Forked from MatthiasWinzeler/docker-compose.yml
Last active
November 12, 2023 15:57
-
-
Save ilian/c339d1c86cb7dd5f0025d8f5d9cadb1a to your computer and use it in GitHub Desktop.
cilium 1.14.3 w/ etcd and docker plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# git clone https://github.com/cilium/cilium | |
# cd cilium | |
# git checkout v1.14.3 | |
## build docker plugin since there is no dockerhub image for 1.14.3 for it | |
# docker buildx build -f images/cilium-docker-plugin/Dockerfile -t cilium-docker-plugin-local . | |
# docker compose up | |
## in other shell: | |
# docker network create my_network --ipam-driver cilium --driver cilium | |
# docker run --rm --net my_network -it alpine | |
## in other shell: | |
# alias cilium='docker exec -ti cilium cilium' | |
# cilium status | |
# cilium endpoint list | |
## to inspect etcd | |
# docker run -it --rm --network host --env ALLOW_NONE_AUTHENTICATION=yes bitnami/etcd:latest etcdctl --endpoints http://127.0.0.1:2379 get "" --prefix --keys-only | |
version: '2' | |
services: | |
cilium: | |
container_name: cilium | |
image: docker.io/cilium/cilium:v1.14.3 | |
command: cilium-agent --enable-ipv6=false --kvstore etcd --kvstore-opt etcd.address=127.0.0.1:2379 -t vxlan --enable-bpf-masquerade=true --enable-node-port=true --bpf-lb-sock=true | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- /var/run/cilium:/var/run/cilium | |
- /sys/fs/bpf:/sys/fs/bpf | |
# To access Docker container netns: | |
- /var/run/docker/netns:/var/run/docker/netns:rshared | |
# To create named netns for cilium-health endpoint: | |
- /var/run/netns:/var/run/netns:rshared | |
network_mode: "host" | |
cap_add: | |
- "NET_ADMIN" | |
privileged: true | |
depends_on: | |
- etcd | |
cilium_docker: | |
container_name: cilium-docker-plugin | |
#image: docker.io/cilium/docker-plugin:v1.9 | |
image: cilium-docker-plugin-local | |
command: cilium-docker | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- /var/run/cilium:/var/run/cilium | |
- /run/docker/plugins:/run/docker/plugins | |
network_mode: "host" | |
cap_add: | |
- "NET_ADMIN" | |
privileged: true | |
depends_on: | |
- cilium | |
# consul: | |
# container_name: cilium-kvstore | |
# ports: | |
# - "8500:8500" | |
# environment: | |
# - "CONSUL_LOCAL_CONFIG={\"skip_leave_on_interrupt\": true, \"disable_update_check\": true}" | |
# image: docker.io/library/consul:1.1.0 | |
# command: agent -client=0.0.0.0 -server -bootstrap-expect 1 | |
etcd: | |
container_name: cilium-etcd | |
image: bitnami/etcd:latest | |
network_mode: "host" | |
ports: | |
- "2379:2379" | |
- "2380:2380" | |
environment: | |
ALLOW_NONE_AUTHENTICATION: yes | |
cilium_operator: | |
container_name: cilium-operator | |
image: cilium/operator-generic:v1.14.3 | |
command: cilium-operator-generic --enable-k8s=false --enable-ipv4=true --enable-ipv6=false --ipam=docker-ipam --kvstore etcd --kvstore-opt etcd.address=127.0.0.1:2379 --identity-allocation-mode=kvstore | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- /var/run/cilium:/var/run/cilium | |
- /run/docker/plugins:/run/docker/plugins | |
# To have access to etcd.yml | |
- /vagrant:/vagrant | |
network_mode: "host" | |
cap_add: | |
- "NET_ADMIN" | |
privileged: true | |
depends_on: | |
- cilium | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env nix-shell | |
#! nix-shell -i bash -p inotify-tools socat | |
set -ex | |
if [ "$EUID" -ne 0 ]; then | |
echo "Please run $0 as root" | |
exit 1 | |
fi | |
mkdir -p /var/run/cilium | |
cd /var/run/cilium | |
if [ -S "cilium.sock" ]; then | |
echo "Cilium is alrady running" | |
exit 1 | |
fi | |
echo "Waiting for cilium to start" | |
inotifywait . -e create --include 'cilium\.sock' | |
mv cilium.sock cilium.sock.orig | |
trap 'rm cilium.sock.orig' EXIT | |
socat -v UNIX-LISTEN:cilium.sock,mode=660,reuseaddr,fork UNIX-CONNECT:cilium.sock.orig |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment