Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Cilium

  • How to send Cilium metrics to Azure Managed Prometheus

    In today’s blog post, I walk you through the setup on how to send Cilium metrics to Azure Managed Prometheus. Our setup covers two scenarios. The first one is an Azure Kubernetes Service cluster using Cilium via the BYOCNI (Bring Your Own CNI) option, and the second one is a K3s single node cluster running…

  • Provide additional metadata information to Cilium for IP addresses outside of the Kubernetes cluster scope

    In Cilium, IP addresses that do not belong to the Pod CIDR or Kubernetes Service CIDR range, and some special ranges like the Kubernetes API server, are recognized as the reserved:world identity. So, to say they do not belong to the Kubernetes cluster scope, known to Cilium itself. -> https://docs.cilium.io/en/stable/gettingstarted/terminology/#special-identities When you start using DNS-based…

  • Using Hubble CLI’s automatic port forwarding

    This will be a rather short blog post today, but it will highlight a new feature in the Hubble CLI in version 1.17 and later. Since version 1.17, the option -P has been added to the Hubble CLI. -P enables the automatic port forwarding to the Hubble relay in the Kubernetes cluster. As seen in…

  • Using Cilium Hubble Exporter to log blocked egress traffic on Azure Kubernetes Service

    In one of my previous blog posts, I covered how to do egress traffic blocking with Cilium bring-your-own CNI on Azure Kubernetes Service -> https://www.danielstechblog.io/egress-traffic-blocking-with-cilium-cluster-wide-network-policies-on-azure-kubernetes-service/ Today we look into Cilium Hubble Exporter which lets us write Hubble flows to the Cilium agent log output. Thus, Hubble flows can be collected by the logging solution running…

  • Egress traffic blocking with Cilium cluster-wide network policies on Azure Kubernetes Service

    Today, we talk about how to block egress traffic with Cilium cluster-wide network policies on Azure Kubernetes Service. For this, we need an Azure Kubernetes Service cluster with Cilium installed via the bring-your-own CNI approach. Azure CNI powered by Cilium unfortunately only partially supports Cilium network policies. However, Cilium cluster-wide network policies and Cilium CIDR…

WordPress Cookie Notice by Real Cookie Banner