Interview: Hubble Integration Added to DigitalOcean Kubernetes
Exclusive Interview with DigitalOcean on Integrating Hubble into their Kubernetes Offering
Community
Popular posts
Cilium 1.15 – Gateway API 1.0 Support, Cluster Mesh Scale Increase, Security Optimizations and more!
Cilium 1.15 has arrived with Gateway API 1.0 Support, Cluster Mesh Scale Increase, Security Optimizations, and more
Community
External
Cilium in Paris! See you at KubeCon Europe 2024
There is an amazing lineup of Cilium activities at KubeCon + CloudNativeCon
Community
All posts
How Cilium Protects Against Common Network Attacks
Recently a vulnerability was discovered by Etienne Champetier that impacted several Kubernetes CNIs. The vulnerability worked by having an attacker pod send rogue IPv6 “Router Advertisement” packets to the host worker node, causing the node to route its IPv6 traffic through the attackers pod (commonly known as “Man-In-The-Middle”). Fortunately for users of Cilium, this vulnerability didn’t impact their environments because of several built-in and on-by-default security features provided by Cilium.In this blog post, we’ll discuss how on-by-default Cilium features automatically protect against these common types of network attacks.
How-To
Cilium 1.8: XDP Load Balancing, Cluster-wide Flow Visibility, Host Network Policy, Native GKE & Azure modes, Session Affinity, CRD-mode Scalability, Policy Audit mode, ...
We are excited to announce the Cilium 1.8 release. A total of 2162 commits have been contributed by a community of 182 developers, many of whom made their first contributions this cycle. Cilium 1.8 brings with it a trove of exciting new features
Release
最Cool Kubernetes网络方案Cilium入门
现代数据中心的应用系统已经逐渐转向基于微服务架构的开发体系,一个微服务架构的应用系统是由多个小的独立的服务组成,它们之间通过轻量通信协议如 HTTP、gRPC、Kafka 等进行通信。微服务架构下的服务天然具有动态变化的特点,结合容器化部署,时常会引起大规模的容器实例启动或重启。要确保这种向高度动态化的微服务应用之间的安全可达,既是挑战,也是机遇。
Community
Building a Multi-node Environment with Cilium and K3s in Twenty Minutes or Less
In this guide, we will walk through the steps required to build a multi-node Kubernetes cluster on your local workstation or laptop using K3s and Cilium. Then we'll show how you can use Hubble to inspect traffic in the cluster and visualize data exposed by the superpowers of eBPF and Cilium. We will also show you how to restrict the flow of traffic between applications. Finally, we will see how Cilium and Hubble can provide detailed information to help you solve problems related to compliance and regulations.
How-To
Cilium 1.7: Hubble UI, Cluster-wide Network Policies, eBPF-based Direct Server Return, TLS visibility, New eBPF Go Library, ...
We are excited to announce the Cilium 1.7 release. A total of 1551 commits have been contributed by a community of 141 developers, many of whom made their first contributions this cycle. Cilium 1.7 brings with it a trove of exciting new features
Release
User Story - How Trip.com uses Cilium
This post provides the background on how [Trip.com] uses Cilium and what lead the team to standardize on Cilium as their networking and network security platform for the years to come. It is a summary with some commentary of the original trip.com blog post by ArthurChiao from Trip.com/Ctrip which provides extensive details into the decision-making process and experiences while running Cilium in production.
Community
Debugging and Monitoring DNS issues in Kubernetes
DNS is a common cause for outages and incidents in Kubernetes clusters. For real-world stories, swing by Kubernetes Failure Stories. How do you debug and troubleshoot DNS issues? How do you know a problem is related to DNS? This guide provides a step by step tutorial on how to systematically troubleshoot DNS issues in Kubernetes clusters. We will be using [Hubble] to identify and inspect DNS issues as well as set up monitoring so we can locate DNS issues early on to react even before incidents occur.
How-To
Announcing Hubble - Network, Service & Security Observability for Kubernetes
Hubble is a fully distributed networking and security observability platform for cloud native workloads. Hubble is open source software and built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.
Technology
Thomas Graf on Cilium, the 1.6 Release, eBPF Security, & the Road ahead
Thomas Graf discusses the recent 1.6 release, some of the security questions/concerns around eBPF, and the future roadmap for the project
Technology
External
Community
Slack
For live conversation and quick questions, join the Cilium Slack workspace. Don’t forget to say hi!
Join slack workspace