Submit your CfP for CiliumCon NA

Technology

AllCommunityHow-ToReleaseTechnology
NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies
Feb 10, 2021

NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies

Implementing Network Policy is a critical part of building a secure Kubernetes-based platform, but the learning curve from simple examples to more complex real-world policies is steep. Not only can it be painful to get the YAML syntax and formatting just right, but more importantly, there are many subtleties in the behavior of the network policy specification (e.g. default allow/deny, namespacing, wildcarding, rules combination, etc.). Even an experienced Kubernetes YAML-wrangler can still easily tie their brain in knots working through an advanced network policy use case.

Technology
Episode 153 Kubernetes Networking and Security, and Building Business on Open Source with Isovalent Founder, Thomas Graf
Feb 08, 2021

Episode 153 Kubernetes Networking and Security, and Building Business on Open Source with Isovalent Founder, Thomas Graf

Thomas talks about challenges of security and networking in Linux and Kubernetes and how to build a business on open source technology

Technology
External
Cilium: Programmable Linux Networking with Dan Wendlant and Thomas Graf
Feb 02, 2021

Cilium: Programmable Linux Networking with Dan Wendlant and Thomas Graf

Dan and Thomas join the show today to talk about why Cilium is a great choice for organizations looking to build cloud native applications

Technology
External
eBPF - The Future of Networking & Security
Nov 10, 2020

eBPF - The Future of Networking & Security

Today is an exciting day for the Cilium community: Isovalent, the company behind Cilium, is announcing its $29M Series A financing round backed by Andreessen Horowitz, Google, and Cisco. This is a perfect occasion to take a deeper look into where eBPF-based networking is coming from and to understand what the excitement is all about.

Technology
Announcing Hubble - Network, Service & Security Observability for Kubernetes
Nov 19, 2019

Announcing Hubble - Network, Service & Security Observability for Kubernetes

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Hubble is open source software and built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.

Technology
Thomas Graf on Cilium, the 1.6 Release, eBPF Security, & the Road ahead
Sep 02, 2019

Thomas Graf on Cilium, the 1.6 Release, eBPF Security, & the Road ahead

Thomas Graf discusses the recent 1.6 release, some of the security questions/concerns around eBPF, and the future roadmap for the project

Technology
External
Jul 01, 2019

CVE-2019-13119: Policy bypass via nested encapsulation

On May 25 2019, a security relevant bug has been reported to us via the documented security disclosure channel. It was soon identified that multiple vendors are affected by this vulnerability. This lead to an embargo period which is being lifted today. The bug allows, under certain circumstances, to bypass network security policies. See below for details on the vulnerability and the mitigation.

Technology
Deep Dive into Facebook's BPF edge firewall
Nov 20, 2018

Deep Dive into Facebook's BPF edge firewall

We have covered Facebook's BPF-based load balancer with DDoS protection in a previous blog post. This post provides further details on Facebook's BPF use by covering Anant Deepak's talk at the BPF/networking microconference on Facebook's BPF-based edge firewall running in production.

Technology
Kubernetes Network Policies Using Cilium - Controlling Ingress/Egress from Namespaces
Sep 20, 2018

Kubernetes Network Policies Using Cilium - Controlling Ingress/Egress from Namespaces

Kubernetes clusters are used by multiple tenants to run their containerized workloads. Often, the tenant workloads are mapped to namespaces and strict access control is required for inter-namespace communications. The access control could be needed for separation of concerns such as monitoring namespace vs application namespace; for compliance such as PCI vs non-PCI workloads; or to meet requirements of serving different end customers such as workloads serving Pepsi vs Coke. In this post, we will look at namespace based segmentation of traffic along with examples of allowing specific inter-namespace communications.

Technology

Community

  • Slack

    For live conversation and quick questions, join the Cilium Slack workspace. Don’t forget to say hi!

    Join slack workspace

  • X

    Follow Cilium on X for the latest news and announcements.

    Follow Cilium on X

  • Github

    Cilium uses GitHub tags to maintain a list of asked questions.

    Join Github