The cilium-spire-tutorials from accuknox

cilium-spire-tutorials's Introduction

This tutorial shows some scenarios related to the Cilium and Spire integration. This integration modifies the following components: cilium-agent, cilium-envoy and spire-agent. The image below represents the summary of the actions performed in each of them.

First steps

Download repository dependencies:

go vendor

Create minikube cluster:

minikube start --network-plugin=cni --memory=4096
minikube ssh -- sudo mount bpffs -t bpf /sys/fs/bpf

Deploy manifest (cilium-control-plane + spire-control-plane + dependencies):

kubectl apply -f cilium.yaml \
              -f spire.yaml

Check the status of the all the pods. The spire-control-plane (spire-agent and spire-server) should be Running as well as the cilium-control-plane.

kubectl get pods -A
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   cilium-74m7n                       1/1     Running   0          47s
kube-system   cilium-operator-7c755f4594-2pk77   1/1     Running   0          3m25s
kube-system   cilium-operator-b76f5d644-ccmtc    0/1     Pending   0          51s
kube-system   cilium-operator-b76f5d644-mc5jn    0/1     Pending   0          51s
kube-system   coredns-74ff55c5b-l4jnn            1/1     Running   1          25h
kube-system   etcd-minikube                      1/1     Running   1          25h
kube-system   kube-apiserver-minikube            1/1     Running   1          25h
kube-system   kube-controller-manager-minikube   1/1     Running   1          25h
kube-system   kube-proxy-mggjl                   1/1     Running   1          25h
kube-system   kube-scheduler-minikube            1/1     Running   1          25h
kube-system   storage-provisioner                1/1     Running   2          25h
spire         spire-agent-648qt                  1/1     Running   0          47s
spire         spire-server-0                     1/1     Running   1          23h

After setting the Cilium and Spire integration, follow some scenarios exposed by the next tutorials. All the files related to which scenarios is inside the folder.

Tutorials

References

Accuknox Demo

cilium-spire-tutorials's People

Contributors

Stargazers

Watchers

cilium-spire-tutorials's Issues

cilium startup issue with minikube

On using kubectl apply -f cilium-spire.yaml, I got following:

level=error msg="Command execution failed" cmd="[ip6tables -w 5 -t raw -N CILIUM_OUTPUT_raw]" error="exit status 3" subsys=iptables
level=warning msg="ip6tables v1.8.4 (legacy): can't initialize ip6tables table `raw': Table does not exist (do you need to insmod?)" subsys=iptables
level=warning msg="Perhaps ip6tables or your kernel needs to be upgraded." subsys=iptables
level=error msg="Error while initializing daemon" error="cannot add custom chain CILIUM_OUTPUT_raw: exit status 3" subsys=daemon
level=fatal msg="Error while creating daemon" error="cannot add custom chain CILIUM_OUTPUT_raw: exit status 3" subsys=daemon

Modprobing ip6table_filter in minikube node didn't fix the issue (found this fix mentioned on google search).

Finally, I disabled ipv6 altogether in cilium-spire.yaml and it worked.

Any thoughts?

Recommend Projects

accuknox / cilium-spire-tutorials Goto Github PK

cilium-spire-tutorials's Introduction

First steps

Tutorials

References

cilium-spire-tutorials's People

Contributors

Stargazers

Watchers

Forkers

cilium-spire-tutorials's Issues

cilium startup issue with minikube

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent