Deployment & Integration - cilium/cilium.io

Cilium is a networking plugin for Kubernetes that provides enhanced security and observability features. It can be deployed in various environments, and there are several options for integration with existing infrastructure.

Deployment Options:

1. Kubernetes: Cilium can be deployed in a Kubernetes cluster using Helm charts or Kubernetes manifests. The official documentation provides detailed instructions for deploying Cilium in a Kubernetes cluster. (Source)
2. Amazon EKS: Cilium can be deployed in an Amazon EKS cluster using the official AWS EKS Cilium accelerator. This accelerator simplifies the deployment of Cilium in an EKS cluster and provides additional features such as automatic node labeling and service discovery. (Source)
3. OpenShift: Cilium can be deployed in an OpenShift cluster using the OperatorHub. The OperatorHub provides a simple way to deploy and manage Cilium in an OpenShift cluster. (Source)

Integration Options:

1. Kubernetes NetworkPolicy: Cilium integrates with Kubernetes NetworkPolicy to provide enhanced security features. NetworkPolicy allows you to define network policies based on pod labels, and Cilium enforces these policies using eBPF. (Source)
2. RBAC: Cilium supports RBAC (Role-Based Access Control) to limit access to Kubernetes resources. This allows you to control who can access and modify Cilium resources in your cluster. (Source)
3. Metrics Export: Cilium supports metrics export to Prometheus, allowing you to monitor your Cilium deployment using Grafana. The metrics include information about network traffic, security policies, and node status. (Source)
4. CI/CD: Cilium can be integrated into a CI/CD pipeline using tools such as CircleCI and Tekton. This allows you to automatically deploy and test Cilium in a Kubernetes cluster. (Source)
5. Observability: Cilium integrates with Grafana to provide enhanced observability features. This allows you to monitor your Cilium deployment using Grafana dashboards and alerts. (Source)

Here’s an example of deploying Cilium in a Kubernetes cluster using Helm:

1. Install Helm in your Kubernetes cluster.
2. Add the Cilium Helm repository:

helm repo add cilium https://helm.cilium.io/

3. Update the Helm repository:

helm repo update

4. Create a Helm values file for Cilium:

# values.yaml

# Enable Hubble, the observability layer of Cilium
hubble:
enabled: true

# Enable Prometheus metrics export
prometheus:
enabled: true

5. Deploy Cilium using Helm:

helm install cilium cilium/cilium --values values.yaml

This will deploy Cilium in your Kubernetes cluster with Hubble and Prometheus metrics export enabled.

Sources:

• Cilium Kubernetes Installation Guide
• Cilium AWS EKS Cilium Accelerator
• Cilium OpenShift Operator
• Cilium Kubernetes NetworkPolicy
• Cilium RBAC
• Cilium Metrics Export
• Cilium CI/CD with CircleCI and Tekton
• Cilium Grafana Observability