Use Cilium for NetworkPolicy

    For background on Cilium, read the Introduction to Cilium.

    You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using or you can use one of these Kubernetes playgrounds:

    To check the version, enter .

    To start minikube, minimal version required is >= v1.5.2, run the with the following arguments:

      For minikube you can install Cilium using its CLI tool. Cilium will automatically detect the cluster configuration and will install the appropriate components for a successful installation:

      1. curl -LO https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
      3. rm cilium-linux-amd64.tar.gz

      The remainder of the Getting Started Guide explains how to enforce both L3/L4 (i.e., IP address + port) security policies, as well as L7 (e.g., HTTP) security policies using an example application.

      Deploying a cluster with Cilium adds Pods to the namespace. To see this list of Pods run:

      1. kubectl get pods --namespace=kube-system -l k8s-app=cilium

      You’ll see a list of Pods similar to this:

      A cilium Pod runs on each node in your cluster and enforces network policy on the traffic to/from Pods on that node using Linux BPF.