SkillAgentSearch skills...

Cilium

eBPF-based Networking, Security, and Observability

GenerateConvertImprove

Install / Use

/learn @cilium/Cilium
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

.. raw:: html

<picture> <source media="(prefers-color-scheme: light)" srcset="https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo.png" width="350" alt="Cilium Logo"> <img src="https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-dark.png" width="350" alt="Cilium Logo"> </picture>

|cii| |go-report| |clomonitor| |artifacthub| |slack| |go-doc| |rtd| |apache| |bsd| |gpl| |fossa| |gateway-api| |codespaces|

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. It provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode. It is L7-protocol aware and can enforce network policies on L3-L7 using an identity based security model that is decoupled from network addressing.

Cilium implements distributed load balancing for traffic between pods and to external services, and is able to fully replace kube-proxy, using efficient hash tables in eBPF allowing for almost unlimited scale. It also supports advanced functionality like integrated ingress and egress gateway, bandwidth management and service mesh, and provides deep network and security visibility and monitoring.

A new Linux kernel technology called eBPF_ is at the foundation of Cilium. It supports dynamic insertion of eBPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. eBPF is highly efficient and flexible. To learn more about eBPF, visit eBPF.io_.

.. image:: Documentation/images/cilium-overview.png :alt: Overview of Cilium features for networking, observability, service mesh, and runtime security

.. raw:: html

<a href="https://cncf.io/"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://github.com/cncf/artwork/blob/main/other/cncf-member/graduated/color/cncf-graduated-color.svg" /> <img src="https://github.com/cncf/artwork/blob/main/other/cncf-member/graduated/white/cncf-graduated-white.svg" alt="CNCF Graduated Project" height="80" /> </picture> </a> <a href="https://ebpf.io/"> <picture> <source media="(prefers-color-scheme: light)" srcset=".github/assets/ebpf-horizontal.svg" /> <img src=".github/assets/ebpf-horizontal-dark-back.svg" alt="eBPF Logo" height="80" align="right" /> </picture> </a>

Stable Releases

The Cilium community maintains minor stable releases for the last three minor Cilium versions. Older Cilium stable versions from minor releases prior to that are considered EOL.

For upgrades to new minor releases please consult the Cilium Upgrade Guide_.

Listed below are the actively maintained release branches along with their latest patch release, corresponding image pull tags and their release notes:

+---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+ | v1.19 <https://github.com/cilium/cilium/tree/v1.19>__ | 2026-02-17 | quay.io/cilium/cilium:v1.19.1 | Release Notes <https://github.com/cilium/cilium/releases/tag/v1.19.1>__ | +---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+ | v1.18 <https://github.com/cilium/cilium/tree/v1.18>__ | 2026-02-12 | quay.io/cilium/cilium:v1.18.7 | Release Notes <https://github.com/cilium/cilium/releases/tag/v1.18.7>__ | +---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+ | v1.17 <https://github.com/cilium/cilium/tree/v1.17>__ | 2026-02-12 | quay.io/cilium/cilium:v1.17.13 | Release Notes <https://github.com/cilium/cilium/releases/tag/v1.17.13>__ | +---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+

Architectures

Cilium images are distributed for AMD64 and AArch64 architectures.

Software Bill of Materials

Starting with Cilium version 1.13.0, all images include a Software Bill of Materials (SBOM). The SBOM is generated in SPDX_ format. More information on this is available on Cilium SBOM_.

.. _SPDX: https://spdx.dev/ .. _Cilium SBOM: https://docs.cilium.io/en/latest/configuration/sbom/

Development

For development and testing purpose, the Cilium community publishes snapshots, early release candidates (RC) and CI container images build from the main branch <https://github.com/cilium/cilium/commits/main>_. These images are not for use in production.

For testing upgrades to new development releases please consult the latest development build of the Cilium Upgrade Guide_.

Listed below are branches for testing along with their snapshots or RC releases, corresponding image pull tags and their release notes where applicable:

+----------------------------------------------------------------------------+------------+-----------------------------------------+---------------------------------------------------------------------------------+ | main <https://github.com/cilium/cilium/commits/main>__ | daily | quay.io/cilium/cilium-ci:latest | N/A | +----------------------------------------------------------------------------+------------+-----------------------------------------+---------------------------------------------------------------------------------+ | v1.20.0-pre.0 <https://github.com/cilium/cilium/commits/v1.20.0-pre.0>__ | 2026-03-02 | quay.io/cilium/cilium:v1.20.0-pre.0 | Release Notes <https://github.com/cilium/cilium/releases/tag/v1.20.0-pre.0>__ | +----------------------------------------------------------------------------+------------+-----------------------------------------+---------------------------------------------------------------------------------+

Functionality Overview

.. begin-functionality-overview

CNI (Container Network Interface)

Cilium as a CNI plugin <https://cilium.io/use-cases/cni/>_ provides a fast, scalable, and secure networking layer for Kubernetes clusters. Built on eBPF, it offers several deployment options:

  • Overlay networking: encapsulation-based virtual network spanning all hosts with support for VXLAN and Geneve. It works on almost any network infrastructure as the only requirement is IP connectivity between hosts which is typically already given.

  • Native routing mode: Use of the regular routing table of the Linux host. The network is required to be capable of routing the IP addresses of the application containers. It integrates with cloud routers, routing daemons, and IPv6-native infrastructure.

  • Flexible routing options: Cilium can automate route learning and advertisement in common topologies such as using L2 neighbor discovery when nodes share a layer 2 domain, or BGP when routing across layer 3 boundaries.

Each mode is designed for maximum interoperability with existing infrastructure while minimizing operational burden.

Load Balancing

Cilium implements distributed load balancing for traffic between application containers and to/from external services. The load balancing is implemented in eBPF using efficient hashtables enabling high service density and low latency at scale.

  • East-west load balancing rewrites service connections at the socket level (connect()), avoiding the overhead of per-packet NAT and fully replacing kube-proxy <https://cilium.io/use-cases/kube-proxy/>_.

  • North-south load balancing supports XDP for high-throughput scenarios and layer 4 load balancing <https://cilium.io/use-cases/load-balancer/>_ including Direct Server Return (DSR), and Maglev consistent hashing.

Cluster Mesh

Cilium Cluster Mesh <https://cilium.io/use-cases/cluster-mesh/>_ enables secure, seamless connectivity across multiple Kubernetes clusters. For operators running hybrid or multi-cloud environments, Cluster Mesh ensures a consistent security and connectivity experience.

  • Global service discovery: Workloads across clusters can discover and connect to services as if they were local. This enables fault tolerance, like automatically failing over to backends in another cluster, and exposes shared services like logging, auth, or databases across environments.

  • Unified identity model: Security policies are enforced based on identity, not IP address, across all clusters.

Network Policy

Cilium Network Policy <https://cilium.io/use-cases/network-policy/>_ provides identity-aware enforcement across L3-L7. Typical container firewalls secure workloads by filtering on source IP addresses and destination ports. This concept requires the firewalls on all servers to be manipulated whenever a container is started anywhere in the cluster.

In order to avoid this situation which limits scale, Cilium assigns a security identity to groups of application containers which share identical security policies. The identity is then associated with all network packets emitted by the application containers, allowing to validate the identity at the receiving node.

  • Identity-based security removes reliance on brittle IP addresses.

  • L3/L4 policies restrict traffic based on labels, protocols, and ports.

  • DNS-based policies: Allow or deny traffic to FQDNs or wildcard domains (e.g., api.example.com, *.trusted.com). This is especially useful for securing e

cilium

View profile

View on GitHub
GitHub Stars24.0k
CategoryDevelopment
Updated13m ago
Forks3.7k
cilium/cilium

Languages

Go

Security Score

100/100

Audited on Mar 27, 2026

No findings