Skip to main content

Cilium

Cilium is an open-source cloud native networking, security, and Observability Platform (OP) (container networking) built on eBPF for Kubernetes and other workloads.

  • eBPF-based data plane for Kubernetes and container networking (container networking)
  • Layer 3–7 Network Policy Enforcement (NPE), including identity-aware security policies (network security)
  • Load balancing for east–west and north–south traffic, including kube-proxy replacement (traffic management)
  • Hubble OP for flow tracing, service-aware metrics, and monitoring (observability)
  • Support for multi-cluster and multi-cloud networking with cluster mesh capabilities (multi-cluster networking)

More About Cilium

Cilium is an open-source project that provides cloud native networking, security, and observability (container networking, network security, observability) using eBPF in the Linux kernel as its core technology. It is a graduated project under the Cloud Native Computing Foundation (CNCF) and is designed for Kubernetes and other container-orchestrated or Linux-based environments. Cilium focuses on providing identity-based security and visibility at layers 3 through 7, rather than relying only on traditional IP-based approaches.

At its core, Cilium implements a high-performance eBPF-based data plane that can act as the primary Container Network Interface (CNI) for Kubernetes clusters (container networking). This data plane provides routing, encapsulation, Network Address Translation (NAT), and load balancing for pod-to-pod, pod-to-service, and external traffic. Cilium can replace kube-proxy by implementing Kubernetes service load balancing in eBPF, which reduces reliance on iptables and can simplify cluster networking architectures.

Cilium includes layered network policy capabilities (network security) that operate at L3/L4 and extend to L7 using protocol-aware rules. Policies can be expressed using Kubernetes NetworkPolicy and CiliumNetworkPolicy resources, with support for application identity based on labels and service context. This allows policy definitions that are decoupled from IP addresses and can follow workloads across nodes, clusters, and environments. Cilium supports encryption options and integration with Kubernetes constructs such as services, namespaces, and labels.

For observability, Cilium provides Hubble (observability), an integrated OP built on eBPF. Hubble offers real-time and historical visibility into network flows, service-to-service communication, and security policy decisions. It exposes APIs, a Command-Line Interface (CLI), and a graphical user interface, enabling teams to inspect connectivity, troubleshoot issues, and understand dependencies between microservices. Hubble leverages Cilium’s identity and protocol awareness to present high-level service maps and flow information.

Cilium also supports multi-cluster and multi-cloud networking through Cluster Mesh (multi-cluster networking). Cluster Mesh connects multiple Kubernetes clusters so that services and workloads can communicate across clusters with shared service discovery and networking policies. This can be used in hybrid cloud and multi-region setups to build a unified service network. Cilium is compatible with common Kubernetes distributions and cloud providers, and integrates with service mesh and ingress components as part of cloud native platform architectures.

In enterprise and institutional environments, Cilium is used as a CNI and security layer for Kubernetes clusters, as an observability tool for network and application flows, and as a foundation for zero-trust networking models (network security). Its use of eBPF allows operators to implement networking, security, and observability logic in the kernel without external proxies in many paths, which can simplify operations and reduce overhead. In a technical directory, Cilium fits into categories such as container networking, Kubernetes CNI, network security, service load balancing, and observability for cloud native infrastructure.