Skip to content
/ cilium-cli Public
forked from cilium/cilium-cli

CLI to install, manage & troubleshoot Kubernetes clusters running Cilium

cilium.io

License

Apache-2.0 license
0 stars 210 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mikejennings/cilium-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

1 Commit
clustermesh
clustermesh
ย 
ย 
cmd/cilium
cmd/cilium
ย 
ย 
connectivity
connectivity
ย 
ย 
defaults
defaults
ย 
ย 
hubble
hubble
ย 
ย 
install
install
ย 
ย 
internal
internal
ย 
ย 
status
status
ย 
ย 
vendor
vendor
ย 
ย 
.gitignore
.gitignore
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
go.mod
go.mod
ย 
ย 
go.sum
go.sum
ย 
ย 

Repository files navigation

Next-Gen Cilium CLI (Experimental)

Installation

cd cmd/cilium go build

Capabilities

Install Cilium

To install Cilium while automatically detected

    cilium install
    ๐Ÿ”ฎ Auto-detected Kubernetes kind: minikube
    โœจ Running "minikube" validation checks
    โœ… Detected minikube version "1.5.2"
    โ„น๏ธ  Cilium version not set, using default version "v1.9.1"
    ๐Ÿ”ฎ Auto-detected cluster name: minikube
    ๐Ÿ”ฎ Auto-detected datapath mode: tunnel
    ๐Ÿ”‘ Found existing CA in secret cilium-ca
    ๐Ÿ”‘ Generating certificates for Hubble...
    2021/01/06 14:40:09 [INFO] generate received request
    2021/01/06 14:40:09 [INFO] received CSR
    2021/01/06 14:40:09 [INFO] generating key: rsa-2048
    2021/01/06 14:40:09 [INFO] encoded CSR
    2021/01/06 14:40:09 [INFO] signed certificate with serial number 100064573681617100283382379701098370105206717828
    ๐Ÿš€ Creating service accounts...
    ๐Ÿš€ Creating cluster roles...
    ๐Ÿš€ Creating ConfigMap...
    ๐Ÿš€ Creating agent DaemonSet...
    ๐Ÿš€ Creating operator Deployment...

Supported Environments

  • minikube
  • EKS
  • self-managed
  • GKE
  • AKS
  • kind
  • k3s
  • Rancher

Cluster Context Management

    cilium context
    Context: minikube
    Cluster: minikube
    Auth: minikube
    Host: https://192.168.64.25:8443
    TLS server name:
    CA path: /Users/tgraf/.minikube/ca.crt

Hubble

    ./cilium hubble enable
    ๐Ÿ”‘ Generating certificates for Relay...
    2021/01/06 14:40:21 [INFO] generate received request
    2021/01/06 14:40:21 [INFO] received CSR
    2021/01/06 14:40:21 [INFO] generating key: rsa-2048
    2021/01/06 14:40:21 [INFO] encoded CSR
    2021/01/06 14:40:21 [INFO] signed certificate with serial number 257161504887184430913779255692233956510035935986
    2021/01/06 14:40:21 [INFO] generate received request
    2021/01/06 14:40:21 [INFO] received CSR
    2021/01/06 14:40:21 [INFO] generating key: rsa-2048
    2021/01/06 14:40:21 [INFO] encoded CSR
    2021/01/06 14:40:21 [INFO] signed certificate with serial number 282554813841417773944504735898535346056548994034
    โœจ Deploying Relay...

Status

    cilium status
        /ยฏยฏ\
     /ยฏยฏ\__/ยฏยฏ\    Cilium:      OK
     \__/ยฏยฏ\__/    Operator:    OK
     /ยฏยฏ\__/ยฏยฏ\    Hubble:      OK
     \__/ยฏยฏ\__/
        \__/
    DaemonSet         cilium             Desired: 1, Ready: 1/1, Available: 1/1
    Deployment        cilium-operator    Desired: 1, Ready: 1/1, Available: 1/1
    Deployment        hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1
    Containers:       cilium             Running: 1
                      cilium-operator    Running: 1
                      hubble-relay       Running: 1
    Image versions    cilium             quay.io/cilium/cilium:v1.9.1: 1
                      cilium-operator    quay.io/cilium/operator-generic:v1.9.1: 1
                      hubble-relay       quay.io/cilium/hubble-relay:v1.9.1: 1

Connectivity Check

    cilium connectivity test --single-node
    โŒ› Waiting for deployments to become ready
    ๐Ÿ”ญ Enabling Hubble telescope...
    โš ๏ธ  Unable to contact Hubble Relay: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp [::1]:4245: connect: connection refused"
    โš ๏ธ  Did you enable and expose Hubble + Relay?
    โ„น๏ธ  You can export Relay with a port-forward: kubectl port-forward -n kube-system deployment/hubble-relay 4245:4245
    โ„น๏ธ  Disabling Hubble telescope and flow validation...
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to pod cilium-test/echo-same-node-7f877bbf9-p2xg8...
    -------------------------------------------------------------------------------------------
    โœ… client pod client-9f579495f-b2pcq was able to communicate with echo pod echo-same-node-7f877bbf9-p2xg8 (10.0.0.166)
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to outside of cluster...
    -------------------------------------------------------------------------------------------
    โœ… client pod client-9f579495f-b2pcq was able to communicate with google.com
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to local host...
    -------------------------------------------------------------------------------------------
    โœ… client pod client-9f579495f-b2pcq was able to communicate with local host
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to service echo-same-node...
    -------------------------------------------------------------------------------------------
    โœ… client pod client-9f579495f-b2pcq was able to communicate with service echo-same-node

With Flow Validation

    kubectl port-forward -n kube-system deployment/hubble-relay 4245:4245&
    cilium connectivity test --single-node
    โŒ› Waiting for deployments to become ready
    ๐Ÿ”ญ Enabling Hubble telescope...
    Handling connection for 4245
    โ„น๏ธ  Hubble is OK, flows: 405/4096
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to pod cilium-test/echo-same-node-7f877bbf9-p2xg8...
    -------------------------------------------------------------------------------------------
    ๐Ÿ“„ Flow logs of pod cilium-test/client-9f579495f-b2pcq:
    Jan  6 13:41:17.739: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: SYN)
    Jan  6 13:41:17.739: 10.0.0.166:8080 -> 10.0.0.11:43876 to-endpoint FORWARDED (TCP Flags: SYN, ACK)
    Jan  6 13:41:17.739: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK)
    Jan  6 13:41:17.739: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:17.755: 10.0.0.166:8080 -> 10.0.0.11:43876 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:17.756: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK, FIN)
    Jan  6 13:41:17.757: 10.0.0.166:8080 -> 10.0.0.11:43876 to-endpoint FORWARDED (TCP Flags: ACK, FIN)
    Jan  6 13:41:17.757: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK)
    ๐Ÿ“„ Flow logs of pod cilium-test/echo-same-node-7f877bbf9-p2xg8:
    Jan  6 13:41:17.739: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: SYN)
    Jan  6 13:41:17.739: 10.0.0.166:8080 -> 10.0.0.11:43876 to-endpoint FORWARDED (TCP Flags: SYN, ACK)
    Jan  6 13:41:17.739: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK)
    Jan  6 13:41:17.739: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:17.755: 10.0.0.166:8080 -> 10.0.0.11:43876 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:17.756: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK, FIN)
    Jan  6 13:41:17.757: 10.0.0.166:8080 -> 10.0.0.11:43876 to-endpoint FORWARDED (TCP Flags: ACK, FIN)
    Jan  6 13:41:17.757: 10.0.0.11:43876 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK)
    โœ… client pod client-9f579495f-b2pcq was able to communicate with echo pod echo-same-node-7f877bbf9-p2xg8 (10.0.0.166)
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to outside of cluster...
    -------------------------------------------------------------------------------------------
    โŒ Found RST in pod cilium-test/client-9f579495f-b2pcq
    โŒ FIN not found in pod cilium-test/client-9f579495f-b2pcq
    ๐Ÿ“„ Flow logs of pod cilium-test/client-9f579495f-b2pcq:
    Jan  6 13:41:22.025: 10.0.0.11:55334 -> 10.0.0.243:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.025: 10.0.0.11:55334 -> 10.0.0.243:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.027: 10.0.0.243:53 -> 10.0.0.11:55334 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.028: 10.0.0.243:53 -> 10.0.0.11:55334 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.028: 10.0.0.11:56466 -> 10.0.0.104:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.028: 10.0.0.11:56466 -> 10.0.0.104:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.029: 10.0.0.104:53 -> 10.0.0.11:56466 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.029: 10.0.0.104:53 -> 10.0.0.11:56466 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.030: 10.0.0.11:57691 -> 10.0.0.243:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.030: 10.0.0.243:53 -> 10.0.0.11:57691 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.030: 10.0.0.11:57691 -> 10.0.0.243:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.031: 10.0.0.243:53 -> 10.0.0.11:57691 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.031: 10.0.0.11:52849 -> 10.0.0.104:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.032: 10.0.0.104:53 -> 10.0.0.11:52849 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.033: 10.0.0.11:52849 -> 10.0.0.104:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.037: 10.0.0.104:53 -> 10.0.0.11:52849 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:22.038: 10.0.0.11:45040 -> 172.217.168.46:443 to-stack FORWARDED (TCP Flags: SYN)
    Jan  6 13:41:22.041: 172.217.168.46:443 -> 10.0.0.11:45040 to-endpoint FORWARDED (TCP Flags: SYN, ACK)
    Jan  6 13:41:22.041: 10.0.0.11:45040 -> 172.217.168.46:443 to-stack FORWARDED (TCP Flags: ACK)
    Jan  6 13:41:22.059: 10.0.0.11:45040 -> 172.217.168.46:443 to-stack FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:22.073: 172.217.168.46:443 -> 10.0.0.11:45040 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:22.096: 10.0.0.11:45040 -> 172.217.168.46:443 to-stack FORWARDED (TCP Flags: ACK, RST)
    Jan  6 13:41:22.097: 172.217.168.46:443 -> 10.0.0.11:45040 to-endpoint FORWARDED (TCP Flags: ACK, FIN)
    Jan  6 13:41:22.097: 10.0.0.11:45040 -> 172.217.168.46:443 to-stack FORWARDED (TCP Flags: RST)
    โœ… client pod client-9f579495f-b2pcq was able to communicate with google.com
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to local host...
    -------------------------------------------------------------------------------------------
    ๐Ÿ“„ Flow logs of pod cilium-test/client-9f579495f-b2pcq:
    Jan  6 13:41:25.305: 10.0.0.11 -> 192.168.64.25 to-stack FORWARDED (ICMPv4 EchoRequest)
    Jan  6 13:41:25.305: 192.168.64.25 -> 10.0.0.11 to-endpoint FORWARDED (ICMPv4 EchoReply)
    โœ… client pod client-9f579495f-b2pcq was able to communicate with local host
    -------------------------------------------------------------------------------------------
    ๐Ÿ”Œ Validating from pod cilium-test/client-9f579495f-b2pcq to service echo-same-node...
    -------------------------------------------------------------------------------------------
    ๐Ÿ“„ Flow logs of pod cilium-test/client-9f579495f-b2pcq:
    Jan  6 13:41:30.499: 10.0.0.11:39559 -> 10.0.0.104:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:30.499: 10.0.0.11:39559 -> 10.0.0.104:53 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:30.500: 10.0.0.104:53 -> 10.0.0.11:39559 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:30.500: 10.0.0.104:53 -> 10.0.0.11:39559 to-endpoint FORWARDED (UDP)
    Jan  6 13:41:30.503: 10.0.0.11:59414 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: SYN)
    Jan  6 13:41:30.503: 10.0.0.166:8080 -> 10.0.0.11:59414 to-endpoint FORWARDED (TCP Flags: SYN, ACK)
    Jan  6 13:41:30.503: 10.0.0.11:59414 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK)
    Jan  6 13:41:30.503: 10.0.0.11:59414 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:30.505: 10.0.0.166:8080 -> 10.0.0.11:59414 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Jan  6 13:41:30.509: 10.0.0.11:59414 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK, FIN)
    Jan  6 13:41:30.509: 10.0.0.166:8080 -> 10.0.0.11:59414 to-endpoint FORWARDED (TCP Flags: ACK, FIN)
    Jan  6 13:41:30.509: 10.0.0.11:59414 -> 10.0.0.166:8080 to-endpoint FORWARDED (TCP Flags: ACK)
    โœ… client pod client-9f579495f-b2pcq was able to communicate with service echo-same-node

ClusterMesh

About

CLI to install, manage & troubleshoot Kubernetes clusters running Cilium

cilium.io

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 99.2%
  • Other 0.8%