Assign External IPs to LoadBalancer Services with Cilium IPAM
Cilium's IP Address Management IPAM can dynamically assign external IP addresses to your LoadBalancer services, eliminating the need for pre-allocated s.
Cilium Articles
50 articles
Scrape Cilium Metrics with Prometheus
Cilium's metrics are designed to be scraped by Prometheus, but Prometheus can't magically find them without explicit configuration.
Use cilium monitor to Debug Live Network Traffic
Cilium monitor isn't just a packet capture tool; it's a live, event-driven stream of what Cilium's data plane is actually doing with your network traffi.
Build a Mutual TLS Service Mesh with Cilium Without a Sidecar
Build a Mutual TLS Service Mesh with Cilium Without a Sidecar — practical guide covering cilium setup, configuration, and troubleshooting with real-worl...
Configure Multi-Homing in Cilium for Multiple Network Interfaces
Cilium can leverage multiple network interfaces on a node, but it doesn't automatically distribute traffic across them for pod networking.
Enable Multicast Support in Cilium for Streaming Workloads
Cilium's support for multicast is surprisingly robust, allowing you to treat IP multicast as if it were just another network protocol, directly integrat.
Write Cilium Network Policies to Restrict Pod Communication
Cilium Network Policies are a declarative way to define network connectivity between pods, offering a more powerful and granular alternative to Kubernet.
Configure Per-Node IPAM in Cilium for Custom IP Ranges
Cilium doesn't just assign IPs to pods; it can be told to manage IP address assignment per node, which is wild because most networking solutions just ha.
Configure Node-Local DNS with Cilium for Reduced DNS Latency
Node-local DNS caching is a powerful technique to slash DNS resolution times for your Kubernetes pods, and when combined with Cilium's advanced networki.
Configure the Cilium Operator for Production Clusters
The Cilium Operator is not just a control plane for your CNI; it's the central nervous system that manages the lifecycle of your network policies and id.
Benchmark Cilium Network Performance with netperf and iperf3
Cilium can achieve near-zero packet loss even under extreme load, often outperforming traditional kernel networking stacks.
Read Cilium Policy Verdict Logs to Debug Dropped Packets
Cilium policy verdicts are the ultimate arbiter of whether a packet is allowed or denied, and understanding how to read these logs is key to debugging w.
Harden Cilium for Production: Network Policy and Encryption
Harden Cilium for Production: Network Policy and Encryption — practical guide covering cilium setup, configuration, and troubleshooting with real-world ...
Replace kube-proxy with Cilium for eBPF-Based Service Routing
Cilium doesn't just replace kube-proxy; it fundamentally rewrites how Kubernetes networking works at the kernel level using eBPF.
Enforce Runtime Security Policies with Cilium and Tetragon
Enforce Runtime Security Policies with Cilium and Tetragon — practical guide covering cilium setup, configuration, and troubleshooting with real-world e...
Enable Cilium Service Mesh Mode Without Envoy Sidecars
Cilium can operate as a service mesh without injecting Envoy sidecars into your application pods. Let's see Cilium's service mesh capabilities in action
Detect Runtime Threats in Kubernetes with Cilium Tetragon
Cilium Tetragon can detect runtime threats in Kubernetes by observing and filtering system calls. Let's see Tetragon in action
Troubleshoot Cilium Connectivity: Endpoints, Policies, DNS
Cilium’s fundamental unit of network policy enforcement isn’t pods, but individual network endpoints, and understanding the lifecycle of these endpoints.
Cilium VXLAN vs Geneve Tunnel Mode: Which to Choose
Cilium VXLAN vs Geneve Tunnel Mode: Which to Choose — practical guide covering cilium setup, configuration, and troubleshooting with real-world examples.
Upgrade Cilium Without Disrupting Running Workloads
Cilium's control plane is designed to be upgraded with zero impact on your running workloads, but the data plane the eBPF programs in the kernel needs a.
Enable XDP Acceleration in Cilium to Maximize Packet Throughput
XDP bypasses the Linux kernel's network stack entirely, allowing you to run eBPF programs directly on incoming network packets at the earliest possible .
Set Up Azure CNI Powered by Cilium on AKS
Azure CNI, when powered by Cilium, fundamentally changes how network policies are enforced on Azure Kubernetes Service AKS clusters, shifting from iptab.
Control Pod Bandwidth with Cilium Bandwidth Manager
Cilium's Bandwidth Manager can enforce bandwidth limits on individual pods, preventing noisy neighbors from consuming all available network resources an.
Configure BGP Control Plane in Cilium for External Routing
BGP control plane in Cilium doesn't actually do BGP routing; it's a sophisticated mechanism for distributing network policies to external BGP speakers.
Inspect Cilium BPF Maps to Debug Network Policies
Cilium's BPF maps are the real-time, kernel-level state of your network policies, and inspecting them is like looking directly into the network traffic'.
How Cilium BPF Masquerade Replaces iptables NAT
Cilium BPF masquerade isn't just an alternative to iptables NAT; it fundamentally rethinks how network address translation works in a Kubernetes environ.
Connect Multiple Kubernetes Clusters with Cilium Cluster Mesh
Cilium Cluster Mesh lets you manage multiple Kubernetes clusters as a single, unified network, but its real magic is how it makes them forget they're se.
Configure Cilium Cluster Pool IPAM for Pod IP Management
Cilium's Cluster Pool IPAM feature is designed to solve the problem of IP address exhaustion in large Kubernetes clusters by allowing you to pre-allocat.
CiliumNetworkPolicy vs ClusterwideCiliumNetworkPolicy: When to Use Each
Cilium's NetworkPolicy is fundamentally a node-local construct, while ClusterwideCiliumNetworkPolicy operates at the cluster level, offering a more cent.
Debug Cilium Datapath Connectivity Issues Step by Step
Cilium's datapath isn't just a black box of eBPF; it's a sophisticated system where network packets are intercepted, inspected, and rewritten on the fly.
Configure Cilium Native Routing to Skip Encapsulation Overhead
Cilium Native Routing also known as Direct Routing or ENI mode in AWS lets your pods communicate directly with other pods and services on the same netwo.
Enforce DNS-Based Network Policies with Cilium
Cilium doesn't just enforce network policies; it leverages DNS to make those policies dynamically aware of service identities, allowing you to write rul.
How Cilium Uses eBPF to Replace iptables in Kubernetes
Cilium doesn't just use eBPF to replace iptables in Kubernetes; it fundamentally rethinks networking by treating network packets as events that can be p.
Route Egress Traffic Through a Static IP with Cilium Egress Gateway
Cilium Egress Gateway lets you route outbound traffic from your Kubernetes pods through a specific, static IP address, bypassing the ephemeral IPs typic.
Install Cilium on EKS and Replace the Default CNI
Cilium replaces the default AWS VPC CNI on EKS, giving you advanced networking and security features that the default CNI simply doesn't offer.
Encrypt Pod Traffic with Cilium: WireGuard vs IPSec
Your Kubernetes pods are talking to each other in plaintext, and that's a problem if you're running sensitive workloads.
Write Cilium Endpoint Policies to Control Pod-Level Traffic
Cilium's endpoint policies are how you enforce granular network security down to the individual pod level, and they operate on a fundamentally different.
Use Cilium as a Gateway API Implementation in Kubernetes
Gateway API is the future of ingress in Kubernetes, and Cilium is a powerful implementation that offers a lot more than just basic L4 load balancing.
Enable GKE Dataplane V2 Powered by Cilium
GKE Dataplane V2, powered by Cilium, fundamentally changes how network packets flow within your Google Kubernetes Engine clusters, shifting from the tra.
Set Up Cilium Monitoring with Grafana and Prometheus
Cilium's observability isn't just about seeing network traffic; it's about understanding the distributed system's health and performance through the len.
Configure Cilium Node Health Checks for Cluster Connectivity
Cilium's node health checks aren't just about whether a node is up, they're fundamentally about whether your Kubernetes cluster can reliably route traff.
Cilium Helm Values Reference: Key Options for Production
Cilium's Helm chart offers a staggering number of options, but a few key values can drastically alter your cluster's networking behavior and performance.
Observe Network Traffic in Kubernetes with Cilium Hubble
Hubble is Cilium's built-in network observability tool, and it's your window into what's actually happening with your network traffic inside Kubernetes.
Configure Hubble Relay for Cross-Node Flow Visibility
Configure Hubble Relay for Cross-Node Flow Visibility. Hubble Relay lets you see network traffic between pods, not just on a node. Let's see it in action
Set Up Hubble UI for Visual Network Flow Inspection
Hubble UI, when you first spin it up, can feel like a black box, but it's actually a surprisingly simple system for visualizing network flows generated .
How Cilium Security Identities Work Instead of IP-Based Rules
Cilium security identities are a revolutionary way to manage network security, ditching brittle IP addresses for something far more robust and dynamic.
Use Cilium as a Kubernetes Ingress Controller
Cilium can bypass traditional load balancers and directly manage ingress traffic, making it a more integrated and performant solution for Kubernetes ing.
Install Cilium on Kubernetes: Step-by-Step Guide
Cilium on Kubernetes isn't just a CNI; it's a fundamental shift in how your network operates, treating network packets as objects to be manipulated with.
Choose the Right Cilium IPAM Mode for Your Cluster
Cilium's IP Address Management IPAM mode is the unsung hero that determines how your Kubernetes cluster gets IP addresses for its pods.
Enforce Layer 7 HTTP and gRPC Policies with Cilium
Cilium uses eBPF to enforce Layer 7 policies directly on network packets, allowing fine-grained control over HTTP and gRPC traffic without traditional p.