Cilium - eBPF-based Networking, Security, and Observability

  •        323

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes.

A new Linux kernel technology called eBPF is at the foundation of Cilium. It supports dynamic insertion of eBPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. eBPF is highly efficient and flexible.

https://github.com/cilium/cilium
https://cilium.io/

Tags
Implementation
License
Platform

   




Related Projects

Apache APISIX - Dynamic, real-time, high-performance API gateway

  •    Lua

Apache APISIX is a dynamic, real-time, high-performance API gateway. APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. You can use Apache APISIX to handle traditional north-south traffic, as well as east-west traffic between services. It can also be used as a k8s ingress controller.

amazon-vpc-cni-k8s - Networking plugin repository for pod networking in Kubernetes using Elastic Network Interfaces on AWS

  •    Go

Networking plugin for pod networking in Kubernetes using Elastic Network Interfaces on AWS. Alpha This is an experimental release as part of the Amazon EKS Preview. Interfaces and functionality may change. Expect bugs (and please help us squash them). DO NOT use for production workloads.

bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

  •    Python

BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known as eBPF, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Linux 4.1 and above. One of the more interesting features in this cycle is the ability to attach eBPF programs (user-defined, sandboxed bytecode executed by the kernel) to kprobes. This allows user-defined instrumentation on a live kernel image that can never crash, hang or interfere with the kernel negatively.

multus-cni - Multi-homed pod cni

  •    Go

Please check the CNI documentation for more information on container networking. Multus may be deployed as a Daemonset, and is provided in this guide along with Flannel. Flannel is deployed as a pod-to-pod network that is used as our "default network". Each network attachment is made in addition to this default network.

kubeadm-ha - Kubernetes high availiability deploy based on kubeadm (for v1

  •    Smarty

kube-apiserver: exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. It is designed to scale horizontally – that is, it scales by deploying more instances. etcd: is used as Kubernetes’ backing store. All cluster data is stored here. Always have a backup plan for etcd’s data for your Kubernetes cluster. kube-scheduler: watches newly created pods that have no node assigned, and selects a node for them to run on. kube-controller-manager: runs controllers, which are the background threads that handle routine tasks in the cluster. Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. kubelet: is the primary node agent. It watches for pods that have been assigned to its node (either by apiserver or via local configuration file) kube-proxy: enables the Kubernetes service abstraction by maintaining network rules on the host and performing connection forwarding. keepalived cluster config a virtual IP address (192.168.20.10), this virtual IP address point to k8s-master01, k8s-master02, k8s-master03. nginx service as the load balancer of k8s-master01, k8s-master02, k8s-master03's apiserver. The other nodes kubernetes services connect the keepalived virtual ip address (192.168.20.10) and nginx exposed port (16443) to communicate with the master cluster's apiservers.


aws-load-balancer-controller - A Kubernetes controller for Elastic Load Balancers

  •    Go

AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This project was formerly known as "AWS ALB Ingress Controller", we rebranded it to be "AWS Load Balancer Controller".

cni - Container Network Interface - networking for Linux containers

  •    Go

There is a community sync meeting for users and developers every 1-2 months. The next meeting will help on a Google Hangout and the link is in the agenda (Notes from previous meeting are also in this doc). The next meeting will be held on Wednesday, January 30th, 2019 at 4:00pm UTC / 11:00am EDT / 8:00am PDT Add to Calendar.

Katran - A high performance layer 4 load balancer

  •    C++

Katran is a C++ library and BPF program to build high-performance layer 4 load balancing forwarding plane. Katran leverages XDP infrastructure from the kernel to provide an in-kernel facility for fast packet's processing.

kube-ovn - An OVN-based Kubernetes Network Fabric for Enterprises

  •    Go

Kube-OVN integrates the OVN-based Network Virtualization with Kubernetes. It offers an advanced Container Network Fabric for Enterprises. The Switch, Router, Firewall showed in the diagram below are all distributed on all Nodes. There is no single point of failure for in cluster network.

apisix-ingress-controller - ingress controller for K8s

  •    Go

Use Apache APISIX for Kubernetes Ingress. All configurations in apisix-ingress-controller are defined with Kubernetes CRDs (Custom Resource Definitions). Support configuring plugins, service registration discovery mechanism for upstreams, load balancing and more in Apache APISIX.

netdata - Real-time performance monitoring, done right! https://www.netdata.cloud

  •    C

Netdata's distributed, real-time monitoring Agent collects thousands of metrics from systems, hardware, containers, and applications with zero configuration. It runs permanently on all your physical/virtual servers, containers, cloud deployments, and edge/IoT devices, and is perfectly safe to install on your systems mid-incident without any preparation. You can install Netdata on most Linux distributions (Ubuntu, Debian, CentOS, and more), container platforms (Kubernetes clusters, Docker), and many other operating systems (FreeBSD, macOS). No sudo required.

kURL - Production-grade, airgapped Kubernetes installer combining upstream k8s with overlays and popular components

  •    Shell

kURL is a Kubernetes installer for airgapped and online clusters. kURL relies on kubeadm to bring up the Kubernetes control plane, but there are a variety of tasks a system administrator must perform both before and after running kubeadm init in order to have a production-ready Kubernetes cluster, such as installing Docker, configuring Pod networking, or installing kubeadm itself. The purpose of this installer is to automate those tasks so that any user can deploy a Kubernetes cluster with a single script.

Lens - The Kubernetes IDE

  •    Typescript

Lens is an IDE designed for those who work with Kubernetes on a daily basis. It can explore and navigate Kubernetes clusters without having to learn kubectl commands, Inspect live statistics, events, and log streams in real-time. No spinners, refreshing or waiting for screens to update, Using EKS, AKS, GKE, Minikube, Rancher, k0s, k3s, OpenShift... ? They all work. Simply import the kubeconfigs for the clusters you want to work with.

bpfd - Framework for running BPF programs with rules on Linux as a daemon. Container aware.

  •    Go

Framework for running BPF tracers with rules on Linux as a daemon. Container aware. This is not just "yet another tool to trace"...

kubectl-trace - Schedule bpftrace programs on your kubernetes cluster using the kubectl

  •    Go

kubectl trace is a kubectl plugin that allows you to schedule the execution of bpftrace programs in your Kubernetes cluster. You can't find the package for your distro of choice? You are very welcome and encouraged to create it and then open an issue to inform us for review.

kubefwd - Bulk port forwarding Kubernetes services for local development.

  •    Go

Read Kubernetes Port Forwarding for Local Development for background and a detailed guide to kubefwd. kubefwd is a command line utility built to port forward some or all pods within a Kubernetes namespace. kubefwd uses the same port exposed by the service and forwards it from a loopback IP address on your local workstation. kubefwd temporally adds domain entries to your /etc/hosts file with the service names it forwards.

Envoy - C++ front/service proxy

  •    C++

As on the ground microservice practitioners quickly realize, the majority of operational problems that arise when moving to a distributed architecture are ultimately grounded in two areas: networking and observability. It is simply an orders of magnitude larger problem to network and debug a set of intertwined distributed services versus a single monolithic application.

pipeline - Pipeline enables developers to go from commit to scale in minutes by turning Kubernetes into a feature rich application platform integrating CI/CD, centralized logging, monitoring, enterprise-grade security and autoscaling

  •    Go

Banzai Pipeline, or simply Pipeline is a tabletop reef break located in Hawaii, Oahu's North Shore. The most famous and infamous reef in the universe is the benchmark by which all other waves are measured. Pipeline enables developers to go from commit to scale in minutes by turning Kubernetes into a feature rich application platform integrating CI/CD, centralized logging, monitoring, enterprise-grade security, cost management and autoscaling.

kube-router - Kube-router, a turnkey solution for Kubernetes networking.

  •    Go

Kube-router is a turnkey solution for Kubernetes networking with aim to provide operational simplicity and high performance.kube-router does it all.

kubernetes-security-best-practice - Kubernetes Security - Best Practice Guide

  •    

This document acts as a best practice guide to Kubernetes security. K8s is a powerful platform which can be abused in many ways if not configured properly. The authors of this guide are running Kubernetes in production and worked on several K8s projects to learn about security flaws the hard way. The severity or importance of each topic is indicated by an emoji in the topic name.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.