The new tool in the house! Cilium is API-aware networking and security for containers. It is an open source software for providing and transparently securing network connectivity and load balancing between application workloads such as application containers or processes.
- Identity-Based Security – Cilium visibility and security policies are based on the container orchestrator identity (e.g., Kubernetes labels). Never again worry about network subnets or container IP addresses when writing security policies, auditing, or troubleshooting.
- Blazing Performance – BPF is the underlying Linux superpower to do the heavy lifting on the data path by providing sandboxed programmability of the Linux kernel with incredible performance.
- API-Protocol Visibility + Security – Traditional firewalls only see and filter packets based on network headers like IP address and ports. Cilium can do this as well, but also understands and filters the individual HTTP, gRPC, and Kafka requests that stitch microservices together.
- Designed for Scale – Cilium was designed for scale, with no node-to-node interactions required when new pods are deployed, and all coordination through a highly scalable key-value store.
- Network plugin integrations: CNI, libnetwork
- Container runtime events: containerd
- Kubernetes: NetworkPolicy, Labels, Ingress, Service
- Logging: syslog, fluentd
Explore microservices topic to find out more.