Using CNI Cilium Overlay
Last updated
Last updated
Address
VNG CorporationOverview
CNI Cilium Overlay in VKS is a type of overlay network that uses eBPF (extended Berkeley Packet Filter) to enhance network performance and security. Compared to solutions like Calico Overlay , Cilium offers higher performance thanks to its ability to process traffic directly in the kernel using eBPF. In addition, Calico often uses iptables to manage traffic, while Cilium with eBPF can handle network policies and application-specific behaviors (Layer 7).
On VKS, Cilium Overlay works according to the following model:
In there:
Pod (eth0) -> lxc01/lxc02 : Pods communicate over a virtual network created by Cilium.
lxc01/lxc02 -> cilium_host : Packets from Pods are forwarded to cilium_host, which is the intermediate layer between the Pod's network and the physical network.
cilium_host -> ens3 : After being processed by Cilium (and eBPF), packets are sent to the physical network via ens3.
ens3 -> VPC Network : Finally, packets are transmitted over the physical network to other nodes or out of the cluster.
To be able to initialize a Cluster and Deploy a Workload , you need:
There is at least 1 VPC and 1 Subnet in ACTIVE state . If you do not have any VPC, Subnet, please initialize VPC, Subnet according to the instructions here .
There is at least 1 SSH key in ACTIVE state . If you do not have any SSH key, please initialize SSH key following the instructions here .
kubectl installed and configured on your device. please refer here if you are not sure how to install and use kuberctl. In addition, you should not use an outdated version of kubectl, we recommend that you use a kubectl version that is no more than one version different from the cluster version.
To initialize a Cluster, follow the steps below:
Step 1: Access https://vks.console.vngcloud.vn/overview
Step 2: On the Overview screen , select Activate.
Step 3: Wait until we successfully initialize your VKS account. After successfully Activating, select Create a Cluster.
Step 4: At the Cluster initialization screen, we have set up the information for the Cluster and a Default Node Group for you. To use Cilium Overlay for your Cluster , please select:
Network type : Cilium Overlay
Field | Meaning | Illustrative example |
VPC | The IP address range that the Cluster nodes will use to communicate. | In the picture, we choose VPC with IP range 10.111.0.0/16 , corresponding to 65536 IPs |
Subnet | A smaller IP address range belonging to the VPC. Each node in the Cluster will be assigned an IP from this Subnet. The Subnet must be within the IP range of the selected VPC. | In the picture, we choose Subnet with Primary IP range of 10.111.0.0/24 , corresponding to 256 IPs |
IP-IP encapsulation mode | IP-IP encapsulation mode in VKS is Always | In the figure, we select Always mode to always encapsulate packets. |
CIDR | The virtual network range that the pods will use | In the picture, we choose the virtual network range as |
Attention:
Only one networktype: In a cluster, you can use only one of three networktypes: Calico Overlay, Cilium Overlay, or Cilium VPC Native Routing
Multiple subnets for a cluster: VKS supports the use of multiple subnets for a cluster. This allows you to configure each node group in the cluster to be located on different subnets within the same VPC, helping to optimize resource allocation and network management.
Step 5: Select Create Kubernetes cluster. Please wait a few minutes for us to initialize your Cluster, the status of the Cluster is now Creating .
Step 6: When the Cluster status is Active , you can view Cluster information and Node Group information by selecting Cluster Name in the Name column .
Below are instructions for deploying an nginx deployment and testing IP assignment for the pods deployed in your cluster.
Step 1: Access https://vks.console.vngcloud.vn/k8s-cluster
Step 2: The Cluster list is displayed, select the Download icon and select Download Config File to download the kubeconfig file. This file will give you full access to your Cluster.
Step 3 : Rename this file to config and save it to the ~/.kube/config folder
Step 4: Perform Cluster check via command:
Run the following command to check the node
If the result is as below, it means your Cluster is successfully initialized with 3 nodes:
Continue running the following command to check the pods deployed on your kube-system namespace:
If the result is as below, it means that the pods supporting Cilium Overlay have been successfully run:
Step 2: Deploy nginx on the newly created cluster:
Initialize the nginx-deployment.yaml file with the following content:
Perform this deployment via command:
Step 3: Check the deployed nginx pods and the IP address assigned to each pod
Perform a check of the pods via the command:
You can observe below, the nginx pods are assigned IPs 172.16.xx which satisfy the Cilium CIDR condition 172.16.0.0/16 that we specified above:
You can also perform a detailed description of each pod to check this pod information via the command:
