Cilium mutual auth … DIY

Philippe Bogaerts
7 min readAug 4, 2023
Cilium mtls SPIRE authentication

Introduction

The idea of this short tutorial is to see if we can get Cilium mutual-auth working on a sef-managed cluster.

I used a 3-node cluster on AWS based on
- Ubuntu 20.04
- Containerd 1.6.21
- Kubernetes v1.27.4

Install instructions are based on https://github.com/xxradar/k8s-calico-oss-install-containerd, but do not install any CNI at this point.

Install Cilium components

This is just a quick install, check out https://docs.cilium.io/en/v1.14/ for up-to-date install instructions.

Cilium CLI

Install the cilium cli

CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}

Check for version 0.15 or higher

cilium version --client…

--

--

Philippe Bogaerts
Philippe Bogaerts

Written by Philippe Bogaerts

#BruCON co-founder, #OWASP supporter, Application Delivery and Web Application Security, #Kubernetes and #container, #pentesting enthousiast, BBQ & cocktails !!

No responses yet