The Cilium docker plugin provides integration of Cilium with Docker. The plugin will provide both, address allocation (IPAM) and connectivity (plumbing).
The plugin requires a running Cilium daemon to manage BPF programs, see installation for detailed instructions on how to install the daemon itself.
The plugin consists of a single binary cilium-docker which can be installed
in any location. The make install target will install it in bindir.
For connectivity to the Cilium daemon, the UNIX domain socket of the daemon
(/var/run/cilium/cilium.sock) must be accessible for the plugin.
Various templates for integration with service management tools such as
upstart or systemd can be found in the contrib/ directory.
NOTE: Docker libnetwork is currently not capable of running IPv6 only
containers via the libnetwork abstraction. A pull request is pending to
resolve this. In the meantime, you have to start Cilium with IPv4 enabled:
cilium daemon run --ipv4.
As isolation and segmentation is enforced based on container labels. It is not required to create multiple networks. You may do so but it will not impact any segmentation rules. It is suggested to create a single Docker network. Please note that IPv6 must be enabled on the network as the IPv6 address is also the unique identifier for each container:
$ docker network create --ipv6 --subnet ::1/112 --driver cilium --ipam-driver cilium cilium
$ docker run --net cilium hello-world
The cilium-docker plugin will allocate an unique IPv6 address out of the
address prefix assigned to the container host. See here for
additional information on the addressing model of Cilium.