@harrisonqian / Awesome wiki / networking / cilium
Public View

Cilium

repo: seifrajhi/awesome-cilium
category: Networking related: Kubernetes

Awesome Cilium Awesome

Cilium is an open-source networking project that provides networking and security capabilities for containerized applications, microservices, and virtual machines.

Recently Cilium launched a great website about eBPF called ebpf.io. It serves a similar purpose to this list, with an introduction to eBPF.

Contents

Reference Documentation

  • Cilium - A networking plugin for various container runtimes such as Kubernetes, Docker, and Mesos. It leverages Linux kernel features like eBPF to provide fast and secure networking and load balancing for applications.
  • eBPF - Technology that allows for dynamic, programmable packet filtering and network analysis in the Linux kernel.
  • Cilium Proxy - High-performance HTTP, TCP, and gRPC proxy that can be automatically injected into Kubernetes pods. It provides features like load balancing, health checking, and L7 visibility.
  • Cilium Cluster Mesh - Securely connects multiple Kubernetes clusters together using encrypted tunnels. It enables seamless communication and service discovery across clusters while maintaining strong security boundaries.
  • Hubble - Network visibility and monitoring tool built by the Cilium community. It provides real-time visibility into network traffic, allowing operators to gain insights into application behavior, troubleshoot connectivity issues, and enforce network security policies.
  • Cilium Operator - Kubernetes operator that simplifies the deployment and management of Cilium within a Kubernetes cluster. It automates tasks such as deploying Cilium agents, configuring eBPF policies, and handling upgrades.
  • Tetragon - Runtime security enforcement and observability tool.
  • Cilium Mesh - Connects Kubernetes workloads, virtual machines, and physical servers running in the cloud, on-premises, or at the edge.
  • NetworkPolicy Editor - Create, visualize, and share Kubernetes network policies.
  • Prometheus & Grafana for Cilium - Collects metrics from Cilium and stores them in Prometheus for analysis and alerting.
  • Cilium Helm Chart - Helm chart that can be used to deploy Cilium on Kubernetes.
  • Hubble adaptor for OpenTelemetry - Enables exporting Hubble flow data using OpenTelemetry collector.
  • Packet, where are you? - eBPF-based Linux kernel networking debugger.
  • Coroot - Turns telemetry data into actionable insights, helping you identify and resolve application issues quickly.
  • Pixie - Instant Kubernetes-native application observability.
  • caretta - Instant K8s service dependency map, right to your Grafana.
  • Netreap - Cilium controller implementation for Nomad.
  • Gloo Network - Enables Cilium-CNI powered by eBPF to provide networking, packet filtering, and observability for modern applications.
  • Bpfilter instead of iptables for routing - Bpfilter offers a new approach to packet filtering in Linux.
image

Articles and Presentations

  • [eBPF log analytics in your Kubernetes cluster](https://www.parseable.io/blog/ebpf-log-analytics) - Leverage Cilium's Tetragon to capture eBPF-based file access logs and send them to Parseable for alerting and further analytics.
  • Introduction to Cilium - A livestream covering all things related to eBPF and Cilium presented by Isovalent's Thomas Graf & Liz Rice.
  • Cilium CNI - Comprehensive deep dive guide for networking and security enthusiasts.
  • [Cilium for Kubernetes networking](https://blog.palark.com/why-cilium-for-kubernetes-networking/) - Why we use it and why we love it.
  • A generic introduction to Cilium - Generic introduction to Cilium.
  • A podcast interviewing Thomas Graf - Ivan Pepelnjak interviewing Thomas, October 2016, on eBPF, P4, XDP, and Cilium.
  • [How eBPF streamlines the service mesh](https://thenewstack.io/how-ebpf-streamlines-the-service-mesh/) - Explore how eBPF allows us to streamline the service mesh, making the data plane more efficient and easier to deploy.
  • From Amazon VPC CNI to Cilium with zero downtime - Migrate to Cilium from Amazon VPC CNI with zero downtime.
  • Cilium CNI and OKE on Oracle Cloud - Kubernetes networking with Cilium CNI and OKE on Oracle Cloud.
  • [Cilium in Azure Kubernetes Service (AKS)](https://learn.microsoft.com/en-us/azure/aks/azure-cni-powered-by-cilium) - Configure Azure CNI powered by Cilium in Azure Kubernetes Service (AKS).
  • eCHO News NEWSLETTER - eCHO news in a bi-weekly wrap-up of all things eBPF and Cilium.
  • [Exploring eBPF and XDP](https://naftalyava.com/example-xdp-ebpf-code-for-handling-ingress-traffic/) - Basic example of how to get started with XDP.
  • [eBPF - Rethinking the Linux Kernel](https://docs.google.com/presentation/d/1AcB4x7JCWET0ysDr0gsX-EIdQSTyBtmi6OAW7bE0jm0/edit#slide=id.g6e43ab8f8d_0_612) - eBPF JavaScript-like capabilities to the Linux Kernel.
  • Learn how Tetragon can stop CVEs with YAML - Prevent overlayfs privilege escalation on Ubuntu kernels with YAML (bpf).
  • Cilium + Istio - Quick tour of Cilium 1.14 with Istio.
  • [Cilium: Decoding the packet path with security groups for pods in EKS](https://medium.com/@amitmavgupta/security-groups-for-pods-in-eks-cilium-and-networking-f809cf72fc31) - Decoding the packet path with security groups for pods in EKS.
  • Cilium mutual auth … DIY - Quick run-through on setting up Cilium, mtls on a self-managed Kubernetes cluster.
  • Istio service mesh with ALB in EKS - Install Cilium in a BYOCNI mode seamlessly and leverage eBPF functionality as compared to iptables.
  • Kubernetes LoadBalance service using Cilium BGP control plane - Walk through the process of creating Cilium-based support for load balancer services in a minimal K3s Kubernetes cluster.
  • eBPF-based networking with Cilium - What is it and what can it do?
  • Deploying Red Hat OpenShift with Cilium - Tutorial on deploying Cilium and Red Hat OpenShift.
  • [Setting up EKS Amazon clusters, adding Cilium to projects using Terraform and Helm, supporting GitOps, and using Karpenter for efficient resource utilization and cost savings](https://aws.plainenglish.io/architecting-for-resilience-crafting-opinionated-eks-clusters-with-karpenter-cilium-cluster-mesh-c87cee1df934) - Architecting for resilience: Crafting opinionated EKS clusters with Karpenter & Cilium Cluster Mesh.
  • Kubernetes Gateway API with Cilium - Guidance on how to effectively configure Cilium for setting up the Gateway API in Kubernetes environments.
  • [How to migrate from Red Hat OpenShiftSDN/OVN-Kubernetes to Cilium](https://veducate.co.uk/migrate-red-hat-openshiftsdn-ovn-kubernetes-cilium/) - Step-by-step process of migrating from OpenShiftSDN or OVN-Kubernetes to Cilium.
  • Setup basic L4 load balancing with Cilium CNI and Ubuiqiti Edge Router - Setting up basic L4 load balancing with Cilium CNI and Ubuiqiti Edge Router.

Community Events

  • CiliumCon - Full-day co-located event for Cilium users, contributors, and new community members.
  • [Isovalent Security Summer School 2023](https://isovalent.com/events/2023-07-security-summer-school/) - Virtual Security Summer School with hands-on labs. Learn how Cilium, Tetragon, and Hubble help improve Kubernetes security.
  • Isovalent's cilium related events - Events featuring diverse voices, innovative companies, and big ideas.

Community and Contributing

Hands on Contents

Contributing

Note: Cilium is an exciting piece of technology, and its ecosystem is constantly evolving. We'd love help from you to keep this awesome list up to date, and improve its signal-to-noise ratio in any way we can. Please feel free to leave any feedback.

Please read the contribution guidelines before contributing.

[[curator]]
I'm the Curator. I can help you navigate, organize, and curate this wiki. What would you like to do?