Podcasts Community blog posts Glossary Introduction to Cilium What is Cilium? Cilium is open source so�ware for transparently securing the network connec�vity between applica�on services deployed using BPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container iden�ty (in contrast to IP address iden�fica�on microk8s.daemon-kubelet.service Install or configure kubectl . Microk8s provides a version of kubectl, so if you don’t otherwise have it installed then you can simply alias the microk8s version: snap alias

over systems and applications at a granularity and efficiency that was not possible before. It does so in a completely transparent way, without requiring the application to change in any way. eBPF is equally eBPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification eu-west-1 managedNodeGroups: - name: ng-1 desiredCapacity: 2 privateNetworking: true # taint nodes so that application pods are # not scheduled/executed until Cilium is deployed. # Alternatively, see

over systems and applications at a granularity and efficiency that was not possible before. It does so in a completely transparent way, without requiring the application to change in any way. eBPF is equally eBPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification eu-west-1 managedNodeGroups: - name: ng-1 desiredCapacity: 2 privateNetworking: true # taint nodes so that application pods are # not scheduled/executed until Cilium is deployed. # Alternatively, see

BPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification filesystem Restart remaining pods Once Cilium is up and running, restart all pods in kube-system so they can be managed by Cilium, similar to the steps that we have previously performed for kube- dns create and deploy an AKS cluster with the exception of specifying the Network Policy option. Doing so will still work but will result in unwanted iptables rules being installed on all of your nodes. If

over systems and applications at a granularity and efficiency that was not possible before. It does so in a completely transparent way, without requiring the application to change in any way. BPF is equally BPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification ments/#firewall-rules]. Please note that openshift-install doesn’t support custom firewall rules, so you will need to use one of the following scripts if you are using AWS or GCP. Azure does not need

BPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification cilium https://helm.cilium.io/ (optional, but recommended) Pre-load Cilium images into the kind cluster so each worker doesn’t have to pull them. docker pull cilium/cilium:v1.7.16 kind load docker-image cilium/cilium:v1 "us-west-2" region is ready Delete VPC CNI (aws-node DaemonSet) Cilium will manage ENIs instead of VPC CNI, so the aws-node DaemonSet has to be deleted to prevent conflict behavior. Note Once aws-node DaemonSet

over systems and applications at a granularity and efficiency that was not possible before. It does so in a completely transparent way, without requiring the application to change in any way. eBPF is equally eBPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification ments/#firewall-rules]. Please note that openshift-install doesn’t support custom firewall rules, so you will need to use one of the following scripts if you are using AWS or GCP. Azure does not need