Cilium is an open-source networking, observability, and security solution for Kubernetes powered by eBPF. It provides high-performance networking, transparent encryption, and advanced network policies.
What Is Cilium?
Cilium is a CNCF graduated project that uses eBPF to provide networking, security, and observability at the Linux kernel level. It replaces kube-proxy and traditional CNI plugins with eBPF programs that run directly in the kernel.
Key Features:
- eBPF-based dataplane (no iptables)
- Network policies (L3/L4/L7)
- Transparent encryption (WireGuard/IPsec)
- Hubble observability platform
- Service mesh (sidecar-free)
- Multi-cluster connectivity (ClusterMesh)
- BGP support
- Bandwidth management
Installation
# Install Cilium CLI
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
tar xzf cilium-linux-amd64.tar.gz
sudo mv cilium /usr/local/bin/
# Install Cilium on cluster
cilium install --version 1.16.0
# Enable Hubble (observability)
cilium hubble enable --ui
# Verify installation
cilium status
Network Policies (L3-L7)
# Allow only frontend to access backend API
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: backend-policy
spec:
endpointSelector:
matchLabels:
app: backend
ingress:
- fromEndpoints:
- matchLabels:
app: frontend
toPorts:
- ports:
- port: "8080"
protocol: TCP
rules:
http:
- method: GET
path: "/api/.*"
- method: POST
path: "/api/orders"
Hubble API: Network Observability
# Observe flows in real-time
hubble observe --namespace production
# Filter by verdict
hubble observe --verdict DROPPED
# Filter by HTTP
hubble observe --protocol http --http-status 500
# Export as JSON
hubble observe --output json | jq '.flow.source.labels'
import subprocess
import json
# Get network flows programmatically
result = subprocess.run(
["hubble", "observe", "--output", "json", "--last", "100"],
capture_output=True, text=True
)
flows = [json.loads(line) for line in result.stdout.strip().split("\n") if line]
for flow in flows:
src = flow.get("flow", {}).get("source", {}).get("labels", [])
dst = flow.get("flow", {}).get("destination", {}).get("labels", [])
verdict = flow.get("flow", {}).get("verdict", "")
print(f"{src} -> {dst}: {verdict}")
ClusterMesh: Multi-Cluster
# Enable ClusterMesh on both clusters
cilium clustermesh enable --context cluster1
cilium clustermesh enable --context cluster2
# Connect clusters
cilium clustermesh connect --context cluster1 --destination-context cluster2
# Now services can discover each other across clusters!
Cilium API via Kubernetes
from kubernetes import client, config
config.load_kube_config()
custom = client.CustomObjectsApi()
# List CiliumNetworkPolicies
policies = custom.list_namespaced_custom_object(
group="cilium.io",
version="v2",
namespace="default",
plural="ciliumnetworkpolicies"
)
for policy in policies["items"]:
print(f"Policy: {policy['metadata']['name']}")
ingress = policy["spec"].get("ingress", [])
egress = policy["spec"].get("egress", [])
print(f" Ingress rules: {len(ingress)}, Egress rules: {len(egress)}")
# List Cilium endpoints
endpoints = custom.list_namespaced_custom_object(
group="cilium.io",
version="v2",
namespace="default",
plural="ciliumendpoints"
)
for ep in endpoints["items"]:
status = ep.get("status", {})
print(f"Endpoint: {ep['metadata']['name']}, ID: {status.get('id')}, State: {status.get('state')}")
Resources
- Cilium Docs
- Cilium GitHub — 20K+ stars
- Hubble
Need to scrape web data for your cloud-native apps? Check out my web scraping tools on Apify — production-ready actors for Reddit, Google Maps, and more. Questions? Email me at spinov001@gmail.com
Top comments (0)