Skip to content

Instantly share code, notes, and snippets.

@h3llix

h3llix/GSoC Cilium Contributions.md

Last active August 23, 2021 12:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save h3llix/20c2489ccc09881f63eb9c4157ce1c07 to your computer and use it in GitHub Desktop.
Save h3llix/20c2489ccc09881f63eb9c4157ce1c07 to your computer and use it in GitHub Desktop.
Download ZIP
GSoC.md
Raw
GSoC Cilium Contributions.md

GSoC'21

Google Summer of Code 2021 Final Submission Report

  • Student: Gaurav Genani
  • Github: @h3llix
  • Organisation: Cilium
  • Project: Expose all active configurations and CLI improvements.

Cilium

Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. Depending on the underlying support by the kernel, certain configurations were self applied by Cilium Daemon. So, the applied and active configurations don't stay reconciled. There was no concrete way in which one could see the active configurations (though they can get configurations by seeing the start logs or through existing cilium config command). Also, CLI does not provide status of IPsec based encryption managed by Cilium.

Thus, My GSoC project was mainly divided into two parts and both of which aimed at CLI improvements:

cilium config

Beforehand, the cilium config command exposed only a subset of active daemon configurations. Now it exposes all the active daemon configurations through CLI.

Following is the work PR which contains all my work commits: cilium/cilium#16519

cilium encrypt

It aims at adding two new CLI commands:

  • cilium encrypt status which displays information on the IPsec based transparent encryption managed by Cilium.
  • cilium encrypt flush which flushes all XFRM states of the node.

Following is my work PR: cilium/cilium#16770.

Follow-ups

Below mentioned are follow-up PRs which are improvements to already existing PRs:

Future Improvements:

  • Currently the status under cilium encrypt shows information about IPsec based transparent encryption. But this could be extended to show the status of WireGuard based transparent encryption.

  • Currently all the configs exposed via cilium config (in the scope of this GSoc) are read-only but this could be extended to support more configurations to be read-write so that they could be dynamically changed.

Acknowledgements

I would like to thank everyone who helped and guided me with my GSoC project. It was truly amazing to be working with Cilium his summer. I learnt so many new things. I am so grateful to Paul Chaignon and André Martins for mentoring me, Specially Paul for patiently reviewing my code, giving constructive suggestions and tolerating me with my silliest doubts. I really liked Cilium community, everyone here was so welcoming and helpful. And, I would like to continue contributing to Cilium and explore open-source in general.

I would like to thanks Google for organizing this amazaing GSoC which made my summers a lot more productive. It was an truly an amazing experience. I am looking forward to continue contributing to open source community.

Contact

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment