Installation k0s Using k0sctl
This guide walks you through installation of Cilium on k0s, an open source, all-inclusive Kubernetes distribution, which is configured with all of the features needed to build a Kubernetes cluster.
Cilium is presently supported on amd64 and arm64 architectures.
Install a Master Node
Ensure you have the k0sctl binary installed locally.
Setup your VMs:
How to do this is out of the scope of this guide, please refer to your favorite virtualization tool. After deploying the VMs, export their IP addresses to environment variables (see example below). These will be used in a later step.
export node1-IP=192.168.2.1 node2-IP=192.168.2.2 node3-IP=192.168.2.3
Prepare the yaml configuration file k0sctl will use:
# The following command assumes the user has deployed 3 VMs
# with the default user "k0s" using the default ssh-key (without passphrase)
k0sctl init --k0s -n "myk0scluster" -u "k0s" -i "~/.ssh/id_rsa" -C "1" "${node1-IP}" "${node2-IP}" "${node3-IP}" > k0s-myk0scluster-config.yaml
Next step is editing k0s-myk0scluster-config.yaml
:
# replace
...
provider: kube-router
...
# with
...
provider: custom
...
Finally apply the config file:
k0sctl apply --config k0s-myk0scluster-config.yaml --no-wait
Note
If running Cilium in Kubernetes Without kube-proxy mode disable kube-proxy in the k0s config file
# edit k0s-myk0scluster-config.yaml
# replace
...
network:
kubeProxy:
disabled: false
...
# with
...
network:
kubeProxy:
disabled: true
...
Configure Cluster Access
For the Cilium CLI to access the cluster in successive steps you will need to
generate the kubeconfig
file, store it in ~/.kube/k0s-mycluster.config
and setting
the KUBECONFIG
environment variable:
k0sctl kubeconfig --config k0s-myk0scluster-config.yaml > ~/.kube/k0s-mycluster.config
export KUBECONFIG=~/.kube/k0s-mycluster.config
Install Cilium
Warning
Make sure you install cilium-cli v0.15.0 or later. The rest of instructions do not work with older versions of cilium-cli. To confirm the cilium-cli version that’s installed in your system, run:
cilium version --client
See Cilium CLI upgrade notes for more details.
Install the latest version of the Cilium CLI. The Cilium CLI can be used to install Cilium, inspect the state of a Cilium installation, and enable/disable various features (e.g. clustermesh, Hubble).
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "arm64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
See the full page of releases.
Install Cilium by running:
cilium install --version 1.16.3
Validate the Installation
To validate that Cilium has been properly installed, you can run
$ cilium status --wait
/¯¯\
/¯¯\__/¯¯\ Cilium: OK
\__/¯¯\__/ Operator: OK
/¯¯\__/¯¯\ Hubble: disabled
\__/¯¯\__/ ClusterMesh: disabled
\__/
DaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2
Deployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2
Containers: cilium-operator Running: 2
cilium Running: 2
Image versions cilium quay.io/cilium/cilium:v1.9.5: 2
cilium-operator quay.io/cilium/operator-generic:v1.9.5: 2
Run the following command to validate that your cluster has proper network connectivity:
$ cilium connectivity test
ℹ️ Monitor aggregation detected, will skip some flow validation steps
✨ [k8s-cluster] Creating namespace for connectivity check...
(...)
---------------------------------------------------------------------------------------------------------------------
📋 Test Report
---------------------------------------------------------------------------------------------------------------------
✅ 69/69 tests successful (0 warnings)
Note
The connectivity test may fail to deploy due to too many open files in one
or more of the pods. If you notice this error, you can increase the
inotify
resource limits on your host machine (see
Pod errors due to “too many open files”).
Congratulations! You have a fully functional Kubernetes cluster with Cilium. 🎉