Cilium: Helping Linux Secure Microservices
A microservices-based application is broken into small independent services that communicate with each other via APIs using lightweight protocols like HTTP. However, existing Linux network security mechanisms (e.g., iptables) only operate at the network layer (i.e., IP addresses and ports) and lack visibility into the microservices layer (e.g., HTTP).
Cilium brings HTTP-aware network security filtering to Linux container frameworks like Docker and Kubernetes. Using a new Linux kernel technology called BPF, Cilium provides a simple and efficient way to define and enforce both network-layer and HTTP-layer security policies based on container/pod identity.
We believe in a future where Linux has deep network visibility and control for microservice layer protocols, making applications more secure than ever before. If this goal excites you too, we invite you to join us by contributing ideas, code, and documentation to Cilium.