Cilium can be integrated with Docker in two ways:
- via the
CNIinterface. This method is used by Kubernetes and Mesos.
- via Docker’s libnetwork plugin interface, if networking is to be managed by the Docker runtime. This method is used, for example, by Docker Compose.
To run Cilium with Docker’s libnetwork, it needs a single logical Docker
network of type
cilium with an IPAM-driver of type
IPAM-driver delegates control over IPv4 and IPv6 address management and network
connectivity to Cilium for all containers attached to this network. Each Docker
container is allocated an IP address from the node prefix of the node running
When deployed with Docker, each Linux node must also run a
agent that receives libnetwork calls from Docker and then communicates with the
Cilium Agent to control container networking.
Security policies controlling connectivity between the Docker containers can be written in terms of the Docker container labels passed to Docker when creating the container. These policies can be created and updated via the Cilium agent API or by using the Cilium CLI client.
Follow this guide for a step by step introduction on how to use Cilium with Docker Compose: