from xwing -> Deathstar | |
| kubectl exec xwing -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing | |
| # For loading Cilium from local images | |
| make dev-docker-image | |
| docker images ... should list all the newly created images | |
| copy quick-install.yaml loc-install.yaml ... change the image names to use local images .. and change imagePullPolicy to Never | |
| # DEbugging | |
| cilium config debug=true debug-verbose=true | |
| cilium monitor -v | |
| cilium monitor -v -v | |
| cilium endpoint config 1156 debug=true | |
| cilium monitor -t drop ## Dropped packets | |
| cilium policy get #Gets all the rules | |
| # Get the list of all packets handled through all bpf policies | |
| sudo cilium bpf policy get --all | |
| # Using direct-routing-mode: /etc/sysconfig/cilium | |
| CILIUM_OPTS=" --debug --pprof --enable-hubble --hubble-listen-address :4244 --enable-k8s-event-handover --k8s-require-ipv4-pod-cidr --auto-direct-node-routes --enable-ipv6-ndp --ipv6-mcast-device enp0s8 --k8s-kubeconfig-path /var/lib/cilium/cilium.kubeconfig --kvstore etcd --kvstore-opt etcd.config=/var/lib/cilium/etcd-config.yml --native-routing-cidr=10.10.20.0/24 --masquerade --tunnel=disabled --enable-ipv4=true" | |
| # Enable delve based debugging for cilium | |
| make clean; make NOSTRIP=1 NOOPT=1; sudo make install | |
| #------------------------------------------[Cilium Visibility Handling]----------------------- | |
| # Enable reporting of visibility in kubectl get cep | |
| --endpoint-status=policy | |
| # Check proxy-statistics | |
| cilium endpoint get 2950 -o json #observe .status.policy.proxy-statistics ... 2950 is the endpoint ID of the annotated pod under consideration ... you can get the endpoint ID by using `cilium endpoint list` | |
| # Installing Cilium 1.10.3 | |
| https://kloudone.atlassian.net/browse/AK-4548 | |
| #Delete unmanaged pods | |
| kubectl get pods --all-namespaces -o custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,HOSTNETWORK:.spec.hostNetwork --no-headers=true | grep '<none>' | awk '{print "-n "$1" "$2}' | xargs -L 1 -r kubectl delete pod | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment