From cfc9e6b5359319dcdf746e798b323dc0e42c283c Mon Sep 17 00:00:00 2001 From: Patrick Stadler Date: Wed, 20 Sep 2023 20:27:21 +0200 Subject: [PATCH] CNI: replace Weave with Cilium --- README.md | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 143c0d2..fd64280 100644 --- a/README.md +++ b/README.md @@ -361,22 +361,29 @@ kubeadm init --config /tmp/master-configuration.yml --ignore-preflight-errors=Sw ``` After the setup is complete, kubeadm prints a token such as `818d5a.8b50eb5477ba4f40`. It's important to write it down, we'll need it in a minute to join the other cluster nodes. -Kubernetes is built around openness, so it's up to us to choose and install a suitable pod network. This is required as it enables pods running on different nodes to communicate with each other. One of the [many options](https://kubernetes.io/docs/concepts/cluster-administration/addons/) is [Weave Net](https://www.weave.works/products/weave-net/). It requires zero configuration and is considered stable and well-maintained: +Kubernetes is built around openness, so it's up to us to choose and install a suitable pod network. This is required as it enables pods running on different nodes to communicate with each other. One of the [many options](https://kubernetes.io/docs/concepts/cluster-administration/addons/) is [Cilium](https://cilium.io/). It requires little configuration and is considered stable and well-maintained: ```sh # create symlink for the current user in order to gain access to the API server with kubectl [ -d $HOME/.kube ] || mkdir -p $HOME/.kube ln -s /etc/kubernetes/admin.conf $HOME/.kube/config -# install Weave Net -kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml +# install Cilium +CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt) +CLI_ARCH="$(arch | sed 's/x86_64/amd64/; s/aarch64/arm64/')" +curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} +sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum +sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin +rm cilium-linux-${CLI_ARCH}.tar.gz* -# allow traffic on the newly created weave network interface -ufw allow in on weave +cilium install --version 1.14.1 --set ipam.mode=cluster-pool --set ipam.operator.clusterPoolIPv4PodCIDRList=10.96.0.0/16 + +# allow traffic on the newly created Cilium network interface +ufw allow in on cilium_vxlan ufw reload ``` -Unfortunately, Weave Net will not readily work with our current cluster configuration because traffic will be routed via the wrong network interface. This can be fixed by running the following command on each host: +Cilium will not readily work with our current cluster configuration because traffic will be routed via the wrong network interface. This can be fixed by running the following command on each host: ```sh ip route add 10.96.0.0/16 dev $VPN_INTERFACE src $VPN_IP @@ -412,6 +419,12 @@ After that we have to enable it by running following command: systemctl enable overlay-route.service ``` +Finally, we can check if everything works: + +```sh +cilium status --wait +``` + #### Joining the cluster nodes All that's left is to join the cluster with the other nodes. Run the following command on each host: