Cilium Transparent Encryption with IPSec and WireGuard

Encryption is required for many compliance frameworks. Kubernetes doesn’t natively offer pod-to-pod encryption. To offer encryption capabilities, it’s often required to implement it directly into your applications or deploy a Service Mesh. Both options add complexity and operational headaches.

Cilium actually provides two options to encrypt traffic between Cilium-managed endpoints: IPsec and WireGuard. In this lab, you will be installing and testing both features and will get to experience how easy it is to encrypt data in transit with Cilium.

You will also see how to encrypt specific pod-to-pod traffic using Isovalent Enterprise for Cilium.

DifficultyIntermediate

VersionOpen Source

TopicsSecurity

Project

Main steps in the lab

01🚀 The Lab Environment

Explore the lab's environment

02 ⬢ Transparent Encryption with IPsec on Cilium

Install Cilium with IPsec and learn how to rotate keys.

03🔐 Transparent Encryption with WireGuard on Cilium

Install Cilium with WireGuard and understand the differences with the IPsec option.

04🐲 Selective Encryption with Isovalent Enterprise for Cilium

Let's encrypt specific pod-to-pod traffic using Selective Encryption.