Elasticsearch is a dominanting open source platform for storing and analyzing all different types of data ranging from application logs, to user payment transactions and network audit logs.

A single Elasticsearch cluster is often used to store many different types of data for a variety of uses. While such multi-tenancy maximizes efficiency both compute/storage resources and ops-team resources, it also requires key elements around security. For example, if an application that is sending troubleshooting logs to an Elasticsearch cluster is compromised, the attacker should not also be able to read user transaction data or delete network access logs, simply because that data also happens to be stored in the same cluster.

In this post, we will look at how Cilium helps you lock down access to data in your Elasticsearch cluster without requiring any changes to the application code or containers. Cilium is an open source API-aware network security technology for container orchestration frameworks like Kubernetes.

We are excited to announce Cilium 1.1. 33 contributors have contributed 965 commits to this release. Below is a list of highlighted features and architectural improvements that have made the 1.1 release in addition to the countless bugfixes.

To celebrate the Cilium project hitting 1.0, we wanted to take a moment to share the broader story behind how BPF and Cilium are driving the biggest change in the past two decades of Linux networking and security, and invite you to join in on the fun. We're just getting started!

The last couple of months have been tremendously exciting for everyone working on Cilium and BPF. We have witnessed a fast growing community of Cilium users as well as the rapid increase of BPF usage and development with companies such as Google joining the existing already strong BPF community of engineers from Facebook, Netflix, Red Hat and many more. Possibly the strongest signal of the success of BPF has been the decision of the Linux kernel community to replace the in-kernel implementation of iptables with BPF.

All of this has allowed us to advance BPF quickly and mature the Cilium project very effectively. Our warmest shoutouts go to everyone who has joined us on this incredible journey since we initially announced Cilium at DockerCon 2017. Your support in the form of contributing code, providing feedback and spreading the word has been incredible.

The Linux kernel community recently announced bpfilter, which will replace the long-standing in-kernel implementation of iptables with high-performance network filtering powered by Linux BPF, all while guaranteeing a non-disruptive transition for Linux users.

From humble roots as the packet filtering capability underlying popular tools like tcpdump and Wireshark, BPF has grown into a rich framework to extend the capabilities of Linux in a highly flexible manner without sacrificing key properties like performance and safety. This powerful combination has led forward-leaning users of Linux kernel technology like Google, Facebook, and Netflix to choose BPF for use cases ranging from network security and load-balancing to performance monitoring and troubleshooting. Brendan Gregg at Netflix first called BPF Superpowers for Linux. This post will cover how these “superpowers” render long-standing kernel sub-systems like iptables redundant while simultaneously enabling new in-kernel use cases that few would have previously imagined were possible.

We are excited to announce Cilium 1.0.0-rc9 with many, many bugfixes and the delivery of the final feature we were waiting on prior for 1.0: Egress policy enforcement support. It is therefore only logical that we announce full feature freeze with rc9. This means that we will only merge critical bugfixes and release 1.0 as soon as we have resolved all release blockers. More on this below. We are thrilled to have come this far and appreciate all of the efforts by the wide range of contributors that have helped to get us here.

As usual, the full release notes are attached at the end of the blog but can be found on the 1.0.0-rc9 release page. The vast majority of the work in this release has been around bugfixes and testing. Here is a list of some highlights:

We are excited to announce Cilium Enterprise Edition (CEE) 4.0, which extends the already extremely powerful open source Cilium with additional enterprise-grade add-ons.

We are excited to have released Cilium 1.0.0-rc4. The release contains a lot of bugfixes as usual plus a lot of CI work to ensure quality long term but there are also some enhancements highlights and tooling worth mentioning.