58 questions
- Bountied 0
- Unanswered
- Frequent
- Score
- Trending
- Week
- Month
- Unanswered (my tags)
0
votes
1
answer
150
views
Pod to service traffic on GKE Dataplane v2 vs Cilium
I am looking into different behaviour between Cilium CNI and GKE Dataplane V2.
Mainly, for Pod to ClusterIp traffic, with kube-proxy replacement enabled on:
Cilium - traffic coming from LXC interface ...
1
vote
1
answer
17
views
customresourcedefinitions.apiextensions.k8s.io "tracingpolicies.cilium.io" not found
I did a standard install of tetragon
% helm repo add cilium https://helm.cilium.io
% helm install tetragon cilium/tetragon -n cilium-system
NAME: tetragon
LAST DEPLOYED: Wed Jul 2 16:53:30 2025
...
2
votes
3
answers
2k
views
How can I apply tolerations to EKS's Add-Ons when using Terraform
I'm trying to install Cilium in my EKS cluster, to acomplish that I need to create my cluster's node groups with the following taint:
taints:
- key: "node.cilium.io/agent-not-ready"
...
0
votes
1
answer
142
views
AWS NLB self-hosted k8s weird issue
My setup is as below:
Self-hosted k8s (kubespray) running on 5 EC2 instances on AWS. 3 control plane nodes. 2 worker nodes.
Kong ingress controller
private NLB (created by kong deployment)
Private NLB ...
1
vote
1
answer
501
views
AKS Network Policy Manager vs Azure Cilium Network Policies
I am trying to implement network policies in Azure AKS cluster. upon reading docs I see Azure supports 3 policy engine
calico
Azure NPM
Azure CNI
Ref: https://learn.microsoft.com/en-us/azure/aks/use-...
0
votes
1
answer
915
views
Error: Unable to enable Hubble: release: not found
I have deployed a K8s cluster on minikube via the following command:
minikube start --nodes 2 -p lab --driver=virtualbox --cni=cilium --host-dns-resolver=false --no-vtx-check
After the cluster is ...
0
votes
1
answer
2k
views
Cert-manager fails to issue gateway api certificate: "propagation check failed" err="wrong status code '404', expected '200'"
I'm trying to issue a TLS certificate using Cert-Manager and Cilium Gateway (Gateway API).
Everything works great when I use a self-signed ClusterIssuer, but fails when I move to the let's encrypt.
...
1
vote
1
answer
1k
views
libbpf: Error loading .BTF into kernel: -22. Error: failed to open object file, vlen != 0
I am now trying to insert some bpf code into kernel based on cilium. Through this tutorial I step by step follow the instructions to compile using its provided Makefile and then using bpftool to try ...
0
votes
1
answer
188
views
ebpf-tracepoint/syscalls/sys_enter_execve,has error:invalid variable-offset indirect access to stack R1 var_off=(0x0; 0x7f) size=9 (106 line(s)
the bpf code:
//go:build ignore
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
char _license[] SEC("license") = "GPL";
struct execve {
__u64 unused;
...
-1
votes
1
answer
134
views
bpf_ktime_get_ns Indicates a negative value of the obtained time
I use perf to sample the ebpf function, but I use bpf_ktime_get_ns to get the current second of the system found to be negative, I don't know why
SEC("perf_event")
int do_perf_event(struct ...
0
votes
1
answer
157
views
Using a program of type raw_tracepoint to trace sched_wakeup,bpf verifies that task_struct *p is empty
I used the program type tracepoint, tracepoint /sched/sched_wakeup, and the function parameter tracepoint format。But I changed the raw_tracepoint type, it is not useful, error:loading objects: field ...
0
votes
1
answer
317
views
cilium cluster mesh mTLS support
I am new to cilium and cluster mesh, I wanted to know if cilium cluster mesh supports mTLS or if it is by default implemented when we connect two clusters ?
while going through official docs I came ...
4
votes
0
answers
982
views
Envoy retry_policy is not working even though the request is routed correctly
I am using following envoy config:
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 8080
...
-1
votes
1
answer
44
views
Build Tetragon without docker
Is it possible to build Tetragon without docker? I am trying to build non image target "make tetragon" but still it is trying to access docker. I can't use docker due to some limitation.
1
vote
1
answer
304
views
Implications of Different Cilium Configurations on Istio Integration in Kubernetes
I'm integrating Cilium with Istio in a Kubernetes environment and need clarity on how specific configurations will impact this integration. Based on Cilium's official doc, the two key configurations ...