cilium-cli
rke2
cilium-cli | rke2 | |
---|---|---|
11 | 26 | |
368 | 1,353 | |
2.4% | 2.9% | |
9.8 | 9.3 | |
1 day ago | 8 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cilium-cli
-
Grant Kubernetes Pods Access to AWS Services Using OpenID Connect
resource "tls_private_key" "this" { algorithm = "ECDSA" ecdsa_curve = "P384" } resource "hcloud_ssh_key" "this" { name = var.stack_name public_key = tls_private_key.this.public_key_openssh } resource "hcloud_server" "this" { name = var.stack_name server_type = "cax11" image = "ubuntu-22.04" location = "nbg1" ssh_keys = [ hcloud_ssh_key.this.id, ] public_net { ipv4 = hcloud_primary_ip.this["ipv4"].id ipv6 = hcloud_primary_ip.this["ipv6"].id } user_data = <<-EOF #cloud-config users: - name: ${var.username} groups: users, admin, adm sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash ssh_authorized_keys: - ${tls_private_key.this.public_key_openssh} packages: - certbot package_update: true package_upgrade: true runcmd: - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config - sed -i '$a AllowUsers ${var.username}' /etc/ssh/sshd_config - | curl https://get.k3s.io | \ INSTALL_K3S_VERSION="v1.29.3+k3s1" \ INSTALL_K3S_EXEC="--disable traefik --kube-apiserver-arg=service-account-jwks-uri=https://${cloudflare_record.this.name}/openid/v1/jwks --kube-apiserver-arg=service-account-issuer=https://${cloudflare_record.this.name} --disable-network-policy --flannel-backend none --write-kubeconfig /home/${var.username}/.kube/config --secrets-encryption" \ sh - - chown -R ${var.username}:${var.username} /home/${var.username}/.kube/ - | CILIUM_CLI_VERSION=v0.16.4 CLI_ARCH=arm64 curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/$CILIUM_CLI_VERSION/cilium-linux-$CLI_ARCH.tar.gz{,.sha256sum} sha256sum --check cilium-linux-$CLI_ARCH.tar.gz.sha256sum sudo tar xzvfC cilium-linux-$CLI_ARCH.tar.gz /usr/local/bin - kubectl completion bash | tee /etc/bash_completion.d/kubectl - k3s completion bash | tee /etc/bash_completion.d/k3s - | cat << 'EOF2' >> /home/${var.username}/.bashrc alias k=kubectl complete -F __start_kubectl k EOF2 - reboot EOF }
- Install RKE2 with Cilium and Metallb
- External service LB with k8s cluster
-
libvirt-k8s-provisioner - Ansible and terraform to build a cluster from scratch in less than 10 minutes ok KVM - Updated for 1.25
network plugin to be used, based on the documentation. (Project Calico ,Flannel, Cilium )
-
7 Kubernetes Companies to Watch in 2022
Isovalent makes an enterprise version of Cilium, an open source tool that uses eBPF to provide security and observability for cloud native environments. Liz gave a great talk at KubeCon Los Angeles about eBPF that I highly recommend. My reaction to her talk was that I wished I had Cilium years ago to troubleshoot some difficult incidents. When I first heard about eBPF I had thought of it more from the observability standpoint, but Cilium also provides a CNI plugin, transparent encryption, logs for security audits, and much more.
-
Pixie: an X-ray Machine for Kubernetes Traffic
Pixie is one of a handful of observability tools that offer eBPF or kernel-level observability. Other well-known tools are Cilium and CVF.
-
Redundancy for apps
A lot of projects are currently heavily focused on K8S (like Cilium - ebpf service mesh).
-
Managing Distributed Applications in Kubernetes Using Cilium and Istio with Helm and Operator for Deployment
Using a container network interface (Cilium) and service mesh (Istio) on top of your K8s infrastructure to more easily manage your distributed applications.
-
Ask HN: Who is hiring? (March 2022)
Isovalent | Multiple roles | Mountain View (US), Zürich (CH), or Remote
We're the company behind the open source Cilium project (https://cilium.io) (11K stars on GitHub) providing eBPF-based networking, observability, and security for container workloads and clusters.
We have an amazing and in-demand product using revolutionary technology and are looking for top talent to help us build and explore all of its possibilities.
We're remote-first, mainly in the EU and US timezones.
If you're interested please apply through our careers site https://isovalent.com/careers and mention Hacker News in your application.
Keywords for searchers: open source, Go/Golang, eBPF, C, C++, Kubernetes, networking, OpenShift, Linux kernel, performance, CI, SRE, technical writing, marketing, community advocate
-
libvirt-k8s-provisioner - Ansible and terraform to build a cluster from scratch in less than 10 minutes ok KVM
network plugin to be used, based on the documentation. (Project Calico ,Flannel, Cilium )
rke2
- Deploy Nginx Load Balancer for Rancher
-
Install RKE2 with Cilium and Metallb
In this essay, we showed how to use Rancher rke2 to deploy a Kubernetes cluster with 6 Debian nodes with firewall enabled. We've also covered deploying Cilium as a CNI for our cluster and have it completely replace kube-proxy so as to increase speed and gain more observability via Cilium tools. This article also showed how to deploy Metallb to manage IP pools and load balance traffic for those IP pools. Throughout this guide, we assumed that we have an external load balancer that will distribute traffic to our workload and control plane nodes. For further information please visit rke2 official documents: "https://docs.rke2.io/".
-
5-Step Approach: Projectsveltos for Kubernetes add-on deployment and management on RKE2
In this blog post, we will demonstrate how easy and fast it is to deploy Sveltos on an RKE2 cluster with the help of ArgoCD, register two RKE2 Cluster API (CAPI) clusters and create a ClusterProfile to deploy Prometheus and Grafana Helm charts down the managed CAPI clusters.
-
OpenTF Announces Fork of Terraform
Did something happen to the Apache 2 rancher? https://github.com/rancher/rancher/blob/v2.7.5/LICENSE RKE2 is similarly Apache 2: https://github.com/rancher/rke2/blob/v1.26.7%2Brke2r1/LICENS...
- Self-hosted Serverless with Kubernetes for a Small Team
-
Just finished migrating my old tower servers to a Kubernetes cluster on my new rack!
To provision all of my clusters, I use Rancher with RKE2. The primary Rancher server is hosted on a bootstrapped RKE2 cluster running on a VPS.
-
Golang is evil on shitty networks
Golang has burned me more than once with bizarre design decisions that break things in a user hostile way.
The last one we ran into was a change in Go 1.15 where servers that presented a TLS certificate with the hostname encoded into the CN field instead of the more appropriate SAN field always fail validation.
The behavior could be disabled however that functionality was removed in 1.18 with no way to opt back into the old behavior. I understand why SAN is the right way to do it but in this case I didn’t control the server.
Developers at Google probably never have to deal with 3rd parties with shitty infrastructure but a lot of us do.
Here’s a bug in rke that’s related https://github.com/rancher/rke2/issues/775
- Documentation on how to deploy an RKE2 cluster with rancher?
-
K3s or RKE2?
just looking at this myself. I think k3s has more support for arm, but looking through the github repo there are a lot of bugs indicating its a mess. RKE2 seems to be their big push, they also have a github issue open that has been open for the last 2 releases that they are going to add a update path from k3s to rke2. https://github.com/rancher/rke2/issues/881
-
Best way to install and use kubernetes for learning
RKE (https://rancher.com/docs/rke) and RKE2 (https://docs.rke2.io/) from Rancher folks
What are some alternatives?
ingress-nginx - Ingress-NGINX Controller for Kubernetes
kubespray - Deploy a Production Ready Kubernetes Cluster
metallb - A network load-balancer implementation for Kubernetes using standard routing protocols
talos - Talos Linux is a modern Linux distribution built for Kubernetes.
Netmaker - Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
hetzner-k3s - The easiest and quickest way to create and manage Kubernetes clusters in Hetzner Cloud using the lightweight distribution k3s by Rancher.
istio - Connect, secure, control, and observe services.
k3s - Lightweight Kubernetes
Gravitational Teleport - The easiest, and most secure way to access and protect all of your infrastructure.
ansible-role-k3s - Ansible role for deploying k3s cluster
operator-sdk - SDK for building Kubernetes applications. Provides high level APIs, useful abstractions, and project scaffolding.
manifesto - The OpenTF Manifesto expresses concern over HashiCorp's switch of the Terraform license from open-source to the Business Source License (BSL) and calls for the tool's return to a truly open-source license.