[{"data":1,"prerenderedAt":1027},["ShallowReactive",2],{"blog-en-cilium-ebpf-kubernetes-networking":3,"blog-en-cilium-ebpf-kubernetes-networking-alt":772},{"id":4,"title":5,"author":6,"body":7,"date":1012,"description":1013,"extension":1014,"image":212,"locale":1015,"meta":1016,"navigation":772,"path":1017,"seo":1018,"stem":1019,"tags":1020,"__hash__":1026},"blog\u002Fblog\u002Fen\u002Fcilium-ebpf-kubernetes-networking.md","Revolutionizing Kubernetes Networking with Cilium and eBPF","Kubo Team",{"type":8,"value":9,"toc":995},"minimark",[10,28,33,36,45,74,83,91,95,104,192,201,206,330,337,341,352,356,627,634,638,650,654,684,690,694,704,708,740,744,843,847,921,924,931,935,938,970,979,991],[11,12,13,14,21,22,27],"p",{},"Kubernetes networking is inherently complex. Pod-to-pod communication, Service load balancing, and access control through NetworkPolicies have traditionally been handled by layers of iptables rules. ",[15,16,20],"a",{"href":17,"rel":18},"https:\u002F\u002Fcilium.io\u002F",[19],"nofollow","Cilium",", however, leverages eBPF (extended Berkeley Packet Filter) technology to fundamentally reshape this architecture. As a CNCF Graduated project, Cilium is a networking solution that scales from lightweight K3s-based platforms like ",[15,23,26],{"href":24,"rel":25},"https:\u002F\u002Fkubo.hexabase.io\u002F",[19],"Kubo"," to massive production clusters.",[29,30,32],"h2",{"id":31},"what-is-ebpf-programmable-extensions-for-the-linux-kernel","What Is eBPF: Programmable Extensions for the Linux Kernel",[11,34,35],{},"eBPF (extended Berkeley Packet Filter) is a technology that allows sandboxed programs to run inside the Linux kernel. It enables you to safely and efficiently inject custom logic into areas that previously required modifying kernel modules.",[11,37,38,39,44],{},"As the ",[15,40,43],{"href":41,"rel":42},"https:\u002F\u002Fgithub.com\u002Fcilium\u002Fcilium",[19],"Cilium project on GitHub"," explains, eBPF offers:",[46,47,48,56,62,68],"ul",{},[49,50,51,55],"li",{},[52,53,54],"strong",{},"High Performance",": Programs execute directly in kernel space, eliminating user-space context switching overhead",[49,57,58,61],{},[52,59,60],{},"Safety",": The eBPF Verifier validates programs before execution, preventing kernel crashes",[49,63,64,67],{},[52,65,66],{},"Dynamic Loading",": Programs can be added or modified without kernel restarts",[49,69,70,73],{},[52,71,72],{},"JIT Compilation",": Compiled to native machine code for optimal performance",[11,75,76,77,82],{},"Cilium is the leading implementation that applies eBPF to networking, security, and observability. As ",[15,78,81],{"href":79,"rel":80},"https:\u002F\u002Ftechcommunity.microsoft.com\u002Fblog\u002Fazurenetworkingblog\u002Fintroducing-ebpf-host-routing-high-performance-ai-networking-with-azure-cni-powe\u002F4468216",[19],"Microsoft's Azure CNI powered by Cilium"," demonstrates, major cloud providers have adopted Cilium for their managed Kubernetes offerings.",[11,84,85,90],{},[15,86,89],{"href":87,"rel":88},"https:\u002F\u002Fwww.hexabase.com\u002Fproduct\u002Fcaptain-ai\u002F",[19],"Captain.AI"," uses AI to analyze Kubernetes cluster network state and assist with performance optimization.",[29,92,94],{"id":93},"iptables-vs-ebpf-the-performance-difference","iptables vs eBPF: The Performance Difference",[11,96,97,98,103],{},"Traditional Kubernetes CNI plugins such as Calico and Flannel implement network policies and service routing using iptables rules. However, as the ",[15,99,102],{"href":100,"rel":101},"https:\u002F\u002Fblog.devops.dev\u002Fkubernetes-networking-explained-cni-ebpf-and-why-cilium-is-taking-over-c1fffb7b22c1",[19],"DevOps.dev analysis"," explains, this approach has fundamental scalability limitations.",[105,106,107,123],"table",{},[108,109,110],"thead",{},[111,112,113,117,120],"tr",{},[114,115,116],"th",{},"Aspect",[114,118,119],{},"iptables-based",[114,121,122],{},"Cilium (eBPF)",[124,125,126,138,149,160,171,181],"tbody",{},[111,127,128,132,135],{},[129,130,131],"td",{},"Rule evaluation",[129,133,134],{},"Linear scan (O(n))",[129,136,137],{},"Hash table lookup (O(1))",[111,139,140,143,146],{},[129,141,142],{},"Impact of Service growth",[129,144,145],{},"Latency increases proportionally",[129,147,148],{},"No impact",[111,150,151,154,157],{},[129,152,153],{},"NetworkPolicy",[129,155,156],{},"L3\u002FL4 only",[129,158,159],{},"L3\u002FL4\u002FL7 support",[111,161,162,165,168],{},[129,163,164],{},"Kernel-space processing",[129,166,167],{},"Limited",[129,169,170],{},"Full support",[111,172,173,176,178],{},[129,174,175],{},"Visibility",[129,177,167],{},[129,179,180],{},"Full observability via Hubble",[111,182,183,186,189],{},[129,184,185],{},"Throughput",[129,187,188],{},"Baseline",[129,190,191],{},"Up to 10x improvement",[11,193,194,195,200],{},"According to the ",[15,196,199],{"href":197,"rel":198},"https:\u002F\u002Fwww.gocodeo.com\u002Fpost\u002Fcilium-the-ebpf-based-revolution-in-kubernetes-networking-security-and-observability",[19],"Gocodeo analysis",", eBPF-based load balancing uses efficient hash tables that maintain low latency even at high service density. The difference becomes dramatic in large clusters with over 1,000 Services.",[202,203,205],"h3",{"id":204},"deploying-cilium","Deploying Cilium",[207,208,213],"pre",{"className":209,"code":210,"language":211,"meta":212,"style":212},"language-bash shiki shiki-themes tokyo-night","# Install Cilium with Helm\nhelm repo add cilium https:\u002F\u002Fhelm.cilium.io\u002F\nhelm install cilium cilium\u002Fcilium --version 1.16.5 \\\n  --namespace kube-system \\\n  --set kubeProxyReplacement=true \\\n  --set hubble.enabled=true \\\n  --set hubble.relay.enabled=true \\\n  --set hubble.ui.enabled=true\n","bash","",[214,215,216,225,245,270,281,295,307,319],"code",{"__ignoreMap":212},[217,218,221],"span",{"class":219,"line":220},"line",1,[217,222,224],{"class":223},"sbD-w","# Install Cilium with Helm\n",[217,226,228,232,236,239,242],{"class":219,"line":227},2,[217,229,231],{"class":230},"sE3pS","helm",[217,233,235],{"class":234},"sPY7s"," repo",[217,237,238],{"class":234}," add",[217,240,241],{"class":234}," cilium",[217,243,244],{"class":234}," https:\u002F\u002Fhelm.cilium.io\u002F\n",[217,246,248,250,253,255,258,262,266],{"class":219,"line":247},3,[217,249,231],{"class":230},[217,251,252],{"class":234}," install",[217,254,241],{"class":234},[217,256,257],{"class":234}," cilium\u002Fcilium",[217,259,261],{"class":260},"sT800"," --version",[217,263,265],{"class":264},"sOJ5S"," 1.16.5",[217,267,269],{"class":268},"sAklC"," \\\n",[217,271,273,276,279],{"class":219,"line":272},4,[217,274,275],{"class":260},"  --namespace",[217,277,278],{"class":234}," kube-system",[217,280,269],{"class":268},[217,282,284,287,290,293],{"class":219,"line":283},5,[217,285,286],{"class":260},"  --set",[217,288,289],{"class":234}," kubeProxyReplacement=",[217,291,292],{"class":264},"true",[217,294,269],{"class":268},[217,296,298,300,303,305],{"class":219,"line":297},6,[217,299,286],{"class":260},[217,301,302],{"class":234}," hubble.enabled=",[217,304,292],{"class":264},[217,306,269],{"class":268},[217,308,310,312,315,317],{"class":219,"line":309},7,[217,311,286],{"class":260},[217,313,314],{"class":234}," hubble.relay.enabled=",[217,316,292],{"class":264},[217,318,269],{"class":268},[217,320,322,324,327],{"class":219,"line":321},8,[217,323,286],{"class":260},[217,325,326],{"class":234}," hubble.ui.enabled=",[217,328,329],{"class":264},"true\n",[11,331,332,333,336],{},"Setting ",[214,334,335],{},"kubeProxyReplacement=true"," fully replaces kube-proxy with eBPF-based Service routing.",[29,338,340],{"id":339},"l7-network-policies-and-identity-based-security","L7 Network Policies and Identity-Based Security",[11,342,343,344,347,348,351],{},"Cilium's key differentiator is its ",[52,345,346],{},"L7 (application layer) network policies"," and ",[52,349,350],{},"identity-based security model",".",[202,353,355],{"id":354},"l7-policy-example","L7 Policy Example",[207,357,361],{"className":358,"code":359,"language":360,"meta":212,"style":212},"language-yaml shiki shiki-themes tokyo-night","apiVersion: cilium.io\u002Fv2\nkind: CiliumNetworkPolicy\nmetadata:\n  name: api-access-policy\nspec:\n  endpointSelector:\n    matchLabels:\n      app: api-server\n  ingress:\n  - fromEndpoints:\n    - matchLabels:\n        app: frontend\n    toPorts:\n    - ports:\n      - port: \"80\"\n        protocol: TCP\n      rules:\n        http:\n        - method: \"GET\"\n          path: \"\u002Fapi\u002Fv1\u002Fpublic\u002F.*\"\n        - method: \"POST\"\n          path: \"\u002Fapi\u002Fv1\u002Fdata\"\n          headers:\n          - 'content-type: application-json'\n","yaml",[214,362,363,375,385,393,403,410,417,424,434,442,454,465,476,484,494,514,525,533,541,559,574,590,604,612],{"__ignoreMap":212},[217,364,365,369,372],{"class":219,"line":220},[217,366,368],{"class":367},"s0U2E","apiVersion",[217,370,371],{"class":268},":",[217,373,374],{"class":234}," cilium.io\u002Fv2\n",[217,376,377,380,382],{"class":219,"line":227},[217,378,379],{"class":367},"kind",[217,381,371],{"class":268},[217,383,384],{"class":234}," CiliumNetworkPolicy\n",[217,386,387,390],{"class":219,"line":247},[217,388,389],{"class":367},"metadata",[217,391,392],{"class":268},":\n",[217,394,395,398,400],{"class":219,"line":272},[217,396,397],{"class":367},"  name",[217,399,371],{"class":268},[217,401,402],{"class":234}," api-access-policy\n",[217,404,405,408],{"class":219,"line":283},[217,406,407],{"class":367},"spec",[217,409,392],{"class":268},[217,411,412,415],{"class":219,"line":297},[217,413,414],{"class":367},"  endpointSelector",[217,416,392],{"class":268},[217,418,419,422],{"class":219,"line":309},[217,420,421],{"class":367},"    matchLabels",[217,423,392],{"class":268},[217,425,426,429,431],{"class":219,"line":321},[217,427,428],{"class":367},"      app",[217,430,371],{"class":268},[217,432,433],{"class":234}," api-server\n",[217,435,437,440],{"class":219,"line":436},9,[217,438,439],{"class":367},"  ingress",[217,441,392],{"class":268},[217,443,445,449,452],{"class":219,"line":444},10,[217,446,448],{"class":447},"sgJMe","  -",[217,450,451],{"class":367}," fromEndpoints",[217,453,392],{"class":268},[217,455,457,460,463],{"class":219,"line":456},11,[217,458,459],{"class":447},"    -",[217,461,462],{"class":367}," matchLabels",[217,464,392],{"class":268},[217,466,468,471,473],{"class":219,"line":467},12,[217,469,470],{"class":367},"        app",[217,472,371],{"class":268},[217,474,475],{"class":234}," frontend\n",[217,477,479,482],{"class":219,"line":478},13,[217,480,481],{"class":367},"    toPorts",[217,483,392],{"class":268},[217,485,487,489,492],{"class":219,"line":486},14,[217,488,459],{"class":447},[217,490,491],{"class":367}," ports",[217,493,392],{"class":268},[217,495,497,500,503,505,508,511],{"class":219,"line":496},15,[217,498,499],{"class":447},"      -",[217,501,502],{"class":367}," port",[217,504,371],{"class":268},[217,506,507],{"class":268}," \"",[217,509,510],{"class":234},"80",[217,512,513],{"class":268},"\"\n",[217,515,517,520,522],{"class":219,"line":516},16,[217,518,519],{"class":367},"        protocol",[217,521,371],{"class":268},[217,523,524],{"class":234}," TCP\n",[217,526,528,531],{"class":219,"line":527},17,[217,529,530],{"class":367},"      rules",[217,532,392],{"class":268},[217,534,536,539],{"class":219,"line":535},18,[217,537,538],{"class":367},"        http",[217,540,392],{"class":268},[217,542,544,547,550,552,554,557],{"class":219,"line":543},19,[217,545,546],{"class":447},"        -",[217,548,549],{"class":367}," method",[217,551,371],{"class":268},[217,553,507],{"class":268},[217,555,556],{"class":234},"GET",[217,558,513],{"class":268},[217,560,562,565,567,569,572],{"class":219,"line":561},20,[217,563,564],{"class":367},"          path",[217,566,371],{"class":268},[217,568,507],{"class":268},[217,570,571],{"class":234},"\u002Fapi\u002Fv1\u002Fpublic\u002F.*",[217,573,513],{"class":268},[217,575,577,579,581,583,585,588],{"class":219,"line":576},21,[217,578,546],{"class":447},[217,580,549],{"class":367},[217,582,371],{"class":268},[217,584,507],{"class":268},[217,586,587],{"class":234},"POST",[217,589,513],{"class":268},[217,591,593,595,597,599,602],{"class":219,"line":592},22,[217,594,564],{"class":367},[217,596,371],{"class":268},[217,598,507],{"class":268},[217,600,601],{"class":234},"\u002Fapi\u002Fv1\u002Fdata",[217,603,513],{"class":268},[217,605,607,610],{"class":219,"line":606},23,[217,608,609],{"class":367},"          headers",[217,611,392],{"class":268},[217,613,615,618,621,624],{"class":219,"line":614},24,[217,616,617],{"class":447},"          -",[217,619,620],{"class":268}," '",[217,622,623],{"class":234},"content-type: application-json",[217,625,626],{"class":268},"'\n",[11,628,629,630,633],{},"This example controls access from pods labeled ",[214,631,632],{},"frontend"," at the HTTP method and path level -- a granularity impossible with traditional NetworkPolicies.",[202,635,637],{"id":636},"identity-based-security","Identity-Based Security",[11,639,38,640,645,646,649],{},[15,641,644],{"href":642,"rel":643},"https:\u002F\u002Fcomputingforgeeks.com\u002Fcilium-ebpf-cni-kubernetes-production\u002F",[19],"ComputingForGeeks guide"," explains, Cilium applies security based on ",[52,647,648],{},"Kubernetes label-based identities"," rather than network addresses. In container environments where IP addresses change dynamically, this approach is ideal.",[202,651,653],{"id":652},"multi-cluster-connectivity-with-clustermesh","Multi-Cluster Connectivity with ClusterMesh",[207,655,657],{"className":358,"code":656,"language":360,"meta":212,"style":212},"# Enable ClusterMesh\nhelm upgrade cilium cilium\u002Fcilium \\\n  --set cluster.name=cluster-1 \\\n  --set cluster.id=1 \\\n  --set clustermesh.useAPIServer=true\n",[214,658,659,664,669,674,679],{"__ignoreMap":212},[217,660,661],{"class":219,"line":220},[217,662,663],{"class":223},"# Enable ClusterMesh\n",[217,665,666],{"class":219,"line":227},[217,667,668],{"class":234},"helm upgrade cilium cilium\u002Fcilium \\\n",[217,670,671],{"class":219,"line":247},[217,672,673],{"class":234},"  --set cluster.name=cluster-1 \\\n",[217,675,676],{"class":219,"line":272},[217,677,678],{"class":234},"  --set cluster.id=1 \\\n",[217,680,681],{"class":219,"line":283},[217,682,683],{"class":234},"  --set clustermesh.useAPIServer=true\n",[11,685,686,687,351],{},"Cilium ClusterMesh enables seamless, secure communication across multiple Kubernetes clusters. This is a powerful solution for multi-cluster deployments on ",[15,688,26],{"href":24,"rel":689},[19],[29,691,693],{"id":692},"network-observability-with-hubble","Network Observability with Hubble",[11,695,696,699,700,703],{},[52,697,698],{},"Hubble",", built into ",[15,701,20],{"href":17,"rel":702},[19],", is a powerful network observability tool that leverages eBPF.",[202,705,707],{"id":706},"what-hubble-provides","What Hubble Provides",[46,709,710,716,722,728,734],{},[49,711,712,715],{},[52,713,714],{},"Flow Logs",": Real-time recording of all network flows between pods",[49,717,718,721],{},[52,719,720],{},"L7 Protocol Visibility",": Detailed HTTP, gRPC, and Kafka request\u002Fresponse data",[49,723,724,727],{},[52,725,726],{},"NetworkPolicy Enforcement Results",": Visualization of allowed\u002Fdenied flows per policy",[49,729,730,733],{},[52,731,732],{},"DNS Query Logs",": Tracking of DNS requests within the cluster",[49,735,736,739],{},[52,737,738],{},"Service Maps",": Automatic generation of pod dependency graphs",[202,741,743],{"id":742},"hubble-cli-usage","Hubble CLI Usage",[207,745,747],{"className":209,"code":746,"language":211,"meta":212,"style":212},"# Monitor flows in a specific namespace\nhubble observe --namespace production\n\n# Filter HTTP requests only\nhubble observe --protocol http --namespace production\n\n# View dropped flows\nhubble observe --verdict DROPPED\n\n# Display service map\nhubble observe --output json | hubble-ui\n",[214,748,749,754,768,774,779,795,799,804,816,820,825],{"__ignoreMap":212},[217,750,751],{"class":219,"line":220},[217,752,753],{"class":223},"# Monitor flows in a specific namespace\n",[217,755,756,759,762,765],{"class":219,"line":227},[217,757,758],{"class":230},"hubble",[217,760,761],{"class":234}," observe",[217,763,764],{"class":260}," --namespace",[217,766,767],{"class":234}," production\n",[217,769,770],{"class":219,"line":247},[217,771,773],{"emptyLinePlaceholder":772},true,"\n",[217,775,776],{"class":219,"line":272},[217,777,778],{"class":223},"# Filter HTTP requests only\n",[217,780,781,783,785,788,791,793],{"class":219,"line":283},[217,782,758],{"class":230},[217,784,761],{"class":234},[217,786,787],{"class":260}," --protocol",[217,789,790],{"class":234}," http",[217,792,764],{"class":260},[217,794,767],{"class":234},[217,796,797],{"class":219,"line":297},[217,798,773],{"emptyLinePlaceholder":772},[217,800,801],{"class":219,"line":309},[217,802,803],{"class":223},"# View dropped flows\n",[217,805,806,808,810,813],{"class":219,"line":321},[217,807,758],{"class":230},[217,809,761],{"class":234},[217,811,812],{"class":260}," --verdict",[217,814,815],{"class":234}," DROPPED\n",[217,817,818],{"class":219,"line":436},[217,819,773],{"emptyLinePlaceholder":772},[217,821,822],{"class":219,"line":444},[217,823,824],{"class":223},"# Display service map\n",[217,826,827,829,831,834,837,840],{"class":219,"line":456},[217,828,758],{"class":230},[217,830,761],{"class":234},[217,832,833],{"class":260}," --output",[217,835,836],{"class":234}," json",[217,838,839],{"class":268}," |",[217,841,842],{"class":230}," hubble-ui\n",[202,844,846],{"id":845},"hubble-metrics-with-prometheus-integration","Hubble Metrics with Prometheus Integration",[207,848,850],{"className":358,"code":849,"language":360,"meta":212,"style":212},"hubble:\n  metrics:\n    enabled:\n    - dns\n    - drop\n    - tcp\n    - flow\n    - port-distribution\n    - icmp\n    - httpV2:exemplars=true;labelsContext=source_ip,source_namespace,destination_ip,destination_namespace\n",[214,851,852,858,865,872,879,886,893,900,907,914],{"__ignoreMap":212},[217,853,854,856],{"class":219,"line":220},[217,855,758],{"class":367},[217,857,392],{"class":268},[217,859,860,863],{"class":219,"line":227},[217,861,862],{"class":367},"  metrics",[217,864,392],{"class":268},[217,866,867,870],{"class":219,"line":247},[217,868,869],{"class":367},"    enabled",[217,871,392],{"class":268},[217,873,874,876],{"class":219,"line":272},[217,875,459],{"class":447},[217,877,878],{"class":234}," dns\n",[217,880,881,883],{"class":219,"line":283},[217,882,459],{"class":447},[217,884,885],{"class":234}," drop\n",[217,887,888,890],{"class":219,"line":297},[217,889,459],{"class":447},[217,891,892],{"class":234}," tcp\n",[217,894,895,897],{"class":219,"line":309},[217,896,459],{"class":447},[217,898,899],{"class":234}," flow\n",[217,901,902,904],{"class":219,"line":321},[217,903,459],{"class":447},[217,905,906],{"class":234}," port-distribution\n",[217,908,909,911],{"class":219,"line":436},[217,910,459],{"class":447},[217,912,913],{"class":234}," icmp\n",[217,915,916,918],{"class":219,"line":444},[217,917,459],{"class":447},[217,919,920],{"class":234}," httpV2:exemplars=true;labelsContext=source_ip,source_namespace,destination_ip,destination_namespace\n",[11,922,923],{},"Scrape these metrics with Prometheus and visualize in Grafana for complete network-level observability.",[11,925,926,927,930],{},"Combining ",[15,928,89],{"href":87,"rel":929},[19]," with Hubble data enables AI to automatically detect anomalous network patterns and suggest remediation.",[29,932,934],{"id":933},"conclusion","Conclusion",[11,936,937],{},"Cilium and eBPF represent the new standard for Kubernetes networking. The key takeaways from this article are:",[939,940,941,947,953,959,965],"ol",{},[49,942,943,946],{},[52,944,945],{},"eBPF"," executes programs within the kernel, delivering performance and security beyond iptables",[49,948,949,952],{},[52,950,951],{},"Up to 10x throughput improvement"," over iptables with scalability independent of Service count",[49,954,955,958],{},[52,956,957],{},"L7 network policies"," enable HTTP method and path-level access control",[49,960,961,964],{},[52,962,963],{},"Identity-based security"," provides the optimal security model for dynamic pod environments",[49,966,967,969],{},[52,968,698],{}," delivers flow logs, L7 protocol visibility, and service maps",[11,971,972,975,976,351],{},[15,973,26],{"href":24,"rel":974},[19]," is built on K3s with strong affinity for the CNCF ecosystem, and Cilium deployment enables a lightweight yet high-performance networking foundation. If you are looking to strengthen Kubernetes networking and security, explore ",[15,977,26],{"href":24,"rel":978},[19],[11,980,981,982,985,986,351],{},"For AI-powered Kubernetes operations, see ",[15,983,89],{"href":87,"rel":984},[19]," for details. For consultations, reach out through our ",[15,987,990],{"href":988,"rel":989},"https:\u002F\u002Fwww.hexabase.com\u002Fcontact-us\u002F",[19],"contact page",[992,993,994],"style",{},"html pre.shiki code .sbD-w, html code.shiki .sbD-w{--shiki-default:#51597D;--shiki-default-font-style:italic}html pre.shiki code .sE3pS, html code.shiki .sE3pS{--shiki-default:#C0CAF5}html pre.shiki code .sPY7s, html code.shiki .sPY7s{--shiki-default:#9ECE6A}html pre.shiki code .sT800, html code.shiki .sT800{--shiki-default:#E0AF68}html pre.shiki code .sOJ5S, html code.shiki .sOJ5S{--shiki-default:#FF9E64}html pre.shiki code .sAklC, html code.shiki .sAklC{--shiki-default:#89DDFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .s0U2E, html code.shiki .s0U2E{--shiki-default:#F7768E}html pre.shiki code .sgJMe, html code.shiki .sgJMe{--shiki-default:#9ABDF5}",{"title":212,"searchDepth":227,"depth":227,"links":996},[997,998,1001,1006,1011],{"id":31,"depth":227,"text":32},{"id":93,"depth":227,"text":94,"children":999},[1000],{"id":204,"depth":247,"text":205},{"id":339,"depth":227,"text":340,"children":1002},[1003,1004,1005],{"id":354,"depth":247,"text":355},{"id":636,"depth":247,"text":637},{"id":652,"depth":247,"text":653},{"id":692,"depth":227,"text":693,"children":1007},[1008,1009,1010],{"id":706,"depth":247,"text":707},{"id":742,"depth":247,"text":743},{"id":845,"depth":247,"text":846},{"id":933,"depth":227,"text":934},"2026-05-27","Discover how Cilium uses eBPF to transform Kubernetes networking. Compare with traditional CNIs, explore L7 policies, and leverage Hubble for observability.","md","en",{},"\u002Fblog\u002Fen\u002Fcilium-ebpf-kubernetes-networking",{"title":5,"description":1013},"blog\u002Fen\u002Fcilium-ebpf-kubernetes-networking",[20,945,1021,1022,1023,1024,1025,698],"Kubernetes","Networking","CNI","CNCF","Security","kwJEyBLhnVrZh7deVOSWUwJqQ4LRa5RgIpPsUR2tqdE",1779964618733]