Introduction of Cilium
Cilium is an open source project for container networking, primarily container oriented, to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes.
Cilium runs at Layer 3/4 to provide traditional networking and security services, and at Layer 7 to protect the use of modern application protocols such as HTTP, gRPC, and Kafka. Cilium is integrated into common container choreography frameworks such as Kubernetes and Mesos.
The underlying foundation of Cilium is BPF, and Cilium works by generating kernel-level BPF programs that interact directly with containers. Instead of creating overlay networks for containers, Cilium allows each container to be assigned an IPv6 (or IPv4) address, using container labels instead of network routing rules to achieve network isolation between containers. It also includes the integration of the choreography system that creates and enforces Cilium rules.
The above introduction is from OSChina
Readers interested in Cilium’s performance can refer to this article: The Strongest CNI Benchmark: Cilium Network Performance Analysis
System requirements
Linux Kernel >= 4.9.17 For more information, see Cilium System Requirements
The environment
The following uses the Ubuntu Server 20.04.1 LTS 64bit as an example
| name | ip | role |
|---|---|---|
| node1 | 10.160.6.136 | etcd, master, worker |
Downloading the Installation package
Sudo wget HTTP: / / https://github.com/kubesphere/kubekey/releases/download/v1.1.0/kubekey-v1.1.0-linux-64bit.debCopy the codeDeploy KubeSphere using Cilium as a network plug-in
1. Install KubeKey
Sudo DPKG -i kubekey - v1.1.0 - Linux - 64 - bit. DebCopy the code2. Generate a configuration file
Sudo kk create config --with-kubernetes v1.19.8Copy the code3. Modify the configuration file to change the network plug-in to Cilium. Notice Change the value of spec.network.plugin to cilium
sudo vi config-sample.yaml
Copy the codeapiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: sample
spec:
hosts:
- {name: node1.address: 10.1606.136..internalAddress: 10.1606.136..user: ubuntu.password: * * * * * * * *}
roleGroups:
etcd:
- node1
master:
- node1
worker:
- node1
controlPlaneEndpoint:
domain: lb.kubesphere.local
address: ""
port: 6443
kubernetes:
version: v1.19.8
imageRepo: kubesphere
clusterName: cluster.local
network:
plugin: cilium
kubePodsCIDR: 10.23364.. 0/ 18
kubeServiceCIDR: 10.233. 0. 0/ 18
registry:
registryMirrors: []
insecureRegistries: []
addons: []
Copy the code4. Deploy dependencies
sudo kk init os -f config-sample.yaml
Copy the code5. KubeSphere deployment
Sudo kk create cluster -f config-sample.yaml --with-kubesphere v3.1.0Copy the codeIf the following information is displayed, the installation is complete
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
### Welcome to KubeSphere! # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #The Console: http://10.160.6.136:30880 Account: admin Password: P @ 88 w0rd NOTES: 1. After youlog into the console, please check the
monitoring status of service components in
"Cluster Management". If any service is not
ready, please wait patiently until all components
are up and running.
2. Please change the default password after login.
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
https://kubesphere.io 2021-05-18 17:15:03
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
INFO[17:15:16 CST] Installation is complete.
Copy the code6. Log in to KubeSphere Console
7. Check the status
Install the Hubble UI
Hubble is specially designed for network visualization and can use eBPF data paths provided by Cilium to obtain deep visibility of network traffic of Kubernetes applications and services. These network traffic information can be connected to Hubble CLI and UI tools, and the problems related to DNS can be quickly diagnosed in an interactive way. In addition to monitoring tools, Hubble can also connect with mainstream cloud native monitoring systems — Prometheus and Grafana to realize extensible monitoring strategies.
Installation of Hubble is simple, with the following commands:
Kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/1.9.7/install/kubernetes/quick-hubble-install.yamlCopy the code
Check the status
Install the Demo service and check service dependencies in Hubble UI
1. Install the demo
Kubectl create -f https://raw.githubusercontent.com/cilium/cilium/1.9.7/examples/minikube/http-sw-app.yamlCopy the code
2. Modify the Hubble UI service type to NodePort
3. Visit the demo
kubectl exec xwing -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
Ship landed
kubectl exec tiefighter -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
Ship landed
Copy the code
4. Check service dependencies on Hubble
Annotations if you want to enable the visual observation of network layer 7, you need to conduct annotations for the target Pod. You can see the official documentation of Cilium for interest.
conclusion
From the perspective of using experience, Cilium can meet most container network requirements. In particular, Hubble realizes data plane visualization in a native way, which is much more sophisticated than Istio. Cilium will soon become the most used network solution in the Kubernetes community.
This article is published by OpenWrite!