Learn about Cilium with interactive courses

Deep dive into Cilium and its features with labs provided by companies within the Cilium ecosystem

Cilium LoadBalancer IPAM and L2 Service Announcement
NetworkingFrom Isovalent

Cilium LoadBalancer IPAM and L2 Service Announcement

In Cilium 1.13, we introduced support for LoadBalancer IP Address Management (LB-IPAM) and the ability to allocate IP addresses to Kubernetes Services of the type LoadBalancer. Cloud providers natively provide this feature for managed Kubernetes Services and therefore this feature is more one for self-managed Kubernetes deployments or home labs. LB-IPAM works seamlessly with Cilium BGP: the IP addresses allocated by Cilium can be advertised to BGP peers to integrate your cluster with the rest of your network. For users who do not want to use BGP or that just want to make these IP addresses accessible over the local network, we are introducing a new feature called L2 Announcements in Cilium 1.14. When you deploy a L2 Announcement Policy, Cilium will start responding to ARP requests from local clients for ExternalIPs and/or LoadBalancer IPs. Typically, this would have required a tool like MetalLB but Cilium now natively supports this functionality. Try it in this new lab!

Cilium Traffic Optimization
NetworkingFrom Isovalent

Cilium Traffic Optimization

In this lab, using a Star Wars-inspired theme based on the iconic “These are not the droids you’re looking for” scene, you’ll explore how Local Redirect Policies, topology-aware load balancing, and node-local optimizations can enhance service performance and reduce latency

Cilium Transparent Encryption with IPSec and WireGuard
SecurityFrom Isovalent

Cilium Transparent Encryption with IPSec and WireGuard

Encryption is required for many compliance frameworks. Kubernetes doesn’t natively offer pod-to-pod encryption. To offer encryption capabilities, it’s often required to implement it directly into your applications or deploy a Service Mesh. Both options add complexity and operational headaches. Cilium actually provides two options to encrypt traffic between Cilium-managed endpoints: IPsec and WireGuard. In this lab, you will be installing and testing both features and will get to experience how easy it is to encrypt data in transit with Cilium.

Discovery: Platform Engineer
Getting StartedFrom Isovalent

Discovery: Platform Engineer

In this short hands-on discovery lab designed for Platform and DevOps Engineers, you will learn, in 15 minutes, several Cilium features

Discovery: SecOps Engineers
Getting StartedFrom Isovalent

Discovery: SecOps Engineers

In this short hands-on discovery lab designed for SecOps Engineers, you will learn, in 15 minutes, several Cilium and Tetragon security features

Disovery: Cloud Network Engineer
Getting StartedFrom Isovalent

Disovery: Cloud Network Engineer

In this short hands-on discovery lab designed for Cloud Network Engineers, you will learn, in 15 minutes, several Cilium networking features

Getting Started with Cilium
Getting StartedFrom Isovalent

Getting Started with Cilium

Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. In this track, we provide you a fully fledged Cilium installation on a small cluster, together with a few challenges to solve. See yourself how Cilium works, and how it can help you securing your moon-sized battlestation in a “Star Wars”-inspired challenge.

Getting Started with Tetragon
Getting StartedFrom Isovalent

Getting Started with Tetragon

Security Observability is a new paradigm that utilizes eBPF, a Linux kernel technology, to allow Security and DevOps teams, SREs, Cloud Engineers, and Solution Architects to gain real-time visibility into Kubernetes and helps to secure your production environment with Tetragon. Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team. The best way to learn about Security Observability and Cilium Tetragon is to read the book “Security Observability with eBPF” by Jed Salazar and Natalia Reka Ivanko. And the best way to have your first experience with Tetragon is to walk through this lab, which takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!

Golden Signals with Hubble and Grafana
ObservabilityFrom Isovalent

Golden Signals with Hubble and Grafana

One of the most important thing when running applications in an environment like Kubernetes is to have good observability and deep insights. However, for many organizations it can be challenging to update existing applications to provide the observability you need. With Cilium, you can use the Hubble Layer 7 visibility functionality to get Prometheus metrics for your application without having to modify it at all. In this lab you will learn how Cilium can provide metrics for an existing application with and without tracing functionality, and how you can use Grafana dashboards provided by Cilium to gain insight into how your application is behaving.

Introduction to Cilium
Getting StartedFrom Linux Foundation

Introduction to Cilium

Get a practical introduction to using Cilium as the networking plug-in for Kubernetes, including installation, observability with Hubble, securing network connections, and multi-cluster support - all based on eBPF for scalability, performance, and security.

Introduction to Cilium
Getting StartedFrom Solo.io

Introduction to Cilium

Cilium is an open source software for providing, securing and observing network connectivity between container workloads - cloud native, and fueled by the revolutionary Kernel technology eBPF.

L7 Load-Balancing with Kubernetes Services + Annotations
NetworkingFrom Isovalent

L7 Load-Balancing with Kubernetes Services + Annotations

Kubernetes does not natively support gRPC Load Balancing out of the box. Learn how to use Cilium’s embedded Envoy proxy to achieve load-balancing for L7 services, with a simple annotation.

Want to add your lab to the list? Submit a PR here

Submit a PR