https://cilium.io/blog/2020/11/10/ebpf-future-of-networking/
Cilium 1.8: XDP Load Balancing, Cluster-wide Flow Visibility, Host Network Policy, Native GKE & Azure modes, Session Affinity, CRD-mode Scalability, Policy Audit mode, ...
https://cilium.io/blog/2020/06/22/cilium-18
https://mobilabsolutions.com/2019/01/why-we-switched-to-cilium/
https://cilium.io/blog/2019/03/12/clustermesh
https://docs.cilium.io/en/v1.9/operations/system_requirements/#required-kernel-versions-for-advanced-features
https://docs.cilium.io/en/v1.10/gettingstarted/kubeproxy-free/
Cilium’s kube-proxy replacement depends on the Host-Reachable Services feature, therefore a v4.19.57, v5.1.16, v5.2.0 or more recent Linux kernel is required. Linux kernels v5.3 and v5.8 add additional features that Cilium can use to further optimize the kube-proxy replacement implementation.
kubectl delete ds kube-proxy -n kube-system
https://cilium.io/blog/2020/11/10/cilium-19
https://docs.cilium.io/en/v1.10/gettingstarted/local-redirect-policy/
Local Redirect Policy allows Cilium to support the following use cases:
DNS node-cache listens on a static IP to intercept traffic from application pods to the cluster’s DNS service VIP by default, which will be bypassed when Cilium is handling service resolution at or before the veth interface of the application pod. To enable the DNS node-cache in a Cilium cluster, the following example steers traffic to a local DNS node-cache which runs as a normal pod.
full: https://github.com/cilium/cilium/blob/v1.10.0/install/kubernetes/cilium/values.yaml
minimal: https://github.com/STASiAN/cilium-workshop/blob/main/values.yaml
https://cilium.io/blog/2021/02/10/network-policy-editor
http:https://editor.cilium.io/
https://docs.cilium.io/en/v1.10/policy/intro/
https://github.com/cilium/star-wars-demo
kubectl exec -it cilium-pod -n kube-system -- bash
cilium status --verbose
cilium monitor --type policy-verdict
cilium identity list
cilium endpoint list
hubble observe -f
cilium-health status