December 6, 2017

Cilium Now Speaks gRPC!

cilium grpc

The Cilium team is happy to announce tech preview support for gRPC-aware filtering!

While the majority of existing API-based services leverage HTTP REST as their primary protocol for inter-service communication, among teams designing new platforms from scratch, gRPC is quickly gaining steam.  gRPC is based on Google's popular protobuf project, which provides a more compact and efficiently serializable RPC payload.

Microservices written using gRPC typically include a large number of RPC "methods", all of which are exposed on a single TCP port belonging to the gRPC server.  As a result, a traditional network firewall would either open or close the port of the gRPC server, exposing either all or none of the gRPC methods for a service to each RPC client.  However, Cilium's API-aware filtering enables fine-grain security policies that selectively expose RPC methods to different remote callers, eliminating unnecessary attack surface.

We have created a Cilium + gRPC "Getting Started Guide" so you can try it out yourself: .  Building on our tradition of Star Wars-themed demos, this guide explains how the lack of gRPC-aware network security helped the rebels escape from Cloud City during "The Empire Strikes Back".   Check out the video!

As always, we're very interested in your questions and feedback, so don't hesitate to reach out via Twitter (@ciliumproject) or Slack (   And don't forget to check out the code and star us on Cilium Github .  Happy gRPC-ing!