What is Cilium?

Architecture

Cilium comprises four key components: the Cilium agent, the Cilium client command line tool, the Cilium operator, and the Cilium CNI plugin. The agent, running on all cluster nodes, configures networking, load balancing, policies, and monitoring via Kubernetes or APIs that describe networking, service load-balancing, network policies, and visibility & monitoring requirements. The client tool, bundled with the agent, inspects and manages the local agent's status, offering direct access to eBPF maps. The operator centrally manages cluster tasks, handling them collectively rather than per node. The CNI plugin, invoked by Kubernetes during pod scheduling or termination, interacts with the node's Cilium API to configure necessary datapaths for networking, load balancing, and network policies.

Get Hands-On With Cilium

  • Documentation & Tutorials

    Documentation & Tutorials

    Quickly get started with Cilium. Read the documentation or use our interactive tutorial in a live environment.

  • Interactive Labs

    Interactive Labs

    Deep dive into Cilium and its features with labs provided by companies within the Cilium ecosystem

We are proud to be a CNCF Graduation level project

Learn about Cilium & eBPF

  • 10min Introduction to Cilium

    10min Introduction to Cilium

    Liz Rice and Thomas Graf answer the most popular questions about Cilium, its creation and the problems it solves

  • The Future of eBPF based Networking and Security

    The Future of eBPF based Networking and Security

    eBPF Summit 2020, Thomas Graf, Cilium Co-Creator, CTO & Co-Founder Isovalent

  • Understanding Cilium Network Performance

    Understanding Cilium Network Performance

    Explore the performance characteristics of Cilium based on extensive benchmarks

  • Related Projects

    Hubble

    Hubble is a fully distributed networking and security observability platform for cloud native workloads. Hubble is open source software and built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.

    Learn more

    Tetragon

    Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF, allowing for reduced observation overhead, tracking of any process, and real-time enforcement of policies.

    Learn more

    Network Policy Editor

    Over the years, we have learned a lot about the common challenges while working with many of you in the Cilium community implementing Kubernetes Network Policy. Networkpolicy.io is a free tool to assist you in your journey to assist you with Kubernetes NetworkPolicy.

    Learn more

    eBPF Library for Go

    eBPF is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.

    Learn more

    AWS picks Cilium for Networking & Security on EKS Anywhere

    Google chooses Cilium for Google Kubernetes Engine (GKE) networking

    Bell uses Cilium and eBPF for telco networking

    Sky uses Cilium as their CNI and for network security

    What Makes a Good Multi-tenant Kubernetes Solution

    Building a Secure and Maintainable PaaS

    How Datadog uses Cilium

    Kubernetes Network Policies in Action with Cilium