Isovalent Library

Cilium on a Private AKS cluster

This tutorial guides you on how to create a private AKS cluster with Isovalent Enterprise for Cilium in a hub and spoke environment with Azure Firewall.

Cilium on a Private AKS cluster
Amit Gupta

Isovalent Enterprise for Tetragon: Deeper Host Network Observability with eBPF

Learn how Tetragon can provide network observability directly from the Kernel. Walkthrough example use-cases such as bandwidth, latency, and DNS monitoring, from the host, from the pod, and also from the binaries running inside of the containers!

Isovalent Enterprise for Tetragon: Deeper Host Network Observability with eBPF
Dean Lewis
LabsCilium

Isovalent Enterprise for Cilium: Multicast

Multicast support in Kubernetes has finally come to Cilium! In this lab, you will discover how to set it up, take advantage of it, and observe multicast traffic in Kubernetes, using Cilium and Tetragon in Isovalent Enterprise.

Cilium in the Cloud – February 2024

In this quarterly update for Feb 2024, learn about all the updates Cilium running in the public and private cloud providers.

Cilium in the Cloud – February 2024
Dean Lewis
LabsCilium

Migrating from Calico

Migrating to Cilium from another CNI is a very common task. But how do we minimize the impact during the migration? How do we ensure pods on the legacy CNI can still communicate to Cilium-managed during pods during the migration? How do we execute the migration safely, while avoiding a overly complex approach or using a separate tool such as Multus? With the use of the new Cilium CRD CiliumNodeConfig, running clusters can be migrated on a node-by-node basis, without disrupting existing traffic or requiring a complete cluster outage or rebuild. In this lab, you will migrate your cluster from Calico to Cilium.

BGP Community Support with Cilium

In this video, learn about a new Cilium 1.15 feature - support for BGP communities!

Nico Vibert
Nico Vibert

Cilium Cluster Mesh in AKS

This tutorial describes the steps of how to enable cilium cluster mesh on an AKS cluster running Isovalent Enterprise for Cilium from Azure Marketplace.

Cilium Cluster Mesh in AKS
Amit Gupta

BGP MD5 Authentication with Cilium

In this video, learn about a new Cilium 1.15 feature - MD5-based authentication of BGP sessions!

Nico Vibert
Nico Vibert

gRPC Routing with Cilium Gateway API

In this video, learn about a new Cilium 1.15 feature - gRPC routing using Cilium Gateway API!

Nico Vibert
Nico Vibert
LabsCilium

Advanced BGP Features

BGP support was initially introduced in Cilium 1.10 and subsequent improvements have been made since, such as the recent introduction of IPv6 support in Cilium 1.12 and Service IP Advertisements in Cilium 1.13. In Cilium 1.14, we introduced more BGP features, including: – BGP Timers Customization – eBGP Multihop – BGP Graceful Restart In Cilium 1.15, the following features are being added: – BGP Peering Security with MD5 – BGP Communities Support In this lab, the user will learn about both these new features and how they can simplify their network connectivity operations.

LabsCilium

BGP on Cilium

Learn how to connect your Kubernetes Clusters with your on-premises network using BGP. As Kubernetes becomes more pervasive in on-premise environments, users increasingly have both traditional applications and Cloud Native applications in their environments. In order to connect them together and allow outside access, a mechanism to integrate Kubernetes and the existing network infrastructure running BGP is needed. Cilium offers native support for BGP, exposing Kubernetes to the outside and all the while simplifying users’ deployments.

Tutorial: Redirect, Rewrite and Mirror HTTP with Cilium Gateway API

In this blog post, learn how you can use Cilium Gateway API to rewrite, redirect and mirror HTTP requests in Kubernetes!

Tutorial: Redirect, Rewrite and Mirror HTTP with Cilium Gateway API
Nico Vibert

Cilium and Azure Arc: solving the multi-cloud cluster manageability conundrum

Cilium and Azure Arc- solving the cluster manageability conundrum

Cilium and Azure Arc: solving the multi-cloud cluster manageability conundrum
Amit Gupta
LabsCilium

Advanced Gateway API Use Cases

This lab is a follow-up to the introductory Cilium Gateway API lab. We highly recommend you do the Cilium Gateway API lab first, if you haven’t done it already. In this one, you will learn about some additional specific use cases for Gateway API: HTTP request & response header rewrite HTTP redirect, rewrite and mirror Cross-namespace routing gRPC routing

LabsCilium

Cilium Gateway API

In this short lab, you will learn about Gateway API, a new Kubernetes standard on how to route traffic into a Kubernetes cluster. The Gateway API is the next generation of the Ingress API. Gateway API addresses some the Ingress limitations by providing an extensible, role-based and generic model to configure advanced L7 traffic routing capabilities into a Kubernetes cluster. In this lab, you will learn how you can use the Cilium Gateway API functionality to route HTTP and HTTPS traffic into your Kubernetes-hosted application, including load balancing / traffic splitting and TLS passthrough or termination.

The value of Cilium backports

Need security fixes or new features in a older Cilium version? That's called a backport. Learn how backports happen in Cilium with live examples!

The value of Cilium backports
Dean Lewis
The value of Cilium backports
Roland Wolters

Isovalent + Cisco: What it Means for Our Customers 

A Note from Dan Wendlandt, CEO & Co-Founder Isovalent, to Current and Future Isovalent Customers

Isovalent + Cisco: What it Means for Our Customers 
Dan Wendlandt

Cisco to Acquire Cloud Native Networking & Security Leader Isovalent

Cisco is excited to announce the intent to acquire Isovalent, founded by creators of eBPF and the team behind Cilium and Tetragon, the leading cloud native solutions leveraging eBPF technology.

Cisco to Acquire Cloud Native Networking & Security Leader Isovalent
Thomas Graf

Container Networking

Isovalent recognized as a leader in Container Networking by GigaOm. This GigaOm Radar report highlights key container networking vendors and their capabilities.

Andrew Green

Deploying Red Hat OpenShift with Cilium

Learn how to deploy Cilium to Red Hat OpenShift Clusters!

Dean Lewis
Dean Lewis
LabsCilium

Cilium LoadBalancer IPAM and L2 Service Announcement

In Cilium 1.13, we introduced support for LoadBalancer IP Address Management (LB-IPAM) and the ability to allocate IP addresses to Kubernetes Services of the type LoadBalancer. Cloud providers natively provide this feature for managed Kubernetes Services and therefore this feature is more one for self-managed Kubernetes deployments or home labs. LB-IPAM works seamlessly with Cilium BGP: the IP addresses allocated by Cilium can be advertised to BGP peers to integrate your cluster with the rest of your network. For users who do not want to use BGP or that just want to make these IP addresses accessible over the local network, we are introducing a new feature called L2 Announcements in Cilium 1.14. When you deploy a L2 Announcement Policy, Cilium will start responding to ARP requests from local clients for ExternalIPs and/or LoadBalancer IPs. Typically, this would have required a tool like MetalLB but Cilium now natively supports this functionality. Try it in this new lab!

LabsCilium

Cilium Egress Gateway

Kubernetes changes the way we think about networking. In an ideal Kubernetes world, the network would be entirely flat and all routing and security between the applications would be controlled by the Pod network, using Network Policies. In many Enterprise environments, though, the applications hosted on Kubernetes need to communicate with workloads living outside the Kubernetes cluster, which are subject to connectivity constraints and security enforcement. Because of the nature of these networks, traditional firewalling usually relies on static IP addresses (or at least IP ranges). This can make it difficult to integrate a Kubernetes cluster, which has a varying —and at times dynamic— number of nodes into such a network. Cilium’s Egress Gateway feature changes this, by allowing you to specify which nodes should be used by a pod in order to reach the outside world.

LabsCilium

Cilium Host Firewall

Ever since its inception, Cilium has supported Kubernetes Network Policies to enforce traffic control to and from pods at L3/L4. But Cilium Network Policies even go even further: by leveraging eBPF, it can provide greater visibility into packets and enforce traffic policies at L7 and can filter traffic based on criteria such as FQDN, protocol (such as kafka, grpc), etc… Creating and manipulating these Network Policies is done declaratively using YAML manifests. What if we could apply the Kubernetes Network Policy operating model to our hosts? Wouldn’t it be nice to have a consistent security model across not just our pods, but also the hosts running the pods? Let’s look at how the Cilium Host Firewall can achieve this. In this lab, we will install SSH on the nodes of a Kind cluster, then create Cluster-wide Network Policies to regulate how the nodes can be accessed using SSH. The Control Plane node will be used as a bastion to access the other nodes in the cluster.

An Introduction to Cilium Cluster Mesh

Raphaël Pinson and Nico Vibert sat down to discuss a detailed introduction as to what Cilium Cluster Mesh is, and how it can be applied to your workload.

Raphel Pinson
Raphel Pinson

An Overview of the Cilium Architecture

Nico Vibert and Raphaël Pinson of Isovalent sat down to discuss some of the finer technical details that make up Cilium's architecture, and how they can be implemented more broadly.

Raphael Pinson
Raphael Pinson

Cilium Hubble Series (Part 3): Hubble and Grafana Better Together

Learn how to get started with Cilium Hubble and the Grafana Integration to gain access to network flows and process ancestry events.

Cilium Hubble Series (Part 3): Hubble and Grafana Better Together
Dean Lewis

A Season Of Cilium: One Surprise Every Day

We now have badges for Isovalent certified Cilium hands-on labs. Collect all four of them over the holidays.

A Season Of Cilium: One Surprise Every Day
Raphaël Pinson
A Season Of Cilium: One Surprise Every Day
Nico Vibert

Isovalent Enterprise for Cilium on EKS & EKS-A in AWS Marketplace

Isovalent Enterprise for Cilium is now available in the AWS marketplace.

Isovalent Enterprise for Cilium on EKS & EKS-A in AWS Marketplace
Amit Gupta
LabsCilium

Cilium Cluster Mesh

With the rise of Kubernetes adoption, an increasing number of clusters is deployed for various needs, and it is becoming common for companies to have clusters running on multiple cloud providers, as well as on-premise. Kubernetes Federation has for a few years brought the promise of connecting these clusters into multi-zone layers, but latency issues are more often than not preventing such architectures. Cilium Cluster Mesh allows you to connect the networks of multiple clusters in such as way that pods in each cluster can discover and access services in all other clusters of the mesh, provided all the clusters run Cilium as their CNI. This allows to effectively join multiple clusters into a large unified network, regardless of the Kubernetes distribution each of them is running. In this lab, we will see how to set up Cilium Cluster Mesh, and the benefits from such an architecture.

Connecting your Kubernetes island to your network with Cilium BGP

In this blog post, learn how to connect your Kubernetes cluster to your network using BGP !

Connecting your Kubernetes island to your network with Cilium BGP
Raymond de Jong

Using Tetragon With Your Existing Kubernetes Container Network Interface

Learn how adopting Tetragon into your existing Kubernetes platform can enhance your security posture and integrate with security observability tooling.

Dean Lewis
Dean Lewis

Tutorial: Deploying Red Hat OpenShift with Cilium

Bringing eBPF-based Networking, Observability, Security to Red Hat OpenShift

Tutorial: Deploying Red Hat OpenShift with Cilium
Dean Lewis
VideosTetragon

Tutorial: Setting Up a Cybersecurity Honeypot with Tetragon to Trigger Canary Tokens

In this deep dive tutorial, learn how to trigger canary tokens from kernel events using Tetragon

Dean Lewis, Isovalent
Dean Lewis

Isovalent, Azure Linux, and Azure Kubernetes Service come together.

Isovalent, Azure Linux and Azure Kubernetes Service come together.

Isovalent, Azure Linux, and Azure Kubernetes Service come together.
Amit Gupta
LabsCilium

Isovalent Enterprise for Cilium: Network Policies

Achieving zero-trust network connectivity via Kubernetes Network Policy is complex as modern applications have many service dependencies (downstream APIs, databases, authentication services, etc.). With the “default deny” model, a missed dependency leads to a broken application. Moreover, the YAML syntax of Network Policy is often difficult for newcomers to understand. This makes writing policies and understanding their expected behavior (once deployed) challenging. Enter Isovalent Enterprise for Cilium: it provides tooling to simplify and automate the creation of Network Policy based on labels and DNS-aware data from Cilium Hubble. APIs enable integration into CI/CD workflows while visualizations help teams understand the expected behavior of a given policy. Collectively, these capabilities dramatically reduce the barrier to entry to creating Network Policies and the ongoing overhead of maintaining them as applications evolve. In this hands-on demo we will walk through some of those challenges and their solutions.

All About The New CNCF Cilium Certified Associate (CCA) Certification!

All About The New CNCF Cilium Certified Associate (CCA) Certification!

All About The New CNCF Cilium Certified Associate (CCA) Certification!
Liz Rice
All About The New CNCF Cilium Certified Associate (CCA) Certification!
Nico Vibert

The Illustrated Children’s Guide to eBPF

The kids book by Quentin and Bill is now available.

Bill Mulligan, Quentin Monnet
LabsCilium

Discovery: Platform Engineer

In this short hands-on discovery lab designed for Platform and DevOps Engineers, you will learn, in 15 minutes, several Cilium features, including: Observability Built-in Ingress and Gateway API Performance Monitoring Integration with Grafana And more!

Tetragon 1.0: Kubernetes Security Observability & Runtime Enforcement with eBPF

Tetragon 1.0 - What is new? Performance overhead benchmarks, default observability policies, kubectl exec monitoring, and much more!

Tetragon 1.0: Kubernetes Security Observability & Runtime Enforcement with eBPF
Thomas Graf
LabsCilium

Discovery: Cloud Network Engineer

In this short hands-on discovery lab designed for Cloud Network Engineers, you will learn, in 15 minutes, several Cilium networking features, including:   Dual Stack IPv4/IPv6 support with Cilium BGP Load-Balancer IPAM L2 Service Announcement Egress Gateway And more!

LabsCilium

Discovery: SecOps Engineer

In this short hands-on discovery lab designed for SecOps Engineers, you will learn, in 15 minutes, several Cilium and Tetragon security features, including: Network Observability Network Policies Transparent Encryption Mutual Authentication Runtime Security Visibility and Enforcement with Tetragon and more!

What is Kube-Proxy and why move from iptables to eBPF? 

What is kube-proxy and why are platform teams moving from iptables to eBPF?

What is Kube-Proxy and why move from iptables to eBPF? 
Jeremy Colvin
LabsCilium

Isovalent Enterprise for Cilium: Cilium Multi-Networking

Kubernetes is built on the premise that a Pod should belong to a single network. While this approach may work for the majority of use cases, enterprise and telco often require a more sophisticated and flexible networking model. There are many use cases where a Pod may require attachments to multiple networks with different properties via different interfaces. With Cilium Multi-Networking, you can connect your Pod to multiple networks, without having to compromise on security and observability. Start this interactive hands-on lab to experience the benefits of Cilium Multi-Networking.

All Azure Network plugins lead to Cilium

This tutorial will outline how to upgrade your existing clusters in AKS using different network plugins to Azure CNI powered by Cilium. 

All Azure Network plugins lead to Cilium
Amit Gupta

Mutual Authentication with Cilium

mTLS and Mutual Authentication are key security requirements for micro-services running in Kubernetes. The easiest way to run Mutual Authentication? Cilium.

Nico Vibert
Nico Vibert

Layer 2 Announcements with Cilium

In this video, learn about a brand new Cilium feature, released in Cilium 1.14: the ability to announce Services over Layer 2!

Nico Vibert

Tutorial: Setting Up a Cybersecurity Honeypot with Tetragon to Trigger Canary Tokens

Learn how to trigger Canary Tokens with Tetragon Tracing Policies.

Tutorial: Setting Up a Cybersecurity Honeypot with Tetragon to Trigger Canary Tokens
Dean Lewis
LabsCilium

Cilium BIG TCP

BIG TCP – a revolutionary networking technology – is now available with Cilium to provide enhanced network performances for your nodes. In this interactive hands-on lab, you will learn how BIG TCP can improve throughput by 40-50% in your network.

Can I use Tetragon without Cilium?

[28:00] Learn how Tetragon enables powerful realtime, eBPF-based Security Observability and Runtime Enforcement - all without Cilium!

Dean Lewis, Isovalent
Dean Lewis

Cilium in EKS-Anywhere

This tutorial will do a deep dive into how to bring up an EKS-A cluster then upgrading the embedded Cilium with either Cilium OSS or Cilium Enterprise to unlock more features

Cilium in EKS-Anywhere
Amit Gupta

Tutorial: How to Use Cilium Hubble for Observability in CNI Chaining Mode (Part 1)

Not ready to replace your Kubernetes CNI? Gain eBPF powered network observability with Hubble using CNI Chaining mode!

Tutorial: How to Use Cilium Hubble for Observability in CNI Chaining Mode (Part 1)
Jef Spaleta

Next-Generation Observability with eBPF

What is needed for next-generation Observability and how eBPF can supercharge it.

Next-Generation Observability with eBPF
Christopher Lentricchia

Can I Use Tetragon without Cilium? Yes!

Can you use Tetragon without Cilium? Yes you can! Learn how in this tutorial based walkthrough, get up & running in your environment today!

Can I Use Tetragon without Cilium? Yes!
Dean Lewis

BIG TCP over IPv4 with Cilium

[11:30] In this video, learn about a new feature - Cilium BGP TCP ! After BIG TCP for IPv6 support was introduced in Cilium 1.13, BIG TCP for IPv4 is now available with Cilium 1.14 !

Nico Vibert
Nico Vibert