Member-only story
K8s: Network Policy Made Simple With Cilium Editor
An intuitive graphical tool to define complex network policies
Cilium, the eBPF-based networking solution, just released a web editor to facilitate the creation of Kubernetes network policies. In this article, we will demo the tool and use it to define a sample network policy.
A Quick Presentation of Cilium and eBPF
“Cilium is an open source project that has been designed on top of eBPF to address the networking, security, and visibility requirements of container workloads. It provides a high-level abstraction on top of eBPF.” — Cilium blog
Cilium has a wide application domain and is commonly used as a CNI plugin in Kubernetes, as illustrated in the following schema:
Cilium is based on eBPF (Extended Berkeley Packet Filter), a technology merged into the Linux Kernel a couple of years ago that has known an impressive evolution and adoption since then. eBPF is a general-purpose technology that can be used in areas such as networking, tracing, security, profiling, and observability. It allows users to inject code into the Linux kernel and have it triggered by different kinds of events.
Here is what Brendan D. Gregg of Netflix has said about eBPF:
“Superpowers have finally come to Linux.” — Gregg at linux.conf.au
“eBPF does to Linux what JavaScript does to HTML.” — Gregg’s blog
eBPF is often seen as a revolutionary technology and is already used as the networking data plane in several Kubernetes-managed solutions, thus ensuring communication between pods and load balancing. A Cilium eBPF approach can, for example, be used in place of kube-proxy in a Kubernetes cluster.
Gregg’s website is a really great resource if you want to know everything about eBPF (among many other things).
