网络组研发负责人 演讲人 cilium介绍 https://cilium.io https://github.com/cilium cilium是 kubernetes 的 CNI 网络解决方案，创新采用了 eBPF datapath，为 kubernetes网络和 linux 社区的 eBPF 发展，启动了 最要的推动作用。 截止 2021.10 ，cilium github 项目已有 9.3K star，Contributors star，Contributors 316位 cilium的特色功能： • 网络功能 • 负载均衡 • 网络安全 • 可观察性 • 多集群连通 注：本 PPT 基于 cilium v1.10.4 进行分析 ��������������� ��������������� �������������������� �������������������� �������������������� 、 sendmsg、 recvmsg 、getpeername 、 bind等系统调用，实现 service 的地址解 析，并且伪装通信目的地址，让上层应用 无感知 DNAT 的发生 效果： • 集群内访问nodePort、LoadBalancer 的service时，能够减少数据包转发跳 数，极大提高网络性能 • 相比传统 iptables 等 技术，降低了访 问延时。例如在相同环境下，service

Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging Building Container Images Developer images Official

the Cilium architecture and how these components integrate with existing architectures, such as Kubernetes. Installation : Details instructions for installing, configuring, and troubleshooting Cilium in Datapath Scale Kubernetes Integration Getting Help FAQ Slack GitHub Security Bugs Integrations Kubernetes Introduction Concepts Requirements Configuration Network Policy Endpoint CRD Kubernetes Compatibility Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Kubernetes Endpoint Lifecycle Troubleshooting Monitoring & Metrics Installation cilium-agent cilium-operator

Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging Building Container Images Developer images Official

Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging Building Container Images Developer images Official

the Cilium architecture and how these components integrate with existing architectures, such as Kubernetes. Installation : Details instructions for installing, configuring, and troubleshooting Cilium in Datapath Scale Kubernetes Integration Getting Help FAQ Slack GitHub Security Bugs Integrations Kubernetes Introduction Concepts Requirements Configuration Network Policy Endpoint CRD Kubernetes Compatibility Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Kubernetes Endpoint Lifecycle Troubleshooting L7 Protocol Visibility API Rate Limiting Default Rate Limits

Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Security Bugs Operations Layer 3 Examples Layer 4 Examples Layer 7 Examples Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: Command Reference cilium-agent cilium cilium-health cilium-operator cilium-operator-aws

the Cilium architecture and how these components integrate with exis�ng architectures, such as Kubernetes. Installa�on : Details instruc�ons for installing, configuring, and troubleshoo�ng Cilium in different Datapath Scale Kubernetes Integra�on Ge�ng Help FAQ Slack GitHub Security Bugs Integra�ons Kubernetes Introduc�on Concepts Requirements Configura�on Network Policy Endpoint CRD Kubernetes Compa�bility Troubleshoo�ng Layer 3 Examples Layer 4 Examples Layer 7 Examples Kubernetes Endpoint Lifecycle Troubleshoo�ng Monitoring & Metrics Exported Metrics Cilium as a Kubernetes pod Cilium as a host-agent on a node Troubleshoo�ng