Cilium Mode

Overview

Cilium mode (bootstrap-full.sh) provides a lightweight cluster with Cilium CNI and Hubble observability, without the full Istio + ArgoCD stack. It’s designed for CNI testing and network policy validation.

Cold start: ~200s | Warm start: Not supported

Key Features

Cilium + Hubble - Full CNI with network observability
1 worker node - Control-plane + 1 worker
No warm cluster - Always performs full bootstrap
No Istio - CNI testing without service mesh
No ArgoCD - Manual deployment only

Command Usage

# Direct invocation
bootstrap-full

# Or via bootstrap --full
bootstrap --full

The bootstrap --full flag delegates to bootstrap-full.sh automatically.

Architecture

Cilium mode uses kind-config-lite.yaml with:

1 control-plane node
1 worker node (reduced from full-bootstrap’s 2 workers)
Cilium CNI with disableDefaultCNI: true

kind-config-lite.yaml

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: microservice-infra
networking:
  disableDefaultCNI: true  # Cilium will be installed
nodes:
  - role: control-plane
    extraPortMappings:
      - containerPort: 30300  # Grafana
        hostPort: 30300
      - containerPort: 30081  # Traefik
        hostPort: 30081
      - containerPort: 31235  # Hubble UI
        hostPort: 31235
      - containerPort: 30090  # Prometheus
        hostPort: 30090
      - containerPort: 30093  # Alertmanager
        hostPort: 30093
  - role: worker

4-Phase Execution

Phase 1: Preparation (Parallel)

timed_step "phase1-prep" parallel_run \
  "kind-cluster:_step_kind_cluster" \
  "gen-manifests:bash ${SCRIPT_DIR}/gen-manifests.sh" \
  "otel-build:bash ${SCRIPT_DIR}/load-otel-collector-image.sh build" \
  "image-preload:_step_image_preload"

Create kind cluster
Generate manifests
Build OTel collector image (not cached)
Pull container images

Phase 2: Network Setup (Sequential)

timed_step "phase2-network" _step_network_setup

Load Cilium image

Load quay.io/cilium/cilium:v${CILIUM_VERSION} into kind

Load OTel image

Load custom OTel collector image

Background image load

Start loading remaining images in background

Install Cilium

Run cilium-install.sh (overlaps with image loading)

Wait for images

Ensure all images loaded before Phase 3

PostgreSQL early start

Start PostgreSQL to overlap its startup time

Phase 3: Deploy Services (Parallel)

timed_step "phase3-deploy" parallel_run \
  "garage:_step_garage_deploy" \
  "observability:_step_observability" \
  "traefik:_step_traefik" \
  "cloudflared:_step_cloudflared"

garage - S3-compatible storage
observability - Prometheus, Grafana, Loki, Tempo, OTel
traefik - Ingress controller with auth patch
cloudflared - Cloudflare tunnel (optional)

Phase 4: Wait for Pods

Wait for critical pods in parallel:

PostgreSQL
Grafana
Prometheus

Network Features

Cilium CNI

Cilium provides:

eBPF-based networking
Network policies
Load balancing
Service mesh capabilities (not used in this mode)

Hubble Observability

Hubble UI available at http://localhost:31235 provides:

Network flow visualization
Service dependency mapping
Network policy validation
Traffic metrics

Exposed Services

Service	URL	Credentials
Grafana	http://localhost:30300	admin/admin
Prometheus	http://localhost:30090	-
Alertmanager	http://localhost:30093	-
Hubble UI	http://localhost:31235	-
Traefik	http://localhost:30081	-

Differences from Dev-Fast

CNI

Cilium + Hubble vs kindnetd

Nodes

1 worker vs single control-plane

Warm Cluster

Not supported vs hash-based caching

Speed

~200s vs ~120s

Differences from Full-Bootstrap

Istio

No Istio vs ambient mode

ArgoCD

No ArgoCD vs automated GitOps

Workers

1 worker vs 2 workers

Speed

~200s vs ~250s

Use Cases

CNI Testing

Validate Cilium network policies and features

Network Debugging

Use Hubble to visualize traffic flows

Middle Ground

More realistic than dev-fast, faster than full

Policy Validation

Test network security policies

Next Steps

After bootstrap:

cd microservice-app && tilt up

Access Hubble UI to monitor network traffic:

open http://localhost:31235

Comparison

See the Bootstrap Mode Comparison to choose the right mode for your needs.

Getting Started

Bootstrap Modes

Architecture

Operations

Components

Development

Overview

Key Features

Command Usage

Architecture

4-Phase Execution

Phase 1: Preparation (Parallel)

Phase 2: Network Setup (Sequential)

Phase 3: Deploy Services (Parallel)

Phase 4: Wait for Pods

Network Features

Cilium CNI

Hubble Observability

Exposed Services

Differences from Dev-Fast

CNI

Nodes

Warm Cluster

Speed

Differences from Full-Bootstrap

Istio

ArgoCD

Workers

Speed

Use Cases

CNI Testing

Network Debugging

Middle Ground

Policy Validation

Next Steps

Comparison

Build docs developers (and LLMs) love

Getting Started

Bootstrap Modes

Architecture

Operations

Components

Development

​Overview

​Key Features

​Command Usage

​Architecture

​4-Phase Execution

​Phase 1: Preparation (Parallel)

​Phase 2: Network Setup (Sequential)

​Phase 3: Deploy Services (Parallel)

​Phase 4: Wait for Pods

​Network Features

​Cilium CNI

​Hubble Observability

​Exposed Services

​Differences from Dev-Fast

CNI

Nodes

Warm Cluster

Speed

​Differences from Full-Bootstrap

Istio

ArgoCD

Workers

Speed

​Use Cases

CNI Testing

Network Debugging

Middle Ground

Policy Validation

​Next Steps

​Comparison

Build docs developers (and LLMs) love

Overview

Key Features

Command Usage

Architecture

4-Phase Execution

Phase 1: Preparation (Parallel)

Phase 2: Network Setup (Sequential)

Phase 3: Deploy Services (Parallel)

Phase 4: Wait for Pods

Network Features

Cilium CNI

Hubble Observability

Exposed Services

Differences from Dev-Fast

Differences from Full-Bootstrap

Use Cases

Next Steps

Comparison