Last updated on: 2023-03-22 07:58:40.

Configuring Cilium CNI

Prerequisites

Before you being configuring Cilium CNI, make sure the following prerequisites are met:

  • BIG-IP is licensed and set up as a cluster.
  • The networking setup is already complete.
  • Supported Cilium Version v1.12.0 or newer.
  • Linux version v5.2.0 or newer on all nodes of a Kubernetes cluster.
  • Supported CIS version of v2.10.0 or newer.
  • Validated Kubernetes Version: v1.24.3
  • Cilium CNI is successfully installed and able to allocate a Pod IPaddress from Cilium CNI.

Creating VXLAN Tunnels on Kubernetes Cluster for Cilium CNI

CIS supports Cilium CNI only in a ClusterIP Deployment. See Deployment Options for more information.

  1. Create a VXLAN profile. In the example below, the profile name is cilium-vxlan-profile.

    tmsh create net tunnels vxlan cilium-vxlan-profile port 8472 flooding-type multipoint
    ../_images/cilium-1.png

    ../_images/cilium-2.png

  2. Create a VXLAN tunnel.

    tmsh create net tunnels tunnel cilium-vxlan-tunnel-mp key 2 profile cilium-vxlan-profile local-address 10.4.1.59 remote-address any
    ../_images/cilium-3.png

    ../_images/cilium-4.png

  3. Create the VXLAN tunnel self IP.

    tmsh create net self cilium-selfip address 10.1.5.15/255.255.0.0 allow-service none vlan cilium-vxlan-tunnel-mp
    ../_images/cilium-5.png

    ../_images/cilium-6.png

  4. Create a default route to route traffic through vxlan-tunnel (i.e. vxlan-tunnel-mp) interface to podCIDR Network of kubernetes cluster.

    tmsh create net route ciliumRoute network 10.0.0.0/16 interface cilium-vxlan-tunnel-mp
    ../_images/cilium-7.png

    ../_images/cilium-8.png

Note

CIS creates only FDB entries. ARP entries of the cluster pods are learned dynamically by BIG-IP.

Other References:

https://github.com/f5devcentral/f5-ci-docs/blob/master/docs/cilium/cilium-bigip-info.rst