Integrations - cilium/cilium

Integrations with Cilium:

Cilium is a powerful networking and security solution for cloud native environments. It supports various integrations with other tools and platforms to enhance its functionality and usability. Here are some possible options with examples:

  1. Istio: Cilium supports integration with Istio, a popular service mesh platform. This integration allows Cilium to provide Layer 7 (L7) network policies and traffic management features for Istio-managed services. The integration involves using Cilium’s custom HTTP filter, Cilium.L7Policy, in the Istio Envoy proxy. Here’s an example configuration:
http_filters:
- name: cilium.l7policy
typed_config:
"@type": "type.googleapis.com/cilium.L7Policy"
access_log_path: "/var/run/cilium/access_log.sock"

(Source: https://www.solo.io/blog/exploring-cilium-layer-7-capabilities-compared-to-istio)

  1. Kubernetes: Cilium is a Kubernetes CNI (Container Network Interface) plugin, which means it integrates seamlessly with Kubernetes clusters. Cilium supports Kubernetes RBAC (Role-Based Access Control) and provides a specific API extension for managing Cilium network policies. Here’s an example policy:
/apis/cilium.io/v2/namespaces/{namespace}/ciliumnetworkpolicies

(Source: https://learnk8s.io/rbac-kubernetes)

  1. Prometheus and Grafana: Cilium supports integration with Prometheus and Grafana for monitoring and visualizing network metrics. The integration includes pre-built dashboards and alerts for Cilium Enterprise and Hubble Enterprise. Here’s an example of a Cilium Enterprise dashboard in Grafana:

Cilium Enterprise Dashboard (Source: https://grafana.com/docs/grafana-cloud/monitor-infrastructure/integrations/integration-cilium-enterprise)

  1. Envoy: Cilium integrates with the Envoy proxy for L7 traffic management and security. Cilium provides a Go-based extension framework for Envoy, which allows users to extend Envoy filters and parsers using Go. Here’s an example of a custom Go extension for Envoy:
package main

import (
"fmt"
"github.com/envoyproxy/go-control-plane/envoy/api/v2"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/filter"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/listener"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/matcher"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/route"
"github.com/envoyproxy/go-control-plane/envoy/config/filter/http/go_ext_authz/v2"
"github.com/envoyproxy/go-control-plane/envoy/config/listener/v2"
"github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/go_ext_authz/v2"
"github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v2"
"github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v2"
"github.com/envoyproxy/go-control-plane/envoy/service/auth/v2"
"google.golang.org/grpc"
)

func main() {
// ...
}

(Source: https://www.youtube.com/watch?v=5x_SsEg6zu4)

  1. Azure and AWS: Cilium supports integration with Azure and AWS cloud providers for managing network policies and security. Cilium provides Go-based SDKs for Azure and AWS, which allow users to manage cloud resources using Go. Here’s an example of using the Azure SDK for Go:
package main

import (
"context"
"fmt"
"log"

"github.com/Azure/azure-sdk-for-go/profiles/latest/network/mgmt/network"
"github.com/Azure/go-autorest/autorest"
)

func main() {
// ...
}

(Source: https://github.com/Azure/azure-sdk-for-go)

These are just a few examples of the many integrations supported by Cilium. For more information, please refer to the official Cilium documentation and the resources provided in the links above.