Isovalent Library

在这本由Isovalent Nico Vibert 写的新书中，你将会以网络工程师的视角了解Kubernetes网络和Cilium。

Cilium provides a high–performance platform for IPv6, with features such as NAT46/64 to enable co-existence between IPv4 and IPv6

Super-charge your Kubernetes cluster networking with Cilium - no need to rely on a legacy technology like iptables: use eBPF instead!

Hubble Timescape: an observability and analytics platform to store & query observability data that Cilium and Hubble collect.

Cilium is designed to enable portability across multi-cloud and hybrid clouds and provide developers with observability and security.

Seamlessly connect your kubernetes clusters together with Cluster Mesh while enabling cross-cluster service discovery.

Traffic encryption without changing your existing applications or deploying a service mesh.

Gain critical insight into network events together with app level telemetry by forwarding flows to OpenTelemetry sidecar-free. Access distributed tracing, metrics, and logs, without the complexity and performance impact of sidecar-based approaches.

Present a group of cloud native workloads from a stable IP address to integrate with traditional firewalls.

Cilium brings a kube-proxy replacement for enhanced traffic management, enabling maglev-supported load balancing on L3/L4 for N/S traffic, but also E/W, including DSR and transparent k8s ingress controllers.

Enable app teams with access to rich data streams, thereby providing network flow visibility and the health of service connectivity and enabling app layer issue investigation.

Real-time monitoring and analysis of workload communication for continued FIPS/SOC compliance.

OpenID Connect Cilium offers app teams a multi-tenant self-service access to the connectivity data associated with their kubernetes workloads.

Cilium's observability gives application teams a holistic view of their workloads, enabling them to monitor their golden signals to adhere to their SLAs and OKRs.

Integrate external workloads with your data center and connect cloud native with legacy environments while supporting BGP.

Gain visibility across clouds, clusters and premises - independent on the underlying infrastructure.

Optimize your bandwidth and latency with rate limiting and fair queuing. Rely on our TCP congestion control algorithm automization.

Enabling network policies based on cloud native identities and DNS-aware data, segmenting tenants or workloads to prevent unauthorized or unwanted access to services.

Get deep insight into protocols, enforce protocol aware security policies level based on your findings. Secure TLS, gRPC, Kafka, DNS and HTTP including all the API endpoints exposed with them.

Prevent unauthorized access to your traffic at runtime to stop attacks on OS level, preventing malicious actions.

Enable platform teams to provide self-service portal to app teams to observe their own workloads, dependencies, and flows to identify the services connecting to other services and the service calls being made.

Include your kubernetes clusters in your threat investigation by exporting event, flow, metric to any SIEM or observability tool.