Cilium
What is Cilium?
CiliumAn eBPF-based Container Network Interface that provides networking, observability, and security for Kubernetes workloads at kernel speed.
Cilium is an open-source CNI plugin that uses Linux eBPF to program the kernel for pod-to-pod networking, load balancing, observability, and security policy enforcement, without iptables. It implements Kubernetes Network Policies, plus a richer CiliumNetworkPolicy custom resource that supports identity-based, L7 HTTP/Kafka/gRPC, and DNS-aware rules. Cilium is a CNCF Graduated project (the highest CNCF maturity tier, announced in October 2023) and underpins production platforms at major cloud providers and enterprises. Its companion projects include Hubble for flow-level observability and Tetragon for runtime enforcement. Cilium is widely adopted for zero-trust pod networking, encrypted service mesh, and high-performance cluster traffic management.
● Examples
- 01
Replacing kube-proxy with Cilium's eBPF-based load balancer for lower latency.
- 02
Defining a CiliumNetworkPolicy that only permits HTTP GET /api/* between two namespaces.
● Frequently asked questions
What is Cilium?
An eBPF-based Container Network Interface that provides networking, observability, and security for Kubernetes workloads at kernel speed. It belongs to the Cloud Security category of cybersecurity.
What does Cilium mean?
An eBPF-based Container Network Interface that provides networking, observability, and security for Kubernetes workloads at kernel speed.
How does Cilium work?
Cilium is an open-source CNI plugin that uses Linux eBPF to program the kernel for pod-to-pod networking, load balancing, observability, and security policy enforcement, without iptables. It implements Kubernetes Network Policies, plus a richer CiliumNetworkPolicy custom resource that supports identity-based, L7 HTTP/Kafka/gRPC, and DNS-aware rules. Cilium is a CNCF Graduated project (the highest CNCF maturity tier, announced in October 2023) and underpins production platforms at major cloud providers and enterprises. Its companion projects include Hubble for flow-level observability and Tetragon for runtime enforcement. Cilium is widely adopted for zero-trust pod networking, encrypted service mesh, and high-performance cluster traffic management.
How do you defend against Cilium?
Defences for Cilium typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Cilium?
Common alternative names include: Cilium CNI, Cilium eBPF.
● Related terms
- cloud-security№ 600
Kubernetes Security
The protection of a Kubernetes cluster — its API server, control plane, nodes, workloads, and network — from misconfiguration, compromise, and lateral movement.
- cloud-security№ 1141
Tetragon
An eBPF-based Kubernetes runtime security tool from the Cilium project that observes and synchronously enforces policy on processes, files, and network activity.
- cloud-security№ 601
Kubescape
An open-source Kubernetes security platform from ARMO that scans clusters, manifests, and images for misconfigurations, vulnerabilities, and policy drift.
● See also
- № 596kube-bench