Policy Enforcement Modes : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instruc�ons for configuring metrics collec�on from Cilium. Troubleshoo�ng virtual network spawning all hosts. Currently VXLAN and Geneve are baked in but all encapsula�on formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and generic -n kube-system cilium-etcd-secrets \ --from-file=etcd-client-ca.crt=ca.crt \ --from-file=etcd-client.key=client.key \ --from-file=etcd-client.crt=client.crt In case you are not using

Policy Enforcement Modes : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instructions for configuring metrics collection from Cilium. Troubleshooting virtual network spanning all hosts. Currently VXLAN and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and prepare generating the deployment artifacts based on the Helm templates. Generate the required YAML file and deploy it: helm template cilium \ --namespace kube-system \ --set global.etcd.enabled=true

Policy Enforcement Modes : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instructions for configuring metrics collection from Cilium. Troubleshooting virtual network spanning all hosts. Currently VXLAN and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and Instead it uses YAML configuration that is very similar to Kubernetes. Create a kind-config.yaml file based on the following template. The template will create 3 node + 1 apiserver cluster with the latest

modes. Network Policy : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instructions for configuring metrics collection from Cilium. Troubleshooting virtual network spanning all hosts. Currently VXLAN and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and network-plugin=cilium parameter in minikube start command. With this flag enabled, minikube will not only mount eBPF file system but also deploy quick- install.yaml automatically. 4. Mount the eBPF filesystem minikube

modes. Network Policy : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instructions for configuring metrics collection from Cilium. Troubleshooting virtual network spanning all hosts. Currently VXLAN and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and to use ClusterConfig [https://eksctl.io/usage/creating- and-managing-clusters/#using-config-files] file to create the cluster: apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig ... managedNodeGroups:

modes. Network Policy : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instructions for configuring metrics collection from Cilium. Troubleshooting virtual network spanning all hosts. Currently VXLAN and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and cni=cilium parameter in minikube start command. With this flag enabled, minikube will not only mount eBPF file system but also deploy quick- install.yaml automatically. However, this may not install the latest

modes. Network Policy : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instructions for configuring metrics collection from Cilium. Troubleshooting virtual network spanning all hosts. Currently VXLAN and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and to use ClusterConfig [https://eksctl.io/usage/creating- and-managing-clusters/#using-config-files] file to create the cluster: apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig ... managedNodeGroups:

OSS version awesome - Better documentation (including how to measure overhead) - Add more output formats - Open source GDB / drgn helper - Other tools? - Containers support? - Support request-oriented

picture:Right click on image > Replace image > Select file 3 Requirements for Scaling Up TIP: To change picture:Right click on image > Replace image > Select file ❏ Secure Network Isolation ❏ Network Visibility Security and Auditing 5 Scalability and Maintainability Source: https://commons.wikimedia.org/wiki/File:Pictofigo-Scalability.png 6 Evaluating eBPF CNI Offerings 7 8 9 10 Evaluating Cilium and Hubble 11 Cilium Benefits TIP: To change picture:Right click on image > Replace image > Select file ❏ Pod network filtering uses eBPF rather than iptables ❏ More flexible network policies ❏ Tools

8 4 / 7 Our Policy Language Rules and Directives Rules specify access to system objects: ▶ fs(file, access) ▶ net(socket, access) ▶ signal(prog, sig) ▶ etc. Directives augment blocks of rules: ▶