github.com/cilium/cilium ↗

About cilium/cilium

Cilium is an open-source networking, observability, and security platform for Kubernetes built on eBPF, a technology that allows dynamic code execution within the Linux kernel. It provides a complete networking stack with support for both overlay and native routing modes, integrating seamlessly with existing cloud infrastructure and routing protocols like BGP.

The project implements distributed load balancing that can fully replace kube-proxy, using efficient eBPF hash tables to handle nearly unlimited scale. It offers identity-based security policies that work across layers three through seven, enabling fine-grained network control via DNS filtering, HTTP-aware rules, and label-based enforcement rather than brittle IP-address-dependent firewalls. Cilium also supports multi-cluster connectivity through Cluster Mesh, service mesh capabilities with encryption and mutual authentication, and advanced features like bandwidth management and integrated ingress/egress gateways.

Cilium includes Hubble, a comprehensive observability platform providing real-time service maps, flow visibility with identity metadata, and protocol-specific insights. The project is actively maintained by a large community with three concurrent stable releases supported at any given time, regular developer meetings, and widespread production adoption across enterprises. It is licensed under Apache 2.0 for user-space components with eBPF code under dual GPL 2.0 and BSD 2-Clause licensing.