cilium-cli VS rke2

resource "tls_private_key" "this" { algorithm = "ECDSA" ecdsa_curve = "P384" } resource "hcloud_ssh_key" "this" { name = var.stack_name public_key = tls_private_key.this.public_key_openssh } resource "hcloud_server" "this" { name = var.stack_name server_type = "cax11" image = "ubuntu-22.04" location = "nbg1" ssh_keys = [ hcloud_ssh_key.this.id, ] public_net { ipv4 = hcloud_primary_ip.this["ipv4"].id ipv6 = hcloud_primary_ip.this["ipv6"].id } user_data = <<-EOF #cloud-config users: - name: ${var.username} groups: users, admin, adm sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash ssh_authorized_keys: - ${tls_private_key.this.public_key_openssh} packages: - certbot package_update: true package_upgrade: true runcmd: - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config - sed -i '$a AllowUsers ${var.username}' /etc/ssh/sshd_config - | curl https://get.k3s.io | \ INSTALL_K3S_VERSION="v1.29.3+k3s1" \ INSTALL_K3S_EXEC="--disable traefik --kube-apiserver-arg=service-account-jwks-uri=https://${cloudflare_record.this.name}/openid/v1/jwks --kube-apiserver-arg=service-account-issuer=https://${cloudflare_record.this.name} --disable-network-policy --flannel-backend none --write-kubeconfig /home/${var.username}/.kube/config --secrets-encryption" \ sh - - chown -R ${var.username}:${var.username} /home/${var.username}/.kube/ - | CILIUM_CLI_VERSION=v0.16.4 CLI_ARCH=arm64 curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/$CILIUM_CLI_VERSION/cilium-linux-$CLI_ARCH.tar.gz{,.sha256sum} sha256sum --check cilium-linux-$CLI_ARCH.tar.gz.sha256sum sudo tar xzvfC cilium-linux-$CLI_ARCH.tar.gz /usr/local/bin - kubectl completion bash | tee /etc/bash_completion.d/kubectl - k3s completion bash | tee /etc/bash_completion.d/k3s - | cat << 'EOF2' >> /home/${var.username}/.bashrc alias k=kubectl complete -F __start_kubectl k EOF2 - reboot EOF }

network plugin to be used, based on the documentation. (Project Calico ,Flannel, Cilium )

Isovalent makes an enterprise version of Cilium, an open source tool that uses eBPF to provide security and observability for cloud native environments. Liz gave a great talk at KubeCon Los Angeles about eBPF that I highly recommend. My reaction to her talk was that I wished I had Cilium years ago to troubleshoot some difficult incidents. When I first heard about eBPF I had thought of it more from the observability standpoint, but Cilium also provides a CNI plugin, transparent encryption, logs for security audits, and much more.

Pixie is one of a handful of observability tools that offer eBPF or kernel-level observability. Other well-known tools are Cilium and CVF.

A lot of projects are currently heavily focused on K8S (like Cilium - ebpf service mesh).

Using a container network interface (Cilium) and service mesh (Istio) on top of your K8s infrastructure to more easily manage your distributed applications.

Isovalent | Multiple roles | Mountain View (US), Zürich (CH), or Remote

We're the company behind the open source Cilium project (https://cilium.io) (11K stars on GitHub) providing eBPF-based networking, observability, and security for container workloads and clusters.

We have an amazing and in-demand product using revolutionary technology and are looking for top talent to help us build and explore all of its possibilities.

We're remote-first, mainly in the EU and US timezones.

If you're interested please apply through our careers site https://isovalent.com/careers and mention Hacker News in your application.

Keywords for searchers: open source, Go/Golang, eBPF, C, C++, Kubernetes, networking, OpenShift, Linux kernel, performance, CI, SRE, technical writing, marketing, community advocate

network plugin to be used, based on the documentation. (Project Calico ,Flannel, Cilium )

In this essay, we showed how to use Rancher rke2 to deploy a Kubernetes cluster with 6 Debian nodes with firewall enabled. We've also covered deploying Cilium as a CNI for our cluster and have it completely replace kube-proxy so as to increase speed and gain more observability via Cilium tools. This article also showed how to deploy Metallb to manage IP pools and load balance traffic for those IP pools. Throughout this guide, we assumed that we have an external load balancer that will distribute traffic to our workload and control plane nodes. For further information please visit rke2 official documents: "https://docs.rke2.io/".

In this blog post, we will demonstrate how easy and fast it is to deploy Sveltos on an RKE2 cluster with the help of ArgoCD, register two RKE2 Cluster API (CAPI) clusters and create a ClusterProfile to deploy Prometheus and Grafana Helm charts down the managed CAPI clusters.

Did something happen to the Apache 2 rancher? https://github.com/rancher/rancher/blob/v2.7.5/LICENSE RKE2 is similarly Apache 2: https://github.com/rancher/rke2/blob/v1.26.7%2Brke2r1/LICENS...

To provision all of my clusters, I use Rancher with RKE2. The primary Rancher server is hosted on a bootstrapped RKE2 cluster running on a VPS.

Golang has burned me more than once with bizarre design decisions that break things in a user hostile way.

The last one we ran into was a change in Go 1.15 where servers that presented a TLS certificate with the hostname encoded into the CN field instead of the more appropriate SAN field always fail validation.

The behavior could be disabled however that functionality was removed in 1.18 with no way to opt back into the old behavior. I understand why SAN is the right way to do it but in this case I didn’t control the server.

Developers at Google probably never have to deal with 3rd parties with shitty infrastructure but a lot of us do.

Here’s a bug in rke that’s related https://github.com/rancher/rke2/issues/775

just looking at this myself. I think k3s has more support for arm, but looking through the github repo there are a lot of bugs indicating its a mess. RKE2 seems to be their big push, they also have a github issue open that has been open for the last 2 releases that they are going to add a update path from k3s to rke2. https://github.com/rancher/rke2/issues/881

RKE (https://rancher.com/docs/rke) and RKE2 (https://docs.rke2.io/) from Rancher folks