Snippet | Cilium for L2 LoadBalancing
This is how I installed Cilium for CNI as kube-proxy repalcement and for it to also work as L2 announcer.
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
tar xzvf cilium-linux-amd64.tar.gz
mv cilium /usr/local/bin/
rm cilium-linux-amd64.tar.gz
cilium install \
--version=v1.15.0 \
--namespace=kube-system \
--set kubeProxyReplacement=strict \
--set ipam.mode=cluster-pool \
--set tunnel=vxlan \
--set hubble.relay.enabled=true \
--set hubble.ui.enabled=true \
--set hubble.enabled=true \
--set bgpControlPlane.enabled=true \
--set l2announcements.enabled=true \
--set externalIPs.enabled=true \
--set ingressController.enabled=true \
--set ingressController.loadbalancerMode=sharedNow, Cilium must know what IP addresses it can allocate. For this we need to create a pool of IPs.
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: cilium-lb-ip-pool
spec:
cidrs:
- cidr: 192.168.1.192/26Cilium uses the IPs in this CIDR block to assign to your new LoadBlancer IPs. The next part is to announce the IP in the local network (to your router) for registration.
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
name: cilium-l2announcement-policy
spec:
serviceSelector: {}
nodeSelector:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
interfaces:
- enp1s0 # check the interface active by running 'netplan status'
externalIPs: true
loadBalancerIPs: trueApply them and voila.! Your LoabBalancer IPs will have IPs assigned and they will be reachable from your local network.
