Blog Tags Kubernetes

December 15, 2020

Cilium Zero Trust Networking Protections Against CVE-2020-8554

You've probably heard about the new Man in the Middle (MITM) vulnerability in Kubernetes. If you're unfamiliar, a MITM vulnerability ...

November 10, 2020

Cilium 1.9: Maglev, Deny Policies, VM Support, OpenShift, Hubble mTLS, Bandwidth Manager, eBPF Node-Local Redirect, Datapath Optimizations, and more

intro vertical

We are excited to announce the Cilium 1.9 release. A total of 2816 commits have been contributed by a community of 251 developers, ma...

November 10, 2020

eBPF - The Future of Networking & Security

intro

Today is an exciting day for the Cilium community: Isovalent, the company behind Cilium, is announcing its $29M Series A financing ro...

October 9, 2020

How Alibaba Cloud uses Cilium for High-Performance Cloud-Native Networking

header

A couple of weeks ago, the Alibaba team presented details on the new datapath for the Alibaba Cloud during the SIG Cloud-Provider-Ali...

October 6, 2020

How to perform a CNI Live Migration from Flannel+Calico to Cilium

teaser

This is a guest blog by Josh Van Leeuwen and covers how Josh implemented a CNI live migration for a customer, Sky Betting and Gaming,...

September 3, 2020

How Wildlife Studios built a Global Multi Cluster Gaming Infrastructure with Cilium

intro

Wildlife Studios is a Brazil-based global gaming company, one of the twenty largest mobile gaming companies in the world, with more t...

August 19, 2020

Google announces Cilium & eBPF as the new networking dataplane for GKE

google header

Today marks an exciting day for the Cilium community and all Cilium contributors, Google just announced that Cilium has been selected...

July 27, 2020

Multitenancy and Network Security in Kubernetes with Cilium

Introduction

Multitenancy is a common pattern in Kubernetes. Many organizations deploy Kubernetes-as-a-Service, where one cluster houses many tena...

June 29, 2020

How Cilium Protects Against Common Network Attacks

Introduction

Recently a vulnerability was discovered by Etienne Champetier that impacted several Kubernetes CNIs. The vulnerability worked by havi...

Cilium 1.8: XDP Load Balancing, Cluster-wide Flow Visibility, Host Network Policy, Native GKE & Azure modes, Session Affinity, CRD-mode Scalability, Policy Audit mode, ...

intro

We are excited to announce the Cilium 1.8 release. A total of 2162 commits have been contributed by a community of 182 developers, ma...

April 29, 2020

Building a Multi-node Environment with Cilium and K3s in Twenty Minutes or Less

Introduction

Like many of you, we have been feeling the pains of working remotely from home. We are living in a difficult time where many of us ha...

February 19, 2020

Cilium 1.7: Hubble UI, Cluster-wide Network Policies, eBPF-based Direct Server Return, TLS visibility, New eBPF Go Library, ...

Introduction

We are excited to announce the Cilium 1.7 release. A total of 1551 commits have been contributed by a community of 141 developers, ma...

December 18, 2019

Debugging and Monitoring DNS issues in Kubernetes

Kubernetes DNS resolution

DNS is a common cause for outages and incidents in Kubernetes clusters. For real-world stories, swing by Kubernetes Failure Stories. ...

November 19, 2019

Announcing Hubble - Network, Service & Security Observability for Kubernetes

Hubble Architecture

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Hubble is open source softwa...

August 20, 2019

Cilium 1.6: KVstore-free operation, 100% kube-proxy replacement, Socket-based load-balancing, Generic CNI Chaining, Native AWS ENI support, ...

Introduction graph

We are excited to announce the Cilium 1.6 release. A total of 1408 commits have been contributed by the community with many developer...

May 3, 2019

Cilium User Survey March 2019 - The Results

next features

Back in March we have asked our users to provide feedback via our first ever user survey. Many of you have responded and the results ...

April 29, 2019

Cilium 1.5: Scaling to 5k nodes and 100k pods, BPF-based SNAT, and Rolling Key Updates for Transparent Encryption

Header

We are excited to announce the Cilium 1.5 release. Cilium 1.5 is the first release where we primarily focused on scalability with re...

March 18, 2019

Deep Dive into Cilium Multi-cluster

Introduction

This is a deep dive into ClusterMesh, Cilium's multi-cluster implementation. In a nutshell, ClusterMesh provides:...

February 12, 2019

Cilium 1.4: Multi-Cluster Service Routing, DNS Authorization, IPVLAN support, Transparent Encryption, Flannel Integration, Benchmarking other CNIs, ...

Release Overview

We are excited to announce the Cilium 1.4 release. The release introduces several new features as well as optimization and scalabilit...

October 31, 2018

Open Source DNS-aware Kubernetes Network Policies Using Cilium

We’re very excited to always be pushing the envelop of what is possible using open source technology like Cilium with Kubernetes, and...

October 23, 2018

Cilium 1.3: Go extensions for Envoy, Cassandra & Memcached Support

Envoy Golang Extension Architecture

We are excited to announce the Cilium 1.3 release. The release introduces several new features. The major highlight of the release is...

September 20, 2018

Kubernetes Network Policies Using Cilium - Controlling Ingress/Egress from Namespaces

Kubernetes clusters are used by multiple tenants to run their containerized workloads. Often, the tenant workloads are mapped to name...

August 21, 2018

Cilium 1.2: DNS Security Policies, EKS Support, ClusterMesh, kube-router integration, ...

We are excited to announce the Cilium 1.2 release. The release introduces several new features addressing the top asks from Cilium us...

August 7, 2018

Istio 1.0: How Cilium enhances Istio with socket-aware BPF programs

Istio 1.0 was released last week. From the Cilium community, we would like to congratulate all Istio contributors for this massive ef...

July 7, 2017

Tutorial: Applying HTTP security rules with Kubernetes

This blog post focuses on Layer 7 (HTTP) policy rules and how to apply them for both outgoing and incoming connections in the context...