Cillium 시스템 요구사항
https://docs.cilium.io/en/stable/operations/system_requirements/
- AMD64 또는 AArch64 CPU 아키텍처
- Linux 커널 5.4 이상 또는 동등 버전
- 커널 구성 옵션 활성화
- 고급 기능 동작을 위한 최소 커널 버전
- Cilium 동작(Node 간)을 위한 방화벽 규칙
- Mounted eBPF filesystem
- Privileges
스크립트 실행 결과
Summary 는 출력, 상세로그는 .log 파일로 저장.
자동화 스크립트 최종
#!/bin/bash
LOG_FILE="cilium_system_check.log"
exec 3>&1 # stdout 백업
declare -A RESULTS
log() {
echo "$@" >> "$LOG_FILE"
}
get_kernel_version_number() {
uname -r | awk -F. '{printf("%d%02d\n", $1, $2)}'
}
CURRENT_KERNEL=$(get_kernel_version_number)
# [1] CPU Architecture
log "[1] CPU Architecture"
ARCH=$(uname -m)
log "Detected architecture: $ARCH"
if [[ "$ARCH" == "x86_64" || "$ARCH" == "aarch64" ]]; then
RESULTS[arch]="PASS ($ARCH)"
else
RESULTS[arch]="FAIL ($ARCH not supported)"
fi
# [2] Kernel Version
log ""
log "[2] Kernel Version"
KERNEL_VERSION=$(uname -r)
log "Kernel version: $KERNEL_VERSION"
KERNEL_MAJOR=$(echo "$KERNEL_VERSION" | cut -d. -f1)
KERNEL_MINOR=$(echo "$KERNEL_VERSION" | cut -d. -f2)
if (( KERNEL_MAJOR > 5 || (KERNEL_MAJOR == 5 && KERNEL_MINOR >= 4) )); then
RESULTS[kernel]="PASS ($KERNEL_VERSION)"
else
RESULTS[kernel]="FAIL ($KERNEL_VERSION < 5.4)"
fi
# [3] Kernel Config Options
log ""
log "[3] Kernel Config Options"
CONFIG_PATH="/boot/config-$(uname -r)"
if [ ! -f "$CONFIG_PATH" ]; then
log "Kernel config not found: $CONFIG_PATH"
RESULTS[config]="FAIL (no config file)"
else
REQUIRED_CONFIGS=(
# eBPF / Core
CONFIG_BPF
CONFIG_BPF_SYSCALL
CONFIG_BPF_JIT
CONFIG_NET_CLS_BPF
CONFIG_NET_CLS_ACT
CONFIG_NET_SCH_INGRESS
CONFIG_CRYPTO_SHA1
CONFIG_CRYPTO_USER_API_HASH
CONFIG_CGROUPS
CONFIG_CGROUP_BPF
CONFIG_PERF_EVENTS
CONFIG_SCHEDSTATS
# Tunneling / Routing
CONFIG_VXLAN
CONFIG_GENEVE
CONFIG_FIB_RULES
# L7 / FQDN Policy
CONFIG_NETFILTER_XT_TARGET_TPROXY
CONFIG_NETFILTER_XT_TARGET_MARK
CONFIG_NETFILTER_XT_TARGET_CT
CONFIG_NETFILTER_XT_MATCH_MARK
CONFIG_NETFILTER_XT_MATCH_SOCKET
# Netkit (Optional)
CONFIG_NETKIT
)
MISSING=0
for opt in "${REQUIRED_CONFIGS[@]}"; do
if ! grep -Eq "^$opt=[ym]" "$CONFIG_PATH"; then
log "$opt: not set"
((MISSING++))
fi
done
if (( MISSING == 0 )); then
RESULTS[config]="PASS"
else
RESULTS[config]="FAIL ($MISSING missing options)"
fi
fi
# [4] Advanced Cilium Feature Kernel Version Check
log ""
log "[4] Advanced Cilium Feature Kernel Version Check"
IFS="|"
FEATURES=(
"WireGuard Transparent Encryption|5.6|"
"Session Affinity (full support)|5.7|"
"BPF-based proxy redirection|5.7|"
"Socket-level LB bypass in pod netns|5.7|"
"L3 devices|5.8|"
"BPF-based host routing|5.10|"
"Multicast Support (AMD64)|5.10|x86_64"
"IPv6 BIG TCP|5.19|"
"Multicast Support (AArch64)|6.0|aarch64"
"IPv4 BIG TCP|6.3|"
)
SUPPORTED=0
FAILED=0
SKIPPED=0
for entry in "${FEATURES[@]}"; do
read -r NAME VERSION ARCH_REQ <<< "$entry"
VERSION_INT=$(echo "$VERSION" | awk -F. '{printf("%d%02d", $1, $2)}')
if [[ -n "$ARCH_REQ" && "$ARCH" != "$ARCH_REQ" ]]; then
log "$NAME: skipped (requires $ARCH_REQ only)"
((SKIPPED++))
continue
fi
if (( CURRENT_KERNEL >= VERSION_INT )); then
log "$NAME: supported (requires >= $VERSION)"
((SUPPORTED++))
else
log "$NAME: not supported (requires >= $VERSION)"
((FAILED++))
fi
done
unset IFS
if (( FAILED == 0 )); then
RESULTS[features]="PASS ($SUPPORTED supported, $SKIPPED skipped)"
else
RESULTS[features]="FAIL ($FAILED failed, $SUPPORTED supported, $SKIPPED skipped)"
fi
# [5] Firewall Rules
log ""
log "[5] Firewall Rule Check"
if command -v iptables >/dev/null; then
IPTABLES_OUTPUT=$(iptables -L -n)
log "$IPTABLES_OUTPUT"
if echo "$IPTABLES_OUTPUT" | grep -q "ACCEPT"; then
RESULTS[firewall]="PASS (iptables present)"
else
RESULTS[firewall]="FAIL (no ACCEPT rules)"
fi
else
log "iptables not found"
RESULTS[firewall]="FAIL (iptables missing)"
fi
# [6] eBPF Filesystem Mount
log ""
log "[6] eBPF Filesystem Mount"
if mount | grep -q "/sys/fs/bpf"; then
log "/sys/fs/bpf is mounted"
RESULTS[ebpf]="PASS"
else
log "/sys/fs/bpf is not mounted"
RESULTS[ebpf]="FAIL"
fi
# [7] Privilege & Host Networking
log ""
log "[7] Privilege & Host Networking"
if [ "$EUID" -ne 0 ]; then
log "Not running as root"
RESULTS[priv]="FAIL (not root)"
else
if command -v docker &>/dev/null || command -v containerd &>/dev/null || command -v crictl &>/dev/null; then
log "Container runtime found"
RESULTS[priv]="PASS"
else
log "No container runtime"
RESULTS[priv]="FAIL (no container runtime)"
fi
fi
# 요약 출력 (콘솔만)
echo "=== Cilium System Requirement Summary ===" >&3
printf "[1] CPU Architecture : %s\n" "${RESULTS[arch]}" >&3
printf "[2] Kernel Version : %s\n" "${RESULTS[kernel]}" >&3
printf "[3] Kernel Config Options : %s\n" "${RESULTS[config]}" >&3
printf "[4] Advanced Kernel Features : %s\n" "${RESULTS[features]}" >&3
printf "[5] Firewall Rules : %s\n" "${RESULTS[firewall]}" >&3
printf "[6] eBPF Filesystem Mount : %s\n" "${RESULTS[ebpf]}" >&3
printf "[7] Privilege & Host Networking : %s\n" "${RESULTS[priv]}" >&3
echo "" >&3
echo "Detailed logs saved to: $LOG_FILE" >&3
'DevOps > cilium' 카테고리의 다른 글
| [Cilium study] IPAM 모드 (2) | 2025.07.31 |
|---|---|
| [Cilium study] Loki 스택 기반 중앙 로깅 시스템 구성 (4) | 2025.07.27 |
| [Cilium Study] Network Observability with Hubble (3) | 2025.07.27 |
| Flannel 에서 cilium으로 마이그레이션 (1) | 2025.07.20 |
| Kubeadm Configuration 을 사용하여 node ip 지정 (0) | 2025.07.20 |
