Some months ago, we introduced Cilium, an open source software for securing network connectivity between application services that are deployed using Linux container management platforms like Docker and Kubernetes. More importantly, all this is done in a transparent manner.
If you want to learn more about this tool, check out our overview.
If you are already familiar with Cilium and you’d like to learn more about its latest release, you are in luck!
Let’s dig into Cilium 1.4 and have a look at the most interesting highlights.
The new features
Multi-cluster service routing – Introducing the concept of global services based on standard Kubernetes services. Global services allow a user to nominate a Kubernetes service to be available in multiple clusters. That service can then have backend pods in multiple clusters.
IPVLAN support (beta) – A new IPVLAN based datapath mode has been added. IPVLAN has latency advantages over veth based architectures.
DNS request/response aware security & visibility – Existing DNS security policy model was extended to be aware of the DNS requests that individual pods issue and the DNS responses they receive. This significantly improves the security of pods accessing services outside of the cluster.
Transparent encryption & authentication (beta) – The encryption allows to run Kubernetes in untrusted networks transparently encrypting all communication between services in the cluster. The authentication ensures that only trusted worker nodes can participate in the cluster.
Sockmap BPF based sidecar acceleration (alpha) – Sockmap accelerated local process communication is primarily useful for communication between sidecar proxies and local processes but applies to all local processes.
New Grafana dashboard – Several new Prometheus metrics have been added and a new Grafana dashboard is available that can be deployed into any Kubernetes cluster with a single command:
kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/v1.4/examples/kubernetes/addons/prometheus/monitoring-example.yaml
Flannel integration (beta) – introduces a new configuration option which enables Cilium to run on top of Flannel using CNI chaining.
GKE support with COS – A completely new guide documents how to run Cilium on GKE using COS. A brand new node-init DaemonSet enables to prepare GKE nodes by mounting the BPF filesystem and reconfiguring kubelet to run in CNI mode. Use of the cilium-etcd-operator provides the kvstore requirement while keeping the installation simple.
SEE ALSO: Cilium 1.0: Secure network connectivity for your Docker & Kubernetes projects
Check out the release notes to find out more about all the new features in Cilium 1.4. While you’re at it, have a look at the upgrade guide for detailed instructions on how to get started with this new release.
The post Cilium 1.4 arrives with multi-cluster service routing, IPVLAN support & more appeared first on JAXenter.
Source : JAXenter
