Use Cilium for NetworkPolicy

    For background on Cilium, read the Introduction to Cilium.

    You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

    To check the version, enter .

    To get familiar with Cilium easily you can follow the to perform a basic DaemonSet installation of Cilium in minikube.

    1. minikube version: v1.5.2

    For minikube you can install Cilium using its CLI tool. To do so, first download the latest version of the CLI with the following command:

    1. curl -LO https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz

    Then extract the downloaded file to your /usr/local/bin directory with the following command:

    After running the above commands, you can now install Cilium with the following command:

    Cilium will then automatically detect the cluster configuration and create and install the appropriate components for a successful installation. The components are:

    • Certificate Authority (CA) in Secret cilium-ca and certificates for Hubble (Cilium’s observability layer).
    • Cluster roles.
    • ConfigMap.
    • Agent DaemonSet and an Operator Deployment.

    The remainder of the Getting Started Guide explains how to enforce both L3/L4 (i.e., IP address + port) security policies, as well as L7 (e.g., HTTP) security policies using an example application.

    For detailed instructions around deploying Cilium for production, see: This documentation includes detailed requirements, instructions and example production DaemonSet files.

    Deploying a cluster with Cilium adds Pods to the namespace. To see this list of Pods run:

    You’ll see a list of Pods similar to this:

    1. NAME           READY   STATUS    RESTARTS   AGE
    2. cilium-kkdhz   1/1     Running   0          3m23s

    Once your cluster is running, you can follow the Declare Network Policy to try out Kubernetes NetworkPolicy with Cilium. Have fun, and if you have questions, contact us using the .