Installing Cilium with ArgoCD on GKE
In Kubernetes environments, networking is crucial for communication between pods and services. Cilium, a powerful CNI (Container Network Interface), offers advanced networking capabilities, while Argo, a GitOps continuous delivery tool, simplifies deployment workflows.
This guide illustrates how to install Cilium with Argo on Google Kubernetes Engine (GKE), combining the strengths of both tools for efficient networking and deployment management.
Prerequisites:
- A Google Cloud Platform (GCP) account
- Access to the Google Cloud Console
- Basic understanding of Kubernetes concepts
- Installed Google Cloud SDK (gcloud) on your local machine
Instructions
Step 1: Set Up Google Kubernetes Engine (GKE) Cluster:
gcloud container clusters create sample-clusterStep 2: Install Cilium with Argo on GKE:
Install ArgoCD using the following command:
kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yamlRetrieve the ArgoCD admin password:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -dAccess the ArgoCD UI using port forwarding:
kubectl port-forward svc/argocd-server -n argocd 8080:443Open a browser and navigate to https://localhost:8080. Log in using the admin username (admin) and the password obtained in step 2.
Create a new Git repository or use an existing one to store your Cilium configuration.
Add your Git repository as a new application in the ArgoCD UI, providing the repository URL and other necessary details.
Configure ArgoCD to deploy Cilium on your GKE cluster by specifying the Helm chart repository and values file containing your configuration.
Sample values:
nodeinit:
enabled: true
reconfigureKubelet: true
removeCbrBridge: true
cni:
binPath: /home/kubernetes/bin
gke:
enabled: true
ipam:
mode: kubernetes
ipv4NativeRoutingCIDR: 10.91.0.0/20
hubble:
relay:
enabled: true
ui:
frontend:
server:
ipv6:
enabled: false
enabled: true
metrics:
enableOpenMetrics: true
enabled:
- dns
- drop
- tcp
- flow
- port-distribution
- icmp
- httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction
prometheus:
enabled: true
serviceMonitor:
enabled: true
operator:
prometheus:
enabled: true
l7Proxy: false
bpf:
masquerade: false
hostServices:
hostNamespaceOnly: true
socketLB:
hostNamespaceOnly: true
kubeProxyReplacement: strict
dashboards:
enabled: trueNote: To get ipv4NativeRoutingCIDR you can run the following commands:
export CLUSTER_NAME=sample-cluster
export CLUSTER_ZONE=us-west2-a
export NATIVE_CIDR="$(gcloud container clusters describe $CLUSTER_NAME --zone $CLUSTER_ZONE --format 'value(clusterIpv4Cidr)')"
echo $NATIVE_CIDRClick “Sync” in the ArgoCD UI to initiate the deployment of Cilium on your GKE cluster.
Step 3: Verify Cilium Installation:
Ensure that the Cilium pods are running in the kube-system namespace:
kubectl get pods -n kube-system -l k8s-app=ciliumConfirm that Cilium is functioning correctly by testing network connectivity and policies within your Kubernetes cluster, or run the cilium connectivity tests.
Install the Cilium CLI:
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}Run the test:
cilium connectivity testBy following this guide, you have successfully installed Cilium with Argo on Google Kubernetes Engine (GKE). Leveraging Argo’s GitOps capabilities, you can automate the deployment of Cilium, ensuring consistent networking across your Kubernetes clusters. This integrated approach simplifies management tasks and enhances the scalability and security of your Kubernetes infrastructure.
