Stack Overflow
Stack Overflow

Questions tagged [cilium]

Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. Community support mostly takes place on the Cilium Slack channel (https://cilium.herokuapp.com), you may want to consider asking there.

Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.

Resources:

53 questions
1
vote
1 answer

how to get goroutine id with ebpf

I use cilium ebpf pakage to write a ebpf program for getting the goroutine id. but failed. my uprobe.c like this : I think the key problem is that golang struct g trans to goroutine.h is wrong. can anyone…
weizhao
  • 183
  • 3
  • 16
1
vote
1 answer

Cilium 1.12.1 not working on some of nodes

Hi guys I have an 11 nodes Kubernetes cluster with cilium 1.12.1 kubeProxyReplacement=strict built on bare metal in our data center, but pods on 4 of the nodes(node5-node8) have issues when communicate with other pods or service which not on the…
Archean
  • 11
  • 4
1
vote
1 answer

Intermittent failure of K8S DNS resolver / dial udp / Operation cancelled

We're having a medium sized Kubernetes cluster. So imagine a situation where approximately 70 pods are being connecting to a one socket server. It works fine most of the time, however, from time to time one or two pods just fail to resolve k8s DNS,…
user3677173
  • 2,559
  • 2
  • 17
  • 16
1
vote
3 answers

Go import error: invalid version unknow revision

Code, file structure on left and error package main import ( "fmt" "github.com/cilium/cilium/api/v1/models" "github.com/cilium/cilium/pkg/client" log "github.com/sirupsen/logrus" ) func main() { fmt.Println("Starting…
RiptimRip
  • 11
  • 1
  • 3
1
vote
0 answers

cilium configuration in IPv6 mode

I am using cilium in Kubernetes 1.12 in Direct Routing mode. It is working fine in IPv4 mode. We are using cilium/cilium:no-routes image and cloudnativelabs/kube-router to advertise the routes through BGP. Now I would like to configure the same in…
user2639661
  • 91
  • 6
0
votes
0 answers

How to block all paths except the specified path. And only use specific pods in this path

I'm using 1 service to get pods from 2 different deployments which have just one label equal between them. Then, I want to use CiliumNetworkPolicy and ingress to block all the traffic in all path except the path '/a', and show only the pods from 1…
Sule26
  • 1
  • 2
0
votes
0 answers

RKE2 + Cilium leads to DNS issues

Hi I have a little RKE2 cluster on my Windows Data Center 2022 using Hyper-V on Rocky Linux 8.8. I am attempting to replace kube-proxy with cilium, following this guide I have ensured that KubeProxyReplacement is set to Strict on the Cilium chart…
user1314147
  • 174
  • 1
  • 5
  • 25
0
votes
0 answers

How can I get rid on "Missed tail calls" in Cilium

I have a Cilium integrated into my k3d cluster but get the following error messages all over the place: root@k3d-k8s-daemon01-dev-local01-agent-0:/home/cilium# cilium monitor -t drop Listening for events on 16 CPUs with 64x4096 of shared…
towi
  • 21,587
  • 28
  • 106
  • 187
0
votes
0 answers

Cluster Network Connection Failure via Cilium CNI in VMs Using SR-IOV on Broadcom BCM57412 NIC

Host Server item Details OS Ubuntu 20.04.5 Kernel 5.15.0-53 Driver Version 5.15.0-56-generic Firmware Version 220.0.57.0/pkg 22.00.07.60 SRIOV VF: 8 Hardware item Details CPU Intel(R) Xeon(R) Gold 6226R CPU @…
kyleyoon
  • 1
  • 1
0
votes
0 answers

CHECKSUM_NONE and TCP checksum calculation

I modified a packet in tc-ingress ebpf program and then the packet is routed to leave the host machine. More specifically, I add a customized TCP option using bpf_skb_adjust_room/ctx_adjust_hroom to expand the packet. static inline void…
yeyushengfan
  • 3
  • 2
0
votes
0 answers

Cilium operator unmanaged pods watcher not working

I installed Cilium CNI (1.13.4) chained with VPC-CNI on an EKS cluster recently. This cluster is running pods already, so I need to restart all existing pods to have them managed by Cilium. When looking at the helm chart values it seems like there…
KOT
  • 1,986
  • 3
  • 21
  • 35
0
votes
1 answer

tracepoint/syscalls/sys_enter_execve missing args

I use cilium-ebpf to write some simple monitoring programs. Currently I want to use tracepoint/syscalls/sys_enter_execve to get argv. but I am having problems with missing arguments. The following is an example of code that can be…
HIHIA
  • 1
0
votes
0 answers

Egress TLS Origination without Istio

Is it possible to do something similar to TLS Egress origination described here without relying on Istio? We have a use case where we'd like all outbound traffic to a particular CIDR block to go through a TLS proxy that handles the mTLS with another…
Jessica
  • 721
  • 1
  • 6
  • 13
0
votes
1 answer

Connecting Cilium Clustermesh between two separate VMs with kind-c1 and kind-c2 clusters

I followed the tutorial on https://piotrminkowski.com/2021/10/25/kubernetes-multicluster-with-kind-and-cilium/ to create two separate Cilium clusters, kind-c1 and kind-c2, on two different VMs within the same network. However, when attempting to…
Monica
  • 3
  • 2
0
votes
1 answer

Permission denied when using bpf_probe_read() in the ebpf program

I am unable to read the addr argument and assign it to my struct field. struct accept_args_t { struct sockaddr_in *addr; }; SEC("kprobe/sys_accept") int syscall__probe_entry_accept(struct pt_regs *ctx, int sockfd, struct sockaddr *addr,…
Gourav Kumar
  • 33
  • 4
1
2
3 4