
Set up a local Kubernetes cluster with Minikube, install kubectl and Cilium, then deploy a three-service demo app and enforce L3/L4 policies via endpoint labels.
Get started with Istio by deploying Cilium-based networking and psyllium sidecars in a Kubernetes cluster, then deploy a four-service book app (product, details, reviews, reads) with Envoy for traffic control.
Learn how to enforce secure communication in a Kubernetes environment using Cilium network policies, protecting Kafka topics, and validating authorization across services.
Deploy cilium on kubernetes, configure psyllium components and daemon sets, then deploy a demo kafka application with zookeeper, illustrating security policies and topic-based data streams.
Secure access to a gRPC service using cilium network policy, blocking write requests while allowing get name, get location, and request maintenance, by mapping calls and applying policy.
Learn to deploy mesos marathon and psyllium on a vagrant vm to apply cilium l3 and l4 policies between a web server and client.
Explore how the cilium agent manages cluster addresses, ip and ipv6 prefixes, and location-based endpoints, enabling overlay and native routing with identity-based access control for containers.
Define egress rules using endpoint labels and selectors to control traffic, apply default deny, and enforce separation of concerns with labeled requirements for base connectivity and production services.
Explore how helper functions enable BPF programs to access kernel data and maps, using a common signature and macros, with live examples of map updates.
Explore testing kernel changes with the Linux Dave Sim dummy driver, loading DP BP, DC BP, and CBP programs through two workflows with IP node 2.
Examine how bpf programs use maps and instruction streams, with tools for dumping, pretty printing, and interleaving native and kernel execution, to support debugging and analysis.
Access the cilium api via cli and golang packages, use subcommands to import, list, and remove network policies, and monitor policy enforcement with debugging and microscope for cluster-wide visibility.
CILIUM:A microservices- based application is split into small independent services that communicate with each other via APIs using lightweight protocols like HTTP, gRPC, Kafka and more. However, existing Linux network security mechanisms (e.g., iptables) only operate at the network and transport layers (i.e., IP addresses and ports) and lack visibility into the microservices layer.
Cilium brings API-aware network security filtering to Linux container frameworks like Docker &Kubernetes. Using a new Linux kernel technology called BPF, Cilium provides a simple and efficient way to define and enforce both network-layer and application-layer security policies based on container/pod identity.
We believe in a future where Linux has deep network visibility and control for microservice at the API layer, making applications more secure than ever before. If this goal excites you too, we invite you to join us by contributing ideas, code, and documentation to Cilium.
Identity Based Security:Cilium visibility and security policies are based on the container orchestrator identity (e.g., Kubernetes labels). Never again worry about network subnets or container IP addresses when writing security policies, auditing, or troubleshooting.
Blazing Performance:BPF is the underlying Linux superpower to do the heavy lifting on the datapath by providing sandboxed programmability of the Linux kernel with incredible performance
API-Protocol Visibility + Security:
Traditional firewalls only see and filter packets based on network headers like IP address and ports. Cilium can do this as well, but also understands and filters the individual HTTP, gRPC, and Kafka requests that stitch microservices together.
Designed for Scale:
Cilium was designed for scale, with no node-to-node interactions required when new pods are deployed, and all coordination through a highly scalable key-value store.
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.
Created at Netflix, it has been battle-tested in production by hundreds of teams over millions of deployments. It combines a powerful and flexible pipeline management system with integrations to the major cloud providers.
Multi-Cloud
Deploy across multiple cloud providers including AWS EC2, Kubernetes, Google Compute Engine, Google Kubernetes Engine, Google App Engine, Microsoft Azure, and Openstack, with Oracle Bare Metal and DC/OS coming soon.
Automated Releases
Create deployment pipelines that run integration and system tests, spin up and down server groups, and monitor your rollouts. Trigger pipelines via git events, Jenkins, Travis CI, Docker, CRON, or other Spinnaker pipelines.
Built-in Deployment Best Practices
Create and deploy immutable images for faster rollouts, easier rollbacks, and the elimination of hard to debug configuration drift issues. Leverage an immutable infrastructure in the cloud with built-in deployment strategies such as red/black and canary deployments.
Active Community
Join a community that includes Netflix, Google, Microsoft, Veritas, Target, Kenzan, Schibsted, and many others, actively working to maintain and improve Spinnaker.
Many companies are moving away from “big bang” software releases every six months or so to a continuous delivery (CD) model that enables IT to release updates frequently, even if that means several times a day. Using Netflix and its open source Spinnaker CD platform as examples, this practical ebook demonstrates how a new host of tools can help you deploy software changes to production quickly, safely, and automatically.
A team of experts from Netflix and Google show you how to automate deployments with Spinnaker across multiple cloud accounts, regions, and even across multiple cloud platforms into continuous deployment pipelines. You’ll learn how Spinnaker enables your company to design and automate a delivery process that not only fits your release cadence, but also the business criticality of your application.