opera�on of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like VirtualBox that run on Linux, macOS, and Windows. Install kubectl & minikube Cilium. Note If running on minikube, you may need to up the memory and CPUs available to the minikube VM from the defaults and/or the instruc�ons provided here for the other GSGs. 5 GB and 4 CPUs should be the tutorial from Step 0. Cilium with Docker & libnetwork This tutorial leverages Vagrant and VirtualBox, thus should run on any opera�ng system supported by Vagrant, including Linux, macOS, and Windows

operation of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like VirtualBox that run on Linux, macOS, and Windows. Install kubectl & minikube create -f cilium.yaml Note The above options are assuming that masquerading is desired and that the VM is connected to the VPC using eth0. It will route all traffic that does not stay in the VPC via eth0 --source-image-family $SOURCE_IMAGE_FAMILY \ --licenses=https://www.googleapis.com/compute/v1/projects/vm- options/global/licenses/enable-vmx \ $IMAGE_NAME If successful, gcloud reports that the image

operation of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like VirtualBox that run on Linux, macOS, and Windows. Install kubectl & minikube nodeinit.enabled=true Note The above options are assuming that masquerading is desired and that the VM is connected to the VPC using eth0. It will route all traffic that does not stay in the VPC via eth0 NetworkManager is running on the node and automatically performing DHCP on all network interfaces of the VM. Be sure to disable DHCP on any ENIs that get attached to the node or disable NetworkManager entirely

Environments via kubeconfig Running End-To-End Tests In Other Environments via SSH VMs for Testing VM images Known Issues and Workarounds Further Assistance Unit Testing Prerequisites Running all tests operation of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like VirtualBox that run on Linux, macOS, and Windows. Install kubectl & minikube kind cluster in an environment where Cilium is already running (for example, in the Cilium development VM). This can also happen if you have other overlapping BPF cgroup type programs attached to the parent

operation of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like VirtualBox that run on Linux, macOS, and Windows. Install kubectl & minikube $CILIUM_NAMESPACE svc/hubble-ui 12000:80 and then open http://localhost:12000/. Limitations All VMs and VM scale sets used in a cluster must belong to the same resource group. Troubleshooting If kubectl exec nodeinit.enabled=true Note The above options are assuming that masquerading is desired and that the VM is connected to the VPC using eth0. It will route all traffic that does not stay in the VPC via eth0

Environments via kubeconfig Running End-To-End Tests In Other Environments via SSH VMs for Testing VM images Known Issues and Workarounds Further Assistance Unit Testing Prerequisites Running all tests The Azure network plugin will be replaced with Cilium by the installer. Limitations: All VMs and VM scale sets used in a cluster must belong to the same resource group. Adding new nodes to node pools The Azure network plugin will be replaced with Cilium by the installer. Limitations: All VMs and VM scale sets used in a cluster must belong to the same resource group. Adding new nodes to node pools

Environments via kubeconfig Running End-To-End Tests In Other Environments via SSH VMs for Testing VM images Known Issues and Workarounds Further Assistance Integration Testing Prerequisites Running The Azure network plugin will be replaced with Cilium by the installer. Limitations: All VMs and VM scale sets used in a cluster must belong to the same resource group. Adding new nodes to node pools The Azure network plugin will be replaced with Cilium by the installer. Limitations: All VMs and VM scale sets used in a cluster must belong to the same resource group. Adding new nodes to node pools

listening socket. Fun? We will need… ❏ VM running Linux kernel 5.9+ ❏ bpftool 5.9+ ❏ libbpf headers ❏ kernel headers vm $ uname -r 5.9.1-36.vanilla.1.fc32.x86_64 vm $ bpftool version bpftool v5.9.1 $ nc -4 127.0.0.1 7777 hello⏎ hello ^D Netcat + /bin/cat Test it! Check open ports on VM external IP vm $ ip -4 addr show eth0 2: eth0: mtu 1500 qdisc fq_codel IP address (1 host up) scanned in 0.07 seconds scan first 1000 ports 7, 77, 777 are closed check VM IP What is socket lookup? raw PREROUTING filter INPUT conntrack routing decision mangle PREROUTING

change • https://github.com/torvalds/linux/ commit/62ebaeaedee7591c257543 d040677a60e35c7aec eth VM1 VM2 VM3 SRv6 + iptables Security Policy VRF VRF VRF For More Information • Our SRv6 DC network architecture

Multi-arch support for cilium-related images • CI/CD • Travis • Unit test Travis CI • Arm64 Full VM • arm64-graviton2 • Refer to: • https://docs.travis-ci.com/user/multi-cpu-architectures • https://github