Quickstart to Cilium
About
The purpose of this lab is to get you acquainted with Cilium, Hubble, the Network Policy Editor and a typical workflow on a locally provisioned Kubernetes cluster.
What problem does Cilium solve?
Cilium can load code into the Kernel via eBPF (extended Berkeley Packet Filter).
The host Kernel - shared by all containers running on the same system - can now be programmed.
This allows for observability and security features without sidecar containers.
Ephemeral Pods' IP addresses are not helpful - they are impossible to track going back in time - so here labels are used to identify traffic to and from endpoints.
Lab Quickstart
-
Setup a local Kubernetes cluster with kind
-
Install cilium
-
Setup hubble
-
Do the full exercise in the lab
-
Setup cluster mesh
Reference
Getting started
For a first introduction, head over to this place.
https://cilium.io/get-started/
Cilium labs by Isovalent
Here you can have a hands-on experience with a set of featured labs, including topics like "Introduction to eBPF" as well as BGP, Tetragon, IPSec and WireGuard.
Network policy editor
To edit your network policies interactively visit:
Operator for Red Hat OpenShift
You can also install Cilium as well as Isovalent Cilium Enterprise into an OpenShift Container Platform by using the operator.
https://catalog.redhat.com/software/operators/search?q=cilium