Containers goody bag

Cilium 1.4 arrives with multi-cluster service routing, IPVLAN support & more

Eirini-Eleni Papadopoulou
© Shutterstock / Sebastian Kaulitzki  

If you’re eager to hear more about Cilium’s latest release, you are in luck! Cilium 1.4 comes with tons of new features and improvements including IPVLAN support (in beta), new Grafana dashboard & more. Let’s take a closer look.

Some months ago, we introduced Cilium, an open source software for securing network connectivity between application services that are deployed using Linux container management platforms like Docker and Kubernetes. More importantly, all this is done in a transparent manner.

If you want to learn more about this tool, check out our overview.

If you are already familiar with Cilium and you’d like to learn more about its latest release, you are in luck!

Let’s dig into Cilium 1.4 and have a look at the most interesting highlights.

The new features

Multi-cluster service routing – Introducing the concept of global services based on standard Kubernetes services. Global services allow a user to nominate a Kubernetes service to be available in multiple clusters. That service can then have backend pods in multiple clusters.

IPVLAN support (beta) – A new IPVLAN based datapath mode has been added. IPVLAN has latency advantages over veth based architectures.

DNS request/response aware security & visibility – Existing DNS security policy model was extended to be aware of the DNS requests that individual pods issue and the DNS responses they receive. This significantly improves the security of pods accessing services outside of the cluster.

Transparent encryption & authentication (beta) – The encryption allows to run Kubernetes in untrusted networks transparently encrypting all communication between services in the cluster. The authentication ensures that only trusted worker nodes can participate in the cluster.

Sockmap BPF based sidecar acceleration (alpha) – Sockmap accelerated local process communication is primarily useful for communication between sidecar proxies and local processes but applies to all local processes.

New Grafana dashboard – Several new Prometheus metrics have been added and a new Grafana dashboard is available that can be deployed into any Kubernetes cluster with a single command:

kubectl apply -f

Flannel integration (beta) – introduces a new configuration option which enables Cilium to run on top of Flannel using CNI chaining.

GKE support with COS – A completely new guide documents how to run Cilium on GKE using COS. A brand new node-init DaemonSet enables to prepare GKE nodes by mounting the BPF filesystem and reconfiguring kubelet to run in CNI mode. Use of the cilium-etcd-operator provides the kvstore requirement while keeping the installation simple.

SEE ALSO: Cilium 1.0: Secure network connectivity for your Docker & Kubernetes projects

Check out the release notes to find out more about all the new features in Cilium 1.4. While you’re at it, have a look at the upgrade guide for detailed instructions on how to get started with this new release.

Eirini-Eleni Papadopoulou
Eirini-Eleni Papadopoulou was the editor for Coming from an academic background in East Asian Studies, she decided that it was time to go back to her high-school hobby that was computer science and she dived into the development world. Other hobbies include esports and League of Legends, although she never managed to escape elo hell (yet), and she is a guest writer/analyst for competitive LoL at TGH.

Inline Feedbacks
View all comments