Stack Overflow
Stack Overflow

Questions tagged [cilium]

Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. Community support mostly takes place on the Cilium Slack channel (https://cilium.herokuapp.com), you may want to consider asking there.

Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.

Resources:

53 questions
7
votes
1 answer

Monitor or log dropped network traffic for Kubernetes NetworkPolicy

I'm interested in using Kubernetes NetworkPolicy to control network policy. I want to know if the NetworkPolicy is blocking traffic so I can either fix the policies or fix/stop whatever is in violation. We use Calico and they view this as a paid…
Ben Mathews
  • 2,939
  • 2
  • 19
  • 25
5
votes
3 answers

Kubespray fails with "Found multiple CRI sockets, please use --cri-socket to select one"

Problem encountered When deploying a cluster with Kubespray, CRI-O and Cilium I get an error about having multiple CRI socket to choose from. Full error fatal: [p3kubemaster1]: FAILED! => {"changed": true, "cmd": " mkdir -p…
Doctor
  • 7,115
  • 4
  • 37
  • 55
3
votes
1 answer

NetworkPolicy does not allow egress on HTTP/HTTPS ports

I am using the NetworkPolicy below to allow egress on HTTP and HTTPS ports, but running wget https://google.com doesn't work when the network policy is applied. The domain name is resolved (DNS egress rule works) but connecting to the external host…
Tyler Camp
  • 177
  • 15
2
votes
1 answer

How to debug an eBPF program that uses cilium/ebpf to write a go user program?

Thanks to those who came to check it out. Now I'm having some problems. The ebpf program I was facing was an eBPF program written in go's cilium/ebpf library. There was no problem compiling, but there was a problem with the runtime and the bpf…
h3l10_w0r14
  • 21
  • 1
2
votes
1 answer

Elements incorrectly evicted from eBPF LRU hash map

I observe that elements are incorrectly evicted in an eBPF LRU hash map (BPF_MAP_TYPE_LRU_HASH). In the following code I insert into an LRU hash map of size 8 and print its contents every second: package main import ( "fmt" …
user2233706
  • 6,148
  • 5
  • 44
  • 86
2
votes
0 answers

How to emulate network failures (chaos testing) on clusters with cilium

Could you please provide me the information about the available tools for emulating network failures on Cilium/eBPF-based Service Mesh solutions? Previously I used Chaos Mesh https://chaos-mesh.org/ but emulating network-related issues (packet delay…
hoozgo
  • 21
  • 4
2
votes
1 answer

GKE Dataplane v2 NetworkPolicies not working

I am currently trying to move my calico based clusters to the new Dataplane V2, which is basically a managed Cilium offering. For local testing, I am running k3d with open source cilium installed, and created a set of NetworkPolicies (k8s native…
Demonsthere
  • 113
  • 5
2
votes
2 answers

EKS 1.11 + Istio 1.0.6 + Cilium 1.4.1, Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: Address is not allowed

Here're the steps to reproduce the error: 1). Install an AWS EKS cluster (1.11) 2). Install Cilium v1.4.1 following this guide $ kubectl -n kube-system set env ds aws-node AWS_VPC_K8S_CNI_EXTERNALSNAT=true $ kubectl apply -f…
brant4test
  • 29
  • 1
2
votes
1 answer

Failure Err: Not able to connect to any etcd endpoints - etcd: 0/1 connected: kubeadm

I tried to install cilium with coredns in kubeadm kube: 1.12.3 cilium: 1.3.0 I get this error: Readiness probe failed: KVStore: Failure Err: Not able to connect to any etcd endpoints - etcd: 0/1 connected: http://127.0.0.1:31079 - context…
pioupiou
  • 836
  • 2
  • 14
  • 29
1
vote
1 answer

Multi cluster CockroachDB with Cilium Cluster Mesh

I am trying to enable a multi cluster CockroachDB spawning 3 k8s clusters connected with Cilium Cluster Mesh. The idea of having a multi cluster CockroachDB is described on cockroachlabs.com - 1, 2. Given the fact that the article calls for a change…
Krystian Marek
  • 331
  • 4
  • 19
1
vote
0 answers

Attaching an eBPF program to a container cgroup

I would like to attach an eBPF program to a cgroup associated with an envoy container (running on host namespace, --net=host) in order to monitor and mark its packets: // bpf.c SEC("cgroup_skb/egress") int mark_egress_packets(struct __sk_buff *skb)…
Nimrodshn
  • 859
  • 3
  • 13
  • 29
1
vote
1 answer

Multiple runtime engines in kubernetes?

I want to run some gpu workloads on my bare metal k8s cluster. So I have installed the nvidia containerd runtime engine on my cluster. But the cilium cni pods crashes when I make nvidia the default runtime. (I'll post about that some other…
d s
  • 21
  • 3
1
vote
1 answer

eBPF verifier: R1 is not a scalar

I have this eBPF code: struct sock_info { struct sockaddr addr; }; SEC("tracepoint/syscalls/sys_enter_accept4") int sys_enter_accept4(int fd, struct sockaddr *upeer_sockaddr, int *upeer_addrlen, int flags) { struct sock_info *iad =…
Mario
  • 1,661
  • 13
  • 22
1
vote
0 answers

Select all pods running on a K8s node for Cilium Policy

I am trying to use Cilium Egress Gateway Policy in my K8s cluster. I want to apply policy on all pods scheduled on Node X. How can I do that? Using the podSelector field, I can pick pods which matchLabels. Theer is also a special label…
Vishesh Agarwal
  • 101
  • 1
  • 5
1
vote
1 answer

How to see the rule, when error: didn't match pod anti-affinity rules

I am getting - when installing Cilium: Warning FailedScheduling 4m21s (x17 over 84m) default-scheduler 0/1 nodes are available: 1 node(s) didn't match pod anti-affinity rules. preemption: 0/1 nodes are available: 1 node(s) didn't match pod…
Chris G.
  • 23,930
  • 48
  • 177
  • 302
1
2 3 4