Skip to content

Instantly share code, notes, and snippets.

@snormore

snormore/cilium-hostport-portmp-cni-config.md

Last active July 26, 2019 00:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save snormore/cc642e943509834d288af087f327e37e to your computer and use it in GitHub Desktop.
Save snormore/cc642e943509834d288af087f327e37e to your computer and use it in GitHub Desktop.
Download ZIP
Enable hostPort mapping in Cilium via CNI config.
Raw
cilium-hostport-portmp-cni-config.md

We 1. tell Cilium not to drop it's own config via the CILIUM_CNI_CONF env, and 2. Update the postStart lifecycle hook where Cilium does a /cni-install.sh already, to include the writing of a CNI config enabling portmap.

kubectl edit ds cilium -n kube-system

Add this under the container env

# We drop our own CNI config with portmap enabled, so this tells
# Cilium not to write one.
- name: CILIUM_CNI_CONF
    value: /dev/null

Replace this

lifecycle:
    postStart:
    exec:
        command:
        - /cni-install.sh
    preStop:
    exec:
        command:
        - /cni-uninstall.sh

with

lifecycle:
    postStart:
    exec:
        command:
        - sh
        - -c
        - "echo '{\"cniVersion\": \"0.3.1\", \"name\": \"portmap\", \"plugins\": [{\"name\": \"cilium\", \"type\": \"cilium-cni\"}, {\"type\": \"portmap\", \"capabilities\": {\"portMappings\": true}}]}' > /host/etc/cni/net.d/05-cilium.conflist && /cni-install.sh"
    preStop:
    exec:
        command:
        - sh
        - -c
        - "/cni-uninstall.sh && rm /host/etc/cni/net.d/05-cilium.conflist"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment