https://cilium.io/blog/2020/11/10/ebpf-future-of-networking/

https://ebpf.io

https://cilium.io/blog/2020/06/22/cilium-18

https://mobilabsolutions.com/2019/01/why-we-switched-to-cilium/

https://cilium.io/blog/2019/03/12/clustermesh

https://docs.cilium.io/en/v1.9/operations/system_requirements/#required-kernel-versions-for-advanced-features

https://docs.cilium.io/en/v1.10/gettingstarted/kubeproxy-free/

Cilium’s kube-proxy replacement depends on the Host-Reachable Services feature, therefore a v4.19.57, v5.1.16, v5.2.0 or more recent Linux kernel is required. Linux kernels v5.3 and v5.8 add additional features that Cilium can use to further optimize the kube-proxy replacement implementation.

kubectl delete ds kube-proxy -n kube-system

https://cilium.io/blog/2020/11/10/cilium-19

https://docs.cilium.io/en/v1.10/gettingstarted/local-redirect-policy/

Local Redirect Policy allows Cilium to support the following use cases:

DNS node-cache listens on a static IP to intercept traffic from application pods to the cluster’s DNS service VIP by default, which will be bypassed when Cilium is handling service resolution at or before the veth interface of the application pod. To enable the DNS node-cache in a Cilium cluster, the following example steers traffic to a local DNS node-cache which runs as a normal pod.

full: https://github.com/cilium/cilium/blob/v1.10.0/install/kubernetes/cilium/values.yaml

minimal: https://github.com/STASiAN/cilium-workshop/blob/main/values.yaml

https://cilium.io/blog/2021/02/10/network-policy-editor

http:https://editor.cilium.io/

https://docs.cilium.io/en/v1.10/policy/intro/

https://github.com/cilium/star-wars-demo

kubectl exec -it cilium-pod -n kube-system -- bash

cilium status --verbose
cilium monitor --type policy-verdict
cilium identity list
cilium endpoint list
hubble observe -f
cilium-health status

cilium/cilium#15148