📢 Cilium 1.15 is released! 2705 commits from 690 developers made this happen 🤩
➡️ Gateway API 1.0 support
🔐 BGP session authentication
👁️ tons of improvements to Hubble observability
🌍 scalability and security enhancements
and lots more! Docs here:
Introducing - Learn everything about eBPF
- Docs, Tutorials, Reference guides
- eBPF projects directory
- An aggregated blog
- Help in getting started with contributions
- Slack channel
- Open repository & CC BY 4.0
Cilium is now officially a
@CloudNativeFdn
Graduated Project 🐝
Thank you to all of the contributors, community members, adopters, and supporters that have helped make this milestone possible!
The eBPF Go library powering Cilium 1.7 is now available for everyone. It is jointly maintained by
@Cloudflare
and the Cilium Team.
- Pure GO, no CGO
- Minimal external dependencies
- Loading, compling and troubleshooting eBPF progs
- eBPF maps
Cilium 1.2 announcement:
o DNS/FQDN based security policies
o AWS EKS support
o Integrated etcd operator
o BGP support via kube-router integration
o Pod networking & security across Kubernetes clusters (ClusterMesh)
Cilium 1.4.0 is out!
* Multi-Cluster service routing
* IPVLAN support
* DNS request authorization
* Transparent Encryption
* Sockmap/BPF based sidecar acceleration
* Flannel Integration
* [...]
* Bonus: Benchmark against other CNIs
Cilium 1.10 has been released! 🎉🎉🎉
Wireguard Support, ServiceIP BGP Announcements, Static Egress IP Gateway, New Cilium CLI, XDP Load Balancer with PCAP recorder, Alibaba Cloud Integration, Performance improvements, and much more...
Cilium 1.5 is available:
* Scalability to 5k nodes, 100k pods, 20k services
* BPF templating
* Rolling key updates and direct-routing support for transparent encryption
* BPF-based masquerading for IPVLAN
* Istio 1.1.3 support
Cilium 1.8 has been released! 🎉🎉🎉
* XDP Load Balancing Support
* Cluster-wide flow visibility
* Better policy visibility and control
* Performance optimizations
* Making more functionality iptables-free
* Native Azure IPAM
* Initial ARM64 Support
* ...
Cilium 1.3 (LTS) announcement:
o
@EnvoyProxy
Go Extensions
o Cassandra & Memcached support
o TTL support for DNS policies
o GKE COS enablement
o Fully resilient key-value store
Today, Google announced the availability of Cilium as the new GKE networking dataplane.
What a great honor for everyone who has contributed to the Cilium project and to eBPF overall. Thank you to everyone!
Background story:
🎉 Cilium 1.11 has been released!
- OpenTelemetry
- Service Mesh beta
- Topology Aware Routing
- Many on-premises Features
- BGP Pod CIDR Announcement
- Graceful Service Backend Termination
...
We are getting ready for
@KubeCon_
. Design inspired by
@jessfraz
, artwork by
@vadim_legend
.
Stop by to say hi, grab a sticker, and don't miss our talk on zero cost service mesh injection with
@EnvoyProxy
and BPF.
🐝Cilium 1.14 is here 🐝
🕸️Service Mesh & Mutual Authentication
🚡 Networking beyond Kubernetes
🌅 Day 2 Operations and Scale
🔎 Hubble and Observability
👮 CNI Networking and Security
See the 🧵 for details
🐝Cilium 1.12 - Release Announcement 🐝
Yet another massive release! 🚀
Integrated Ingress Controller, Cilium Service Mesh, Multi-Cluster Service Affinity, Stable Egress Gateway, NAT46 for Services, IPv6 for BGP, AKS BYOCNI, BBR, and more...
Cilium 1.7 is available! 🎉🎉🎉
o Hubble UI Open Sourced
o Cluster-wide Network Policies
o New eBPF Go Library
o eBPF-based DSR, ExternalIP, and EndpointSlices
o TLS visibility for HTTP
o ...
Cilium 1.9 has been released! 🎉🎉🎉
Maglev, Deny Policies, VM/Metal Support, OpenShift, Hubble mTLS, Bandwidth Manager, eBPF Node-Local Redirect, Datapath Optimizations, ...
FYI: Release blog has an animated GIF with 🔥. Can it get any better?
🐝 Cilium 1.13 Release Announcement 🐝
Cilium 1.13 features Gateway API, mTLS datapath, Service Mesh, BIG TCP, SBOM, SNI NetworkPolicy, SCTP, load balancer IPAM, and more
Thank you to the 530 developers who added 2101 new commits
Exciting news in the Cilium ecosystem! Cisco has announced it’s planning to acquire
@Isovalent
, backing
#eBPF
, Cilium and Tetragon as the leading technologies in the cloud native networking and security space
Celebrating
@IstioMesh
1.0: How Cilium enhances Istio with socket-aware BPF programs
- Using BPF/kTLS to enable Istio if app uses TLS
- Enhance Istio security with intra pod container segmentation using socket-aware BPF programs
Great photo from
@brendangregg
during the eBPF conference
Engineers from Cilium, Cloudflare, Google (Project Zero), Facebook, Netflix, Netronome and Redhat are discussing the future of eBPF.
Cilium 1.1 has been released 🎉
33 contributors have contributed 964 commits to this release. A big shout out to the entire community for all the contributions, testing, and feedback. 👏
Deep dive into Cilium multi-cluster:
- Service discovery with standard Kubernetes services
- Native performance, no proxies, no gateways
- NetworkPolicy or CiliumNetworkPolicy
- Transparent encryption
- Scalable control plane with etcd proxies
Wondering how to manage
@kubernetesio
cluster networking at scale like
@IKEA
?
Learn how
@Nielsen77K
from IKEA IT AB is doing it at Cloud Native eBPF Day
Using kubectl to introspect Kubernetes nodes with BPF. Allows to use all of the bpftrace templates. Awesome project by
@fntlnz
kubectl-trace:
bpftrace:
Announcing the release of Tetragon 1.0🎉 🎉
A huge shoutout to everyone who's chipped in, tested, shared feedback, and used Tetragon. This is a milestone, and it's all thanks to you!
See the release notes for changes and bugfixes 👇
Cluster-wide network policies have been merged today. Huge contribution by Deepesh Pathak (
@fristonio
). Awesome work Deepesh 👏 and welcome to the Cilium core team.
We have moved into our new expanded Zurich office 😍 🥳
@martyns
is putting on the finishing touches 🌻while
@aanm__
enjoys his new corner office.
Swing by if you travel through Zurich, we have ☕️ and working space.
The eBPF documentary debuted yesterday at
#KubeConNA
2023!
Join us in exploring the untold story of eBPF from its inception to its adoption in the cloud native ecosystem and how it is driving the ecosystem forward through projects like Cilium 👇
"The Cilium project has an exceptional cilium/ebpf Golang library that compiles and interacts with eBPF probes within Golang code."
Leading to:
-40% memory usage
-98% container restarts from OOMKilled
-80% in deployment time per Kubernetes cluster
We are pleased to introduce the availability of Cilium in the Red Hat Ecosystem Catalog as well as the certification of Cilium as a Certified OpenShift CNI plugin.
PSA: Cilium's eBPF-based k8s services implementation is NOT vulnerable to CVE-2020-8558 (kube-proxy: Node setting allows for neighboring hosts to bypass localhost boundary).
Enjoy your iptables-free NodePort and go have brunch.
[0]
Analysis of the reported HTTP/FTP performance problem.
TL;DR: Caused by how curl reports the transfer rate when a TCP connection is delayed due to optimistic async network setup to optimize pod/s scheduling. Kudos to
@alexisducastel
for reporting!
The vote for Cilium's graduation is officially open 🗳️
You can add your 👍 on the vote to show support or track the progress of it there
Once 2/3 of the TOC vote yes, Cilium will become a graduated project with CNCF 🚀 🐝
Cilium eBPF-based load balancer enabled
@seznam_cz
to switch from IPVS, reducing CPU consumption by 72x while still seamlessly handling their production traffic.
Want to learn more?
Here you go👇
Learn about Cilium & BPF at
#KubeCon
next week:
Extending Envoy with Go & Cilium
Connecting Kubernetes Clusters Across Cloud Providers
Implementing Least Privilege Security and Networking with BPF
The Call For Papers for eBPF Summit 2021 is now open!
If you're using eBPF-based open source projects to solve real world problems, we'd love to hear your story
Cilium User Survey March 2019 - The Results
- 39.3% want to see kube-proxy disappear 👻
- 37% love YAML
- 33.9% want to see
@SPIFFEio
integration
- 86.9% are using self-managed k8s
cilium/ebpf (ebpf-go) v0.10.0 has been released! 🎊🚀
This is a huge release with BTF marshaling support, a multi-year effort. It makes BTF and all its current use cases fully programmable from Go. Thank you to every contributor who made it possible!
🗞️ eBPF Updates
#5
has been released:
Highlights:
- Cilium applies for CNCF
- Working on eBPF via Google Summer of Code
- New weekly eBPF & Cilium Office Hours (eCHO)
- eBPF in systems, static linking & eBPF
- eBPF @ LPC CFP
- New eBPF kernel features
🐝 New pwru release 🐝
Version: 1.0 🎉 🤯
Major Changes:
- Added support for libpcap-based filtering
- Fixed pwru slow loading on Ubuntu
- Fixed trace losses due to the perf ring buffer being full
Full release notes 👇
Update and provide us feedback!
Troubleshooting Series Part 1:
cilium-health - simple cluster connectivity health
* Latency for ICMP and HTTP between all cluster nodes
* Who to blame when the network is unhealthy? user? iptables? fabric?
"Cilium has become the gold standard for Kubernetes networking. Cilium’s adoption of eBPF and XDP provides a future-facing solution, enriched with the best debugging tool available (Hubble) and the best developer experience with the Cilium Editor"
🐝 Graduation Public Comment Open 🐝
🧑💻 613 contributors
🏷️242 releases
📑 24,853 commits
💼 63 public case studies
Please add your ➕1⃣ for Cilium Graduation on the mailing list to show your support for everything the community has built so far 🚀
eBPF Go library 0.4 has been released
- Unpin support for maps & programs
- BTF-style declaration for nested maps
- Global runtime stats for programs
- Batch* methods for some map type
- Tag support
- A lot more examples
Interested in how Datadog uses Cilium?
As part of the Datadog on Kubernetes series,
@arapulido
and
@lbernail
discuss why and how Datadog migrated to Cilium.
New Kubernetes cluster (1.15 w/ kubeadm, Cilium). I expected to find very few iptables rules finally (no kube-proxy etc), but, uh...
I guess it _really_ makes to make sure it DROPs that pattern. Repeating the same iptables rule 6,979 times oughta do it.
Solve the networking mystery 🔍
"That’s the beautiful thing about pwru. Network flow debugging historically required you to know what you don't know. pwru provides end-to-end knowledge and lets you find the culprit even without this foresight"
We are thrilled to announce that Cilium has been accepted as a mentor organization in this year's Google Summer of Code! 🎉
#GSoC2021
For more details see:
Or join
#gsoc
on
📢 eBPF Updates
#3
is available
Atomics Operations, Socket Options Retrieval, Syscall Tracing Benchmarks, eBPF in the Supply Chain, and other recent developments in the eBPF space.
Kudos to
@qeole
& team
.
@martyns
shared at KubeCon how replacing iptables and kube-proxy with
#eBPF
improves performance in your Kubernetes cluster while also simplifying troubleshooting by providing native visibility tools
Slides:
Interested in Cilium's upcoming Wireguard integration?
@lizrice
and
@martyns
will get hands-on with Wireguard & Cilium in this week's eCHO live stream.
Interested in eBPF & Hubble? Learn more at the following KubeCon EU talks:
eBPF and Kubernetes: Little Helper Minions for Scaling Microservices - Daniel Borkmann
Hubble - eBPF Based Observability for Kubernetes - Sebastian Wicki
Awesome guest post by
@howardhh5
of ect888. How to set up Cilium + F5 + BIRD to load-balance directly into a bare-metal Kubernetes cluster to avoid NodePort and thus avoid SNAT and extra hops.