https://github.com/starefossen/cilium-workshop
Cilium Workshop for NDCOslo 2022
https://github.com/starefossen/cilium-workshop
Last synced: 3 months ago
JSON representation
Cilium Workshop for NDCOslo 2022
- Host: GitHub
- URL: https://github.com/starefossen/cilium-workshop
- Owner: Starefossen
- License: mit
- Created: 2022-09-15T20:01:57.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-09-25T21:40:25.000Z (over 2 years ago)
- Last Synced: 2025-03-14T19:01:32.408Z (3 months ago)
- Size: 4.2 MB
- Stars: 3
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Workshop: Securing (and Observing) Kubernetes clusters with Cilium and eBPF
Getting Kubernetes up and running and deploying your first application is
relatively easy, managing them securely on scale however can be quite a
challenge. Knowing what applications are communicating with each other and how
to restrict, verify, and debug traffic policies is a real game changer for
complex environments.
## Getting Started
### Pre-requisites
* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
* [cilium-cli](https://github.com/cilium/cilium-cli/releases)
Install cilium-cli with asdf
```bash
brew install asdf
asdf plugin add cilium-cli
asdf install cilium-cli latest
asdf global cilium-cli latest
```
Install kubectl with asdf
```bash
brew install asdf
asdf plugin add kubectl
asdf install kubectl v1.23.6
asdf global kubectl v1.23.6 latest
```
Install docker cli with brew
```bash
brew install docker-compose
```
Compose is now a Docker plugin. For Docker to find this plugin, symlink it:
```bash
mkdir -p ~/.docker/cli-plugins
ln -sfn /opt/homebrew/opt/docker-compose/bin/docker-compose ~/.docker/cli-plugins/docker-compose
```
### Install Kubernetes with Minikube in Docker
[Minikube][minikube] is a tool that makes it easy to run Kubernetes locally.
Minikube runs a single-node Kubernetes cluster inside a VM on your laptop for
users looking to try out Kubernetes or develop with it day-to-day.
[Colima][colima] is a tool that makes it easy to run Kubernetes locally on Apple
Silicon Macs.
[minikube]: https://minikube.sigs.k8s.io/docs/start/
[colima]: https://github.com/abiosoft/colima
Install minikube and colima:
```bash
brew install minikube colima
```
Start colima (unless you have docker desktop running):
```bash
colima start --cpu 4 --memory 8
```
Check that docker is working:
```bash
docker ps
```
Configure minikube to use colima:
```bash
minikube config set driver docker
minikube config set container-runtime docker
```
Start minikube:
```bash
minikube start \
--profile cilium-workshop \
--cpus max --memory max \
--network-plugin=cni --cni=false \
--kubernetes-version v1.24.6
```
## Install Cilium using cilium-cli
Verify that you have a working Kubernetes connection:
```bash
kubectl version
```
Run the following commands in order to set up Cilium:
```bash
cilium install \
--version 1.12.2 \
--helm-set image.pullPolicy=IfNotPresent \
--helm-set ipam.mode=kubernetes
```
Verify that Cilium is running:
```bash
cilium status
```
cilium status output
```bash
/¯¯\
/¯¯\__/¯¯\ Cilium: OK
\__/¯¯\__/ Operator: OK
/¯¯\__/¯¯\ Hubble: disabled
\__/¯¯\__/ ClusterMesh: disabled
\__/
Deployment cilium-operator Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet cilium Desired: 4, Ready: 4/4, Available: 4/4
Containers: cilium Running: 4
cilium-operator Running: 1
Cluster Pods: 3/3 managed by Cilium
Image versions cilium quay.io/cilium/cilium:v1.12.2@sha256:986f8b04cfdb35cf714701e58e35da0ee63da2b8a048ab596ccb49de58d5ba36: 4
cilium-operator quay.io/cilium/operator-generic:v1.12.2@sha256:00508f78dae5412161fa40ee30069c2802aef20f7bdd20e91423103ba8c0df6e: 1
```
Check cilium conectivity (optional)
```bash
cilium connectivity test
```
Enable Cilium Hubble:
```bash
cilium hubble enable --ui
```
Open Hubble UI in your browser:
```bash
cilium hubble ui
```