Welcome to Cilium’s documentation!

The documentation is divided into the following sections:

• Getting Started Guides: Provides a simple tutorial for running a small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers.
• Concepts: Describes the components of Cilium, and the different models for deploying Cilium. Provides the high-level understanding required to run a full Cilium deployment and understand its behavior.
• Installation : Details instructions for installing, configuring, and troubleshooting Cilium in different deployment modes.
• Network Policy : Detailed walkthrough of the policy language structure and the supported formats.
• Monitoring & Metrics : Instructions for configuring metrics collection from Cilium.
• Troubleshooting : Describes how to troubleshoot Cilium in different deployment modes.
• BPF and XDP Reference Guide : Provides a technical deep dive of eBPF and XDP technology, primarily focused at developers.
• API Reference : Details the Cilium agent API for interacting with a local Cilium instance.
• Development Guide : Gives background to those looking to develop and contribute modifications to the Cilium code or documentation.

A hands-on tutorial in a live environment is also available for users looking for a way to quickly get started and experiment with Cilium.

Getting Started

• Introduction to Cilium & Hubble
  • What is Cilium?
  • What is Hubble?
  • Why Cilium & Hubble?
  • Functionality Overview
• Getting Started Guides
  • Installation
  • Observability
  • Network Policy Security Tutorials
  • Advanced Networking
  • Cluster Mesh
  • Operations
  • Istio
• Concepts
  • Component Overview
  • Terminology
  • Networking
  • Network Security
  • eBPF Datapath
  • Observability
  • Kubernetes Integration
  • Multi-Cluster (Cluster Mesh)
• Getting Help
  • FAQ
  • Slack
  • GitHub
  • Security Bugs

Operations

• System Requirements
  • Summary
  • Linux Distribution Compatibility Matrix
  • Linux Kernel
  • Required Kernel Versions for Advanced Features
  • Key-Value store
  • clang+LLVM
  • iproute2
  • Firewall Rules
  • Mounted eBPF filesystem
  • Privileges
• Upgrade Guide
  • Running pre-flight check (Required)
  • Upgrading Cilium
  • Version Specific Notes
  • Advanced
• Configuration
  • Core Agent
• Network Policy
  • Policy Enforcement Modes
  • Rule Basics
  • Layer 3 Examples
  • Layer 4 Examples
  • Layer 7 Examples
  • Deny Policies
  • Host Policies
  • Layer 7 Protocol Visibility
  • Using Kubernetes constructs in policy
  • Endpoint Lifecycle
  • Troubleshooting
• Monitoring & Metrics
  • Cilium Metrics
  • Hubble Metrics
  • Example Prometheus & Grafana Deployment
  • Metrics Reference
• Performance & Scalability
  • Tuning Guide
  • CNI Performance Benchmark
  • Scalability
• Troubleshooting
  • Component & Cluster Health
  • Observing Flows with Hubble
  • Observing flows with Hubble Relay
  • Connectivity Problems
  • Policy Troubleshooting
  • etcd (kvstore)
  • Cluster Mesh Troubleshooting
  • Symptom Library
  • Useful Scripts
  • Reporting a problem

Community

• Weekly Community Meeting
• Slack
  • Slack channels
• Special Interest Groups
  • All SIGs
  • How to create a SIG

For Developers

• Governance
  • Cilium Committer Grant/Revocation Policy
    • Expectations for Developers with commit access
    • Granting Commit Access
    • Revoking Commit Access
    • Changing the Policy
  • Voting
    • Company Block Vote Limit
  • Templates
    • Nomination to Grant Commit Access
    • Vote to Grant Commit Access
    • Vote Results for Grant of Commit Access
    • Invitation to Accepted Committer
    • Proposal to Remove Commit Access for Inactivity
    • Notification of Commit Removal for Inactivity
    • Proposal to Revoke Commit Access for Detrimental Behavior
    • Vote to Revoke Commit Access
    • Vote Results for Revocation of Commit Access
    • Notification of Commit Revocation for Detrimental Behavior
• Development Guide
  • How To Contribute
    • Clone and Provision Environment
    • Submitting a pull request
    • Getting a pull request merged
    • Pull requests review process for committers
    • Weekly duties
    • Developer’s Certificate of Origin
  • Development Setup
    • Verifying Your Development Setup
    • Requirements
    • Vagrant Setup
    • Local Development in Vagrant Box
    • Making Changes
    • Add/update a golang dependency
    • Add/update a new Kubernetes version
    • Optional: Docker and IPv6
    • Debugging
  • Building Container Images
    • Developer images
    • Official release images
    • Experimental Docker BuildKit and Buildx support
    • Official Cilium repositories
    • Update cilium-builder and cilium-runtime images
    • Nightly Docker image
    • Image Building Process
  • Code Overview
    • High-level
    • Cilium
    • Hubble
    • Important common packages
  • Debugging
    • toFQDNs and DNS Debugging
    • Mutexes / Locks and Data Races
  • Hubble
    • Bumping the vendored Cilium dependency
  • Documentation Style
    • Header
    • Titles
    • Body
    • Code Blocks
    • Links
    • Lists
    • Roles
• Release Management
  • Organization
    • Release tracking
    • Release Cadence
  • Backporting process
    • Backport Criteria
    • Backporting Guide for the Backporter
    • Backporting Guide for Others
  • Generic Release Process
    • GitHub template process
    • Reference steps for the template
  • Release Candidate Process
    • GitHub template process
    • Reference steps for the template
  • Feature Release Process
    • On Freeze date
    • For the final release
• Testing
  • CI / Jenkins
    • Jobs Overview
    • Triggering Pull-Request Builds With Jenkins
    • Testing with race condition detection enabled
    • Using Jenkins for testing
    • CI Failure Triage
    • Infrastructure details
  • Documentation
  • End-To-End Testing Framework
    • Introduction
    • Running End-To-End Tests
    • Test Reports
    • Best Practices for Writing Tests
    • Ginkgo Extensions
    • Debugging:
    • Running End-To-End Tests In Other Environments via kubeconfig
    • Running End-To-End Tests In Other Environments via SSH
    • VMs for Testing
    • VM images
    • Known Issues and Workarounds
    • Further Assistance
  • Integration Testing
    • Prerequisites
    • Running all tests
    • Testing individual packages
    • Running individual tests
    • Automatically run unit tests on code changes
• BPF and XDP Reference Guide
  • BPF Architecture
    • Instruction Set
    • Helper Functions
    • Maps
    • Object Pinning
    • Tail Calls
    • BPF to BPF Calls
    • JIT
    • Hardening
    • Offloads
  • Toolchain
    • Development Environment
    • LLVM
    • iproute2
    • bpftool
    • BPF sysctls
    • Kernel Testing
    • JIT Debugging
    • Introspection
    • Tracing pipe
    • Miscellaneous
  • Program Types
    • XDP
    • tc (traffic control)
  • Further Reading
    • Kernel Developer FAQ
    • Projects using BPF
    • XDP Newbies
    • BPF Newsletter
    • Podcasts
    • Blog posts
    • Books
    • Talks
    • Further Documents
• API Reference
  • Introduction
  • How to access the API
    • CLI Client
    • Golang Package
  • Compatibility Guarantees
  • API Reference
• Internals
  • Hubble internals
    • Hubble Architecture
  • Cilium Operator
    • Highly Available Cilium Operator
    • CRD Registration
    • IPAM
    • KVStore operations
    • Identity garbage collection
    • CiliumEndpoint garbage collection
    • Derivative network policy creation
  • Security Identities

Reference

• Command Cheatsheet
  • Command utilities:
  • Command examples:
  • Kubernetes examples:
• Command Reference
  • cilium-agent
  • cilium
  • cilium-health
  • cilium-operator
  • cilium-operator-aws
  • cilium-operator-azure
  • cilium-operator-generic
  • Key-Value Store
• Key-Value Store
  • Layout
  • Leases
  • Debugging
• Further Reading
  • Related Material
  • Presentations
  • Podcasts
  • Community blog posts
• Glossary
• Helm Reference