Skip to content

Setup

Step 1 - Create a Cluster Blueprint with Cilium Add-On

In this step, you will create a Cluster Blueprint in Rafay that includes the Cilium CNI Add-On, and you will configure it to enable Hubble and Hubble UI for network observability.

Prerequisites

  • Access to Rafay Console with permissions to create and modify Blueprints.
  • Understanding of Cluster Blueprints in Rafay (see Blueprint Documentation).

Create Namespace for Cilium Add-On

  1. Navigate to Infrastructure > Namespaces in the Rafay Console.
  2. Click Create Namespace.
  3. Provide a name (e.g., cilium-ns).
  4. Select Type as Wizard and save the namespace without publishing it yet, as the cluster is not created yet.

Create a New Add-On for Cilium

  1. Navigate to the Add-Ons section in Infrastructure > Add-ons.
  2. Click New Add-on.
  3. Click Create New Add-On from Catalog.

addons

  1. Select Cilium Add-On from the catalog.

catalog

  1. In the Values File section, upload the following example values.yaml to enable Hubble and Hubble UI.

values

  1. Add the following mandatory labels to the Add-On to ensure it is correctly recognized as a Cilium CNI Add-On:
    • rafay.type: cni
    • rafay.cni.name: cilium

cilium-values

  1. Save the Add-On.

addon

Note on Hubble UI Exposure

In this guide, Hubble UI is exposed using a NodePort service. This allows you to access it directly using the node's IP and the specified port.

If you prefer, you can expose Hubble UI using an Ingress by: - Deploying an Ingress Controller (e.g., NGINX Ingress Controller). - Creating a corresponding Ingress Resource for the Hubble UI service.

Example values.yaml

operator:
  replicas: 1 

nodePort:
  enabled: true
  bindProtection: false

hubble:
  enabled: true

  metrics:
    enabled:
      - dns:query;ignoreAAAA
      - drop
      - tcp
      - flow
      - icmp
      - http

  ui:
    enabled: true  
    service: 
      type: NodePort
      nodePort: 31235

  relay:
    enabled: true  

k8sServiceHost: "k8master.service.consul"
k8sServicePort: "6443"
  1. Once the Add-On is created, proceed to create a new Blueprint:
    • Navigate back to Blueprints and click Create Blueprint.
    • Provide a name.
    • In the Add-Ons section, attach the Cilium Add-On you just created.

Blueprint

  1. Save the Blueprint.

Short Clip

Summary

Once this Blueprint is created, you can:

  • Use it when provisioning a new MKS cluster.
  • Apply it to existing clusters to enable Cilium CNI with Hubble for real-time network observability and analysis.