Isovalent Library

Labs

Cilium BIG TCP

BIG TCP – a revolutionary networking technology – is now available with Cilium to provide enhanced network performances for your nodes. In this lab, you will learn how BIG TCP can improve throughput by 40-50% in your network. Try it to learn more!

Videos

Can I use Tetragon without Cilium?

[28:00] Learn how Tetragon enables powerful realtime, eBPF-based Security Observability and Runtime Enforcement - all without Cilium!

Dean Lewis
Dean Lewis
Blogs

Cilium in EKS-Anywhere

This tutorial will do a deep dive into how to bring up an EKS-A cluster then upgrading the embedded Cilium with either Cilium OSS or Cilium Enterprise to unlock more features

Amit Gupta
Amit Gupta
Blogs

Tutorial: How to Use Cilium Hubble for Observability in CNI Chaining Mode (Part 1)

Not ready to replace your Kubernetes CNI? Gain eBPF powered network observability with Hubble using CNI Chaining mode!

Jef Spaleta
Jef Spaleta
Blogs

Next-Generation Observability with eBPF

What is needed for next-generation Observability and how eBPF can supercharge it.

Christopher Lentricchia
Christopher Lentricchia
Blogs

Can I Use Tetragon without Cilium? Yes!

Can you use Tetragon without Cilium? Yes you can! Learn how in this tutorial based walkthrough, get up & running in your environment today!

Dean Lewis
Dean Lewis
Videos

BIG TCP over IPv4 with Cilium

[11:30] In this video, learn about a new feature - Cilium BGP TCP ! After BIG TCP for IPv6 support was introduced in Cilium 1.13, BIG TCP for IPv4 is now available with Cilium 1.14 !

Nico Vibert
Nico Vibert
Labs

Learning eBPF Tutorial

In this interactive tutorial, learn eBPF with Liz Rice! Learn how to write your first eBPF Hello World program and dive into all the key concepts and tools of eBPF such as eBPF maps, bytecode, bpftool, xdp and the eBPF verifier.

Blogs

Cilium Hubble Cheatsheet – Kubernetes Network Observability in a Nutshell

Getting started with Cilium Hubble, the observability tooling, is now easier with our Cheat Sheet and CLI walkthrough video.

Dean Lewis
Dean Lewis
Videos

What is eBPF?

[01:39] In this quick tutorial, the CTO and Cofounder of Isovalent, Thomas Graf walks through how eBPF came to be, and how it can be utilized in various ways.

Thomas Graf
Thomas Graf
Videos

Cilium Hubble CLI Walkthrough

[16:00] In this video we give you a deep dive of using the Cilium Hubble CLI, looking at how to filter and view specific flows of data, as well as exporting and importing your chosen workload flows between systems.

Dean Lewis
Dean Lewis
Videos

Multihoming with Cilium 1.14

[00:50] In this video, the CTO and Cofounder of Isovalent Thomas Graf, briefly walks through how Cilium 1.14 integrates multihoming capabilities.

Thomas Graf
Thomas Graf
Videos

Multi-Pool IPAM mode in Cilium 1.14

[00:53] Thomas Graf, CTO and Cofounder of Isovalent, walks through the multi-pool IPAM mode update which has come to Cilium's 1.14 update.

Thomas Graf
Thomas Graf
Videos

What is Cilium ?

[01:04] Thomas Graf, Cilium's co-creator as well as Isovalent's co-founder and CTO, provides a quick explanation of what Cilium is.

Thomas Graf
Thomas Graf
Videos

Cilium Gateway API – TLS Passthrough

[10:48] In this video, learn about a new Cilium 1.14 Feature - support for the Gateway API TLSRoute resource and the ability to support end-to-end encryption with TLS Passthrough!

Nico Vibert
Nico Vibert
Videos

Cilium 1.14 Feature: eBGP Multihop

[06:42] In this video, Nico Vibert explains what eBGP Multihop is and how you can use it with Cilium 1.14!

Nico Vibert
Nico Vibert
Videos

Mutual Authentication on Cilium 1.14

[01:49] In this short video, Isovalent co-founder and CTO Thomas Graf explains what's different about Mutual Authentication with Cilium 1.14.

Thomas Graf
Thomas Graf
Blogs

Cilium 1.14 – Effortless Mutual Authentication, Service Mesh, Networking Beyond Kubernetes, High-Scale Multi-Cluster, and Much More

Cilium 1.14 - Effortless Mutual Authentication, Service Mesh, networking beyond Kubernetes, high-scale multi-cluster, and much more

Thomas Graf
Thomas Graf
Labs

Cilium LoadBalancer IPAM and L2 Service Announcement

In Cilium 1.13, we introduced support for LoadBalancer IP Address Management (LB-IPAM) and the ability to allocate IP addresses to Kubernetes Services of the type LoadBalancer. Cloud providers natively provide this feature for managed Kubernetes Services and therefore this feature is more one for self-managed Kubernetes deployments or home labs. LB-IPAM works seamlessly with Cilium BGP: the IP addresses allocated by Cilium can be advertised to BGP peers to integrate your cluster with the rest of your network. For users who do not want to use BGP or that just want to make these IP addresses accessible over the local network, we are introducing a new feature called L2 Announcements in Cilium 1.14. When you deploy a L2 Announcement Policy, Cilium will start responding to ARP requests from local clients for ExternalIPs and/or LoadBalancer IPs. Typically, this would have required a tool like MetalLB but Cilium now natively supports this functionality. Try it in this new lab!

Labs

Advanced BGP Features

BGP support was initially introduced in Cilium 1.10 and subsequent improvements have been made since, such as the recent introduction of IPv6 support in Cilium 1.12 and Service IP Advertisements in Cilium 1.13. Improvements are continuing in Cilium 1.14 with the introduction of BGP timers, eBGP multihop and BGP Graceful restart! In this lab, the user will learn about both these new features and how they can simplify their network connectivity operations.

Labs

Mutual Authentication with Cilium

Introduced in Cilium 1.14 is support for a much-requested feature: mutual authentication. From its inception, we looked at delivering an optimal effortless user experience to achieve mutual authentication. The result is simple: add 2 lines of YAML to your Cilium Network Policy, and that’s it – your workload communication is now secured with a mutual TLS handshake. Try it in this new Star Wars-inspired lab!

Videos

Cilium 1.14 Feature: Envoy as a Daemonset

[07:02] In this video, learn about a new Cilium 1.14 feature - Envoy can now be deployed as a DaemonSet instead of embedded inside Cilium. Watch the video to learn more!

Nico Vibert
Nico Vibert
Blogs

Hubble Series (Part 2): Cilium Hubble for the Enterprise

Learn all about Hubble for the Enterprise

Dean Lewis
Dean Lewis
Labs

Isovalent Enterprise for Cilium: Connectivity Visibility with Hubble

This lab provides an introduction to Isovalent Enterprise for Cilium capabilities related to connectivity observability. This track primarily focuses on Hubble Flow events that provide label-aware, DNS-aware, and API-aware visibility for network connectivity within a Kubernetes environment using Hubble CLI, Hubble UI and Hubble Timescape, which provides historical data for troubleshooting.

Labs

Isovalent Enterprise for Cilium: Security Visibility

In this scenario, we are going to simulate the exploitation of a nodejs application, with the attacker spawning a reverse shell inside of a container and moving laterally within the Kubernetes environment.   We will demonstrate how the combined Process and Network Event Data: identify the suspicious Late Process Execution tie the suspicious processes to a randomly generated External Domain Name trace the Lateral Movement and Data Exfiltration of the attacker post-exploit

Labs

Cilium Transparent Encryption with IPSec and WireGuard

Encryption is required for many compliance frameworks. Kubernetes doesn’t natively offer pod-to-pod encryption. To offer encryption capabilities, it’s often required to implement it directly into your applications or deploy a Service Mesh. Both options add complexity and operational headaches. Cilium actually provides two options to encrypt traffic between Cilium-managed endpoints: IPsec and WireGuard. In this lab, you will be installing and testing both features and will get to experience how easy it is to encrypt data in transit with Cilium.

Videos

WireGuard Improvement in 1.14 – Support for L7 Policies

[07:46] In this video, learn about a new Cilium 1.14 feature - support for WireGuard alongside L7 Network Policies!

Nico Vibert
Nico Vibert
Blogs

Cilium on AKS using ARM templates

In this tutorial, users will learn how to enable advanced features provided by Isovalent using ARM (Azure Resource Manager) templates & Azure CLI from the Azure Marketplace.

Amit Gupta
Amit Gupta
Videos

Cilium Custom BGP Timers

[07:43] In this video, join Nico Vibert as he teaches you how to customize BGP timers using Cilium 1.14 !

Nico Vibert
Nico Vibert
Videos

Cilium BGP Graceful Restart

[09:15] In this video, Nico Vibert teaches you about BGP Graceful Restart with Cilium, and how the datapath continues to forward traffic during Agent restart, so there is no traffic disruption!

Nico Vibert
Nico Vibert
Labs

Getting Started with Tetragon

Security Observability is a new paradigm that utilizes eBPF, a Linux kernel technology, to allow Security and DevOps teams, SREs, Cloud Engineers, and Solution Architects to gain real-time visibility into Kubernetes and helps to secure your production environment with Tetragon. Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team. The best way to learn about Security Observability and Cilium Tetragon is to read the book “Security Observability with eBPF” by Jed Salazar and Natalia Reka Ivanko. And the best way to have your first experience with Tetragon is to walk through this lab, which takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!

Videos

Grafana Network Observability + Hubble

[14:57] In this demo, learn how you can gain network observability by using Grafana, Cilium and Hubble!

Anna Kapuścińska
Anna Kapuścińska
Blogs

Tutorial: How to Migrate to Cilium (Part 1)

In this series, learn how you can migrate to Cilium! First, let's learn about the migration approach and walk through an example migrating from Flannel to Cilium.

Nico Vibert
Nico Vibert
Blogs

Cilium Hubble Series (Part 1): Re-introducing Hubble

In this first post in this new Hubble series, learn about the Why/What/How of Hubble!

Nico Vibert
Nico Vibert
Blogs

Cilium on AKS in Azure Marketplace

In this tutorial, users will learn how to deploy Isovalent Enterprise for Cilium on your AKS cluster from Azure Marketplace on a new cluster and also upgrade an existing cluster from an AKS cluster running Azure CNI powered by Cilium to Isovalent Enterprise for Cilium.

Amit Gupta
Amit Gupta
Labs

Golden Signals with Hubble and Grafana

One of the most important thing when running applications in an environment like Kubernetes is to have good observability and deep insights. However, for many organizations it can be challenging to update existing applications to provide the observability you need. With Cilium, you can use the Hubble Layer 7 visibility functionality to get Prometheus metrics for your application without having to modify it at all. In this lab you will learn how Cilium can provide metrics for an existing application with and without tracing functionality, and how you can use Grafana dashboards provided by Cilium to gain insight into how your application is behaving.

Blogs

Zero Trust Security with Cilium and eBPF

How Cilium implements a range of security features to enforce Zero Trust Security principles.

Amit Gupta
Amit Gupta
Blogs

Isovalent Enterprise for Cilium 1.13: SRv6 L3VPN, Overlapping CIDR Support, FromFQDN in Network Policy, Grafana plugin and more!

We are proud to announce Isovalent Enterprise for Cilium 1.13! Includes support for SRv6, ClusterMesh for overlapping CIDRs and much more!

Nico Vibert
Nico Vibert
Blogs

Tutorial: Cross-Namespace Routing with Cilium Gateway API

In this short tutorial, learn how you can centralize management of your Cilium Gateway API resources using cross-namespace routing.

Nico Vibert
Nico Vibert
Videos

FromFQDN Support in Cilium Network Policy with Isovalent Enterprise for Cilium 1.13

[06:00] In this new feature exclusive to Isovalent Cilium Enterprise 1.13.2, users can now filter traffic in ingress based on FQDN!

Nico Vibert
Nico Vibert
Labs

Advanced Gateway API Use Cases

This lab is a follow-up to the introductory Cilium Gateway API lab. We highly recommend you do the Cilium Gateway API lab first, if you haven’t done it already. In this one, you will learn about some additional specific use cases for Gateway API: Traffic splitting HTTP request header rewrite HTTP response header rewrite TLS Passthrough Cross-namespace routing

Blogs

Cilium Mesh – One Mesh to Connect Them All

Cilium Mesh - One Mesh to Connect Them All. Connect Kubernetes, VMs, and Servers across Cloud, On-Prem, and Edge.

Thomas Graf
Thomas Graf
Labs

Migrating to Cilium

Migrating to Cilium from another CNI is a very common task. But how do we minimize the impact during the migration? How do we ensure pods on the legacy CNI can still communicate to Cilium-managed during pods during the migration? How do we execute the migration safely, while avoiding a overly complex approach or using a separate tool such as Multus? With the use of the new Cilium CRD CiliumNodeConfig, running clusters can be migrated on a node-by-node basis, without disrupting existing traffic or requiring a complete cluster outage or rebuild. In this lab, you will migrate your cluster from an existing CNI to Cilium. While we use Flannel in this simple lab, you can leverage the same approach for other CNIs.

Videos

How to supercharge Red Hat OpenShift with eBPF using Cilium

[54:56] In this video, Thomas Graf (Isovalent CTO and Co-Founder and co-creator of Cilium) and Brandon Jozsa (Associate Principal SA at Red Hat) present the core concepts of eBPF and Cilium and why and how you might want to use it on your Red Hat OpenShift Environment.

Thomas Graf
Thomas Graf
Videos

Cilium Gateway API – HTTP Response Header Modifier

[05:50] In this short demo, we look at how the Cilium Gateway API can add, remove or edit HTTP Headers from responses to HTTP requests.

Nico Vibert
Nico Vibert
Analyst Reports

Isovalent Named Leader In GigaOm Radar Report For Cloud Networking

Isovalent recognized as a leader in Cloud Networking by GigaOm. This GigaOm Radar report highlights key cloud networking vendors and their capabilities.

Andrew Green
Videos

Back to Basics – L7 Flow Visibility

[07:26] In this short demo, we look at the 2 options to achieve Layer 7 flow observability using Cilium and Hubble.

Nico Vibert
Nico Vibert
Videos

Back to Basics – Hubble UI

[03:33] In this short demo, Senior Technical Marketing Engineer Nico Vibert revisits the Hubble UI and how a Service Map can be automatically build for your micro-services applications running on a Cilium-managed network.

Nico Vibert
Nico Vibert
Videos

Cilium 1.12 Release Webinar

[52:41] Join Thomas Graf, CTO and Co-Founder of Isovalent to learn more about the latest and greatest open source and enterprise features of Isovalent Cilium Enterprise 1.12.

Thomas Graf
Thomas Graf
Blogs

A Deep Dive into Cilium Gateway API: The Future of Ingress Traffic Routing

In this blog post, learn what the Cilium Gateway API is and how the Gateway API project came to be and the issues it solves.

Nico Vibert
Nico Vibert
Blogs

Tutorial: Getting Started with the Cilium Gateway API

In this tutorial, you will learn how to install, configure and manage the Cilium Gateway API to route traffic into your Kubernetes cluster.

Nico Vibert
Nico Vibert
Videos

Network Observability for OpenShift with Isovalent Cilium Enterprise

[06:01] In this demo presented by Isovalent EMEA Field CTO Raymond de Jong, learn more network connectivity and security on RedHat OpenShift clusters, using Isovalent's Enterprise distribution of Cilium.

Raymond de Jong
Raymond de Jong