Awesome Cilium

Cilium is an open-source networking project that provides networking and security capabilities for containerized applications, microservices, and virtual machines.

Recently Cilium launched a great website about eBPF called ebpf.io. It serves a similar purpose to this list, with an introduction to eBPF.

Contents

• Reference Documentation
• Cilium related projects
• Articles and Presentations
• Community Events
• Community and Contributing
• Hands on Contents

Reference Documentation

• Website - Official website of Cilium, originally created by Isovalent.
• Official GitHub repository - GitHub repository of the Cilium project.
• A cookbook of installing Cilium on AWS EKS - Multiple ways to install Cilium in EKS.
• Cilium Certified Associate Study Guide - Study guide to help the Cilium community prepare for the CNCF’s Cilium Certified Associate (CCA) Exam.

Cilium related projects

• Cilium - A networking plugin for various container runtimes such as Kubernetes, Docker, and Mesos. It leverages Linux kernel features like eBPF to provide fast and secure networking and load balancing for applications.
• eBPF - Technology that allows for dynamic, programmable packet filtering and network analysis in the Linux kernel.
• Cilium Proxy - High-performance HTTP, TCP, and gRPC proxy that can be automatically injected into Kubernetes pods. It provides features like load balancing, health checking, and L7 visibility.
• Cilium Cluster Mesh - Securely connects multiple Kubernetes clusters together using encrypted tunnels. It enables seamless communication and service discovery across clusters while maintaining strong security boundaries.
• Hubble - Network visibility and monitoring tool built by the Cilium community. It provides real-time visibility into network traffic, allowing operators to gain insights into application behavior, troubleshoot connectivity issues, and enforce network security policies.
• Cilium Operator - Kubernetes operator that simplifies the deployment and management of Cilium within a Kubernetes cluster. It automates tasks such as deploying Cilium agents, configuring eBPF policies, and handling upgrades.
• Tetragon - Runtime security enforcement and observability tool.
• Cilium Mesh - Connects Kubernetes workloads, virtual machines, and physical servers running in the cloud, on-premises, or at the edge.
• NetworkPolicy Editor - Create, visualize, and share Kubernetes network policies.
• Prometheus & Grafana for Cilium - Collects metrics from Cilium and stores them in Prometheus for analysis and alerting.
• Cilium Helm Chart - Helm chart that can be used to deploy Cilium on Kubernetes.
• Hubble adaptor for OpenTelemetry - Enables exporting Hubble flow data using OpenTelemetry collector.
• Packet, where are you? - eBPF-based Linux kernel networking debugger.
• Coroot - Turns telemetry data into actionable insights, helping you identify and resolve application issues quickly.
• Pixie - Instant Kubernetes-native application observability.
• caretta - Instant K8s service dependency map, right to your Grafana.
• Netreap - Cilium controller implementation for Nomad.
• Gloo Network - Enables Cilium-CNI powered by eBPF to provide networking, packet filtering, and observability for modern applications.
• Bpfilter instead of iptables for routing - Bpfilter offers a new approach to packet filtering in Linux.

• Inter-node traffic control - Policies that are applicable to the whole cluster (non-namespaced) and provide you with the means to specify nodes as the source and target.
• BPF and XDP Reference Guide - Guide from the Cilium project.
• Why is the kernel community replacing iptables with BPF? - Blog post by Cilium on the motivations behind eBPF and bpfilter, with examples and links to other projects using eBPF and bpfilter.
• Bpfilter: Linux firewall with eBPF sauce - Slides from a talk by Quentin Monnet with a background on eBPF and comparing bpfilter to iptables.
• Cilium: Networking & Security for Containers with BPF & XDP - Featuring a load balancer use case.
• Cilium: Networking & Security for Containers with BPF & XDP - Video.
• Cilium: Fast IPv6 container Networking with BPF and XDP - Fast IPv6 container networking with BPF and XDP.
• Cilium: BPF & XDP for containers - BPF & XDP for containers.
• Learning ebpf book - Learning eBPF, published by O’Reilly! Here’s where you will find a VM config for the examples.

Articles and Presentations

• eBPF log analytics in your Kubernetes cluster - Leverage Cilium’s Tetragon to capture eBPF-based file access logs and send them to Parseable for alerting and further analytics.
• Introduction to Cilium - A livestream covering all things related to eBPF and Cilium presented by Isovalent’s Thomas Graf & Liz Rice.
• Cilium CNI - Comprehensive deep dive guide for networking and security enthusiasts.
• Cilium for Kubernetes networking - Why we use it and why we love it.
• A generic introduction to Cilium - Generic introduction to Cilium.
• A podcast interviewing Thomas Graf - Ivan Pepelnjak interviewing Thomas, October 2016, on eBPF, P4, XDP, and Cilium.
• How eBPF streamlines the service mesh - Explore how eBPF allows us to streamline the service mesh, making the data plane more efficient and easier to deploy.
• From Amazon VPC CNI to Cilium with zero downtime - Migrate to Cilium from Amazon VPC CNI with zero downtime.
• Cilium CNI and OKE on Oracle Cloud - Kubernetes networking with Cilium CNI and OKE on Oracle Cloud.
• Cilium in Azure Kubernetes Service (AKS) - Configure Azure CNI powered by Cilium in Azure Kubernetes Service (AKS).
• eCHO News NEWSLETTER - eCHO news in a bi-weekly wrap-up of all things eBPF and Cilium.
• Exploring eBPF and XDP - Basic example of how to get started with XDP.
• eBPF - Rethinking the Linux Kernel - eBPF JavaScript-like capabilities to the Linux Kernel.
• Learn how Tetragon can stop CVEs with YAML - Prevent overlayfs privilege escalation on Ubuntu kernels with YAML (bpf).
• Cilium + Istio - Quick tour of Cilium 1.14 with Istio.
• Cilium: Decoding the packet path with security groups for pods in EKS - Decoding the packet path with security groups for pods in EKS.
• Cilium mutual auth … DIY - Quick run-through on setting up Cilium, mtls on a self-managed Kubernetes cluster.
• Istio service mesh with ALB in EKS - Install Cilium in a BYOCNI mode seamlessly and leverage eBPF functionality as compared to iptables.
• Kubernetes LoadBalance service using Cilium BGP control plane - Walk through the process of creating Cilium-based support for load balancer services in a minimal K3s Kubernetes cluster.
• eBPF-based networking with Cilium - What is it and what can it do?
• Deploying Red Hat OpenShift with Cilium - Tutorial on deploying Cilium and Red Hat OpenShift.
• Setting up EKS Amazon clusters, adding Cilium to projects using Terraform and Helm, supporting GitOps, and using Karpenter for efficient resource utilization and cost savings - Architecting for resilience: Crafting opinionated EKS clusters with Karpenter & Cilium Cluster Mesh.
• Kubernetes Gateway API with Cilium - Guidance on how to effectively configure Cilium for setting up the Gateway API in Kubernetes environments.
• How to migrate from Red Hat OpenShiftSDN/OVN-Kubernetes to Cilium - Step-by-step process of migrating from OpenShiftSDN or OVN-Kubernetes to Cilium.
• Setup basic L4 load balancing with Cilium CNI and Ubuiqiti Edge Router - Setting up basic L4 load balancing with Cilium CNI and Ubuiqiti Edge Router.

Community Events

• CiliumCon - Full-day co-located event for Cilium users, contributors, and new community members.
• Isovalent Security Summer School 2023 - Virtual Security Summer School with hands-on labs. Learn how Cilium, Tetragon, and Hubble help improve Kubernetes security.
• Isovalent’s cilium related events - Events featuring diverse voices, innovative companies, and big ideas.

Community and Contributing

• Slack channel - For live conversation and quick questions, join the Cilium Slack workspace.
• Twitter - Follow Cilium on Twitter for the latest news and announcements.
• YouTube - Watch videos from the Cilium and eBPF communities.
• Contributors - Contributions to main.

Hands on Contents

• Isovalent library for Cilium - Find videos, case studies, blogs, books, labs, and analyst reports.
• Cilium Learning Tracks - Tracks for cloud network engineers, security professionals, platform engineers, platform ops (service mesh), and cloud architects.
• K0S Cilium Playground - Full bash-based k0s Cilium Clustermesh enabled playground.
• Podcast: Kubernetes Unpacked Podcast - Kubernetes Unpacked 022: Kubernetes networking and abstraction with Cilium and eBPF.
• From Zero to Cluster Mesh: Installing and Configuring Cilium CNI on Kubernetes - How to install and configure the Cilium CNI and enable its advanced cluster mesh feature across Kubernetes clusters.
• Cilium and SPIRE integration - Tutorials about Cilium and SPIRE integration.
• Cilium Network policies Library - Community curated list of system and network policy templates for KubeArmor and Cilium.
• Kyverno policies for Cilium Network Policies - Examples of Kyverno policies for controlling the creation of Cilium network policies.

Contributing

Note: Cilium is an exciting piece of technology, and its ecosystem is constantly evolving. We’d love help from you to keep this awesome list up to date, and improve its signal-to-noise ratio in any way we can. Please feel free to leave any feedback.

Please read the contribution guidelines before contributing.

cilium.md Github