export none; # Export to protocol. default is export none }; } # Static IPv4 routes. protocol static { ipv4; route {{ POD_CIDR }} via "cilium_host"; } # BGP peers protocol something like this: $ birdc show route BIRD 2.0.6 ready. Table master4: 10.5.48.0/24 unicast [static1 20:14:51.478] * (200) dev cilium_host This indicates that the PodCIDR 10.5.48.0/24 on this exposed inside of a VPC and not publicly accessible outside of the VPC. It is recommended to use a static IP for the ServiceIP to avoid requiring to update the IP mapping as done in one of the later steps

exposed inside of a VPC and not publicly accessible outside of the VPC. It is recommended to use a static IP for the ServiceIP to avoid requiring to update the IP mapping as done in one of the later steps Cilium and Mesos You can observe that the policy is applied via cilium CLI as the POLICY ENFORCEMENT column changed from Disabled to Enabled: $ cilium endpoint list ENDPOINT POLICY (ingress) POLICY (egress) errors when trying to proxy traffic to pods. You may run Cilium as a static pod [https://kubernetes.io/docs/tasks/administer-cluster/static-pod/] or set tolerations [https://kubernetes.io/docs/concepts/co

Cilium and Mesos You can observe that the policy is applied via cilium CLI as the POLICY ENFORCEMENT column changed from Disabled to Enabled: $ cilium endpoint list ENDPOINT POLICY (ingress) POLICY (egress) is also possible to hard-code static-config sec�ons that simply contain a hardcoded IP address and port: - job_name: 'cilium-agent-nodes' metrics_path: /metrics static_configs: - targets: ['192 kube-system exec -ti cilium-q8wvt -- cilium endpoint list When you find the correct endpoint, the first column of every row is the endpoint ID. Use that to dump the full endpoint informa�on: kubectl -n kube-system

possible to use the LoadBalancer service type that, depending on your cloud provider, allows use of a static IP, making configuring the external workloads easier. NodePort NodePort is the default service export none; # Export to protocol. default is export none }; } # Static IPv4 routes. protocol static { ipv4; route {{ POD_CIDR }} via "cilium_host"; } # BGP peers protocol something like this: $ birdc show route BIRD 2.0.6 ready. Table master4: 10.5.48.0/24 unicast [static1 20:14:51.478] * (200) dev cilium_host This indicates that the PodCIDR 10.5.48.0/24 on this

export none; # Export to protocol. default is export none }; } # Static IPv4 routes. protocol static { ipv4; route {{ POD_CIDR }} via "cilium_host"; } # BGP peers protocol something like this: $ birdc show route BIRD 2.0.6 ready. Table master4: 10.5.48.0/24 unicast [static1 20:14:51.478] * (200) dev cilium_host This indicates that the PodCIDR 10.5.48.0/24 on this use cases: Node-local DNS cache DNS node-cache [https://github.com/kubernetes/dns] listens on a static IP to intercept traffic from application pods to the cluster’s DNS service VIP by default, which

export none; # Export to protocol. default is export none }; } # Static IPv4 routes. protocol static { ipv4; route {{ POD_CIDR }} via "cilium_host"; } # BGP peers protocol something like this: $ birdc show route BIRD 2.0.6 ready. Table master4: 10.5.48.0/24 unicast [static1 20:14:51.478] * (200) dev cilium_host This indicates that the PodCIDR 10.5.48.0/24 on this use cases: Node-local DNS cache DNS node-cache [https://github.com/kubernetes/dns] listens on a static IP to intercept traffic from application pods to the cluster’s DNS service VIP by default, which

export none; # Export to protocol. default is export none }; } # Static IPv4 routes. protocol static { ipv4; route {{ POD_CIDR }} via "cilium_host"; } # BGP peers protocol something like this: $ birdc show route BIRD 2.0.6 ready. Table master4: 10.5.48.0/24 unicast [static1 20:14:51.478] * (200) dev cilium_host This indicates that the PodCIDR 10.5.48.0/24 on this exposed inside of a VPC and not publicly accessible outside of the VPC. It is recommended to use a static IP for the ServiceIP to avoid requiring to update the IP mapping as done in one of the later steps