$ vim cilium.yaml [provide etcd or consul address]
$ kubectl create -f cilium.yaml
$ kubectl create -f demo_app.yaml
$ kubectl create -f http_policy.yaml
$ kubectl exec -ti xwing-68c6cb4b4b-red5 -- curl -s -XPUT deathstar/v1/exhaust-port
The above example is a summary of the hands-on minikube
tutorial that walks
through applying a HTTP aware network policy step by step. More tutorials
can be found in the getting started
For further information on installing Cilium, see the Kubernetes Quick
or refer to the full list of installation
The Roadmap Ahead
Cilium 1.0 is an exciting milestone for all of us but we are already deep into
the planning of Cilium 1.1. So what is on the roadmap for 1.1 and beyond?
Multi Cluster Service Routing: The simplicity of Cilium’s networking model
and the decoupling of addressing and policy allows for easy expansion across
clusters. With this expansion, Cilium will start supporting Kubernetes
service routing across multiple clusters without requiring complex proxy or
Ingress solutions while providing the full set of identity based and API
Integration with OpenTracing, Jaeger and Zipkin: The minimal overhead of
BPF makes it the ideal technology to provide tracing and telemetry
functionality without imposing additional system load.
Policy support for additional API protocols: We already have several
additional application protocols in mind that we will support in future
releases to further improve security.
CRI support: Repeatedly requested by various members of the community, we are
looking forward to supporting CRI to properly abstract the container runtime.
Non container workloads: The BPF datapath is not limited to container
abstractions, it just happened to be the first use case we focused on. Future
versions will provide APIs and documentation on how to integrate with native
Linux tasks, VMs and how to bridge the identity based security space to
existing worlds using IP addresses that cannot be migrated.
You can find the details of the 1.1 release planning in this github
issue. Feel free to comment or
open GitHub issues if you would like to see particular functionality in future