Cilium Transparent Encryption with IPSec and WireGuard

Encryption is required for many compliance frameworks. Kubernetes doesn’t natively offer pod-to-pod encryption. To offer encryption capabilities, it’s often required to implement it directly into your applications or deploy a Service Mesh. Both options add complexity and operational headaches.

Cilium actually provides two options to encrypt traffic between Cilium-managed endpoints: IPsec and WireGuard. In this lab, you will be installing and testing both features and will get to experience how easy it is to encrypt data in transit with Cilium.

DifficultyIntermediate
VersionOpen Source
TopicsSecurity
Products

Main steps in the lab

01 🚀 The Lab Environment

Explore the lab's environment

02 ⬢ Transparent Encryption with IPsec on Cilium

Let's install Cilium on the cluster and set up IPsec for Transparent Encryption.

03🔐 Managing Transparent Encryption with IPsec on Cilium

Now that we have installed IPSec, let's look at Day 2 Operations.

04🐲 Cilium WireGuard

Let's encrypt pod-to-pod traffic using Cilium's Transparent Encryption WireGuard feature!

Related labs