Skip to content

Instantly share code, notes, and snippets.

@dgiebert

dgiebert/rke2-cilium.md

Last active November 23, 2023 09:11
Show Gist options
  • Save dgiebert/3cd95e04dc253d22f24c0bc990155958 to your computer and use it in GitHub Desktop.
Save dgiebert/3cd95e04dc253d22f24c0bc990155958 to your computer and use it in GitHub Desktop.
Download ZIP
RKE2 with official
Raw
rke2-cilium.md

Install the Official Cilium Chart on RKE2

  1. Create a file /etc/rancher/rke2/config.yaml 
    cni: none
disable:
- rke2-ingress-nginx
  2. Apply the following manifest 
    apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: cilium
  namespace: kube-system
spec:
  chart: https://github.com/cilium/charts/raw/master/cilium-1.14.1.tgz
  bootstrap: true
  valuesContent: |-
    kubeProxyReplacement: strict
    k8sServiceHost: 127.0.0.1
    k8sServicePort: 6443
    encryption:
      enabled: true
      nodeEncryption: true
      type: wireguard
    ingressController:
      enabled: true
    envoy:
      enabled: true

L2 Announcements

  1. Add the following components to enable the feature 
    apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: cilium
  namespace: kube-system
spec:
  chart: https://github.com/cilium/charts/raw/master/cilium-1.14.1.tgz
  valuesContent: |-
    [...]
    l2announcements:
      enabled: true
    externalIPs:
      enabled: true
    devices: 'eth0'
  2. Create the following manifests to configure it 
    apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
  name: policy
  namespace: kube-system
spec:
  nodeSelector:
    matchExpressions:
    - key: node-role.kubernetes.io/control-plane
      operator: DoesNotExist
  interfaces:
  - eth0
  loadBalancerIPs: true
  externalIPs: true
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
  name: "home-pool"
spec:
  cidrs:
  - cidr: "192.168.178.0/24"

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment