[{"data":1,"prerenderedAt":1023},["ShallowReactive",2],{"blog-ja-cilium-ebpf-kubernetes-networking":3,"blog-ja-cilium-ebpf-kubernetes-networking-alt":769},{"id":4,"title":5,"author":6,"body":7,"date":1008,"description":1009,"extension":1010,"image":210,"locale":1011,"meta":1012,"navigation":769,"path":1013,"seo":1014,"stem":1015,"tags":1016,"__hash__":1022},"blog\u002Fblog\u002Fja\u002Fcilium-ebpf-kubernetes-networking.md","Cilium と eBPF で Kubernetes ネットワーキングを革新する","Kubo Team",{"type":8,"value":9,"toc":991},"minimark",[10,28,33,36,44,73,82,90,94,103,191,199,204,328,334,338,349,353,624,631,634,646,650,680,687,691,701,705,737,741,840,844,918,921,927,930,933,964,974,987],[11,12,13,14,21,22,27],"p",{},"Kubernetes のネットワーキングは複雑です。Pod 間通信、Service のロードバランシング、NetworkPolicy によるアクセス制御 -- これらすべてが iptables ルールの積み重ねで処理されてきました。しかし、",[15,16,20],"a",{"href":17,"rel":18},"https:\u002F\u002Fcilium.io\u002F",[19],"nofollow","Cilium"," は eBPF（extended Berkeley Packet Filter）技術を活用して、この構造を根本から変革しています。CNCF Graduated プロジェクトとして認定された Cilium は、",[15,23,26],{"href":24,"rel":25},"https:\u002F\u002Fkubo.hexabase.io\u002F",[19],"Kubo"," のような K3s ベースのプラットフォームから大規模クラスタまで、あらゆる Kubernetes 環境に適用できるネットワーキングソリューションです。",[29,30,32],"h2",{"id":31},"ebpf-とは何かlinux-カーネルのプログラマブル拡張","eBPF とは何か：Linux カーネルのプログラマブル拡張",[11,34,35],{},"eBPF（extended Berkeley Packet Filter）は、Linux カーネル内でサンドボックス化されたプログラムを実行する技術です。従来はカーネルモジュールを変更するしかなかった領域に、安全かつ効率的にカスタムロジックを注入できます。",[11,37,38,43],{},[15,39,42],{"href":40,"rel":41},"https:\u002F\u002Fgithub.com\u002Fcilium\u002Fcilium",[19],"GitHub 上の Cilium プロジェクト","が説明するように、eBPF には以下の特長があります：",[45,46,47,55,61,67],"ul",{},[48,49,50,54],"li",{},[51,52,53],"strong",{},"高性能",": カーネル空間で直接実行されるため、ユーザー空間との切り替えコストがない",[48,56,57,60],{},[51,58,59],{},"安全性",": eBPF Verifier がプログラムを実行前に検証し、カーネルクラッシュを防止",[48,62,63,66],{},[51,64,65],{},"動的ロード",": カーネルの再起動なしにプログラムの追加・変更が可能",[48,68,69,72],{},[51,70,71],{},"JIT コンパイル",": ネイティブマシンコードにコンパイルされ、最適なパフォーマンスを実現",[11,74,75,76,81],{},"Cilium は、この eBPF をネットワーキング、セキュリティ、オブザーバビリティに適用した最先端の実装です。",[15,77,80],{"href":78,"rel":79},"https:\u002F\u002Ftechcommunity.microsoft.com\u002Fblog\u002Fazurenetworkingblog\u002Fintroducing-ebpf-host-routing-high-performance-ai-networking-with-azure-cni-powe\u002F4468216",[19],"Microsoft の Azure CNI powered by Cilium"," が示すように、大手クラウドプロバイダーも Cilium を採用しています。",[11,83,84,89],{},[15,85,88],{"href":86,"rel":87},"https:\u002F\u002Fwww.hexabase.com\u002Fproduct\u002Fcaptain-ai\u002F",[19],"Captain.AI"," は Kubernetes クラスタのネットワーク状態を AI で分析し、パフォーマンスの最適化を支援します。",[29,91,93],{"id":92},"iptables-vs-ebpfパフォーマンスの違い","iptables vs eBPF：パフォーマンスの違い",[11,95,96,97,102],{},"従来の Kubernetes CNI プラグイン（Calico、Flannel など）は、ネットワークポリシーとサービスルーティングを iptables ルールで実装してきました。しかし、",[15,98,101],{"href":99,"rel":100},"https:\u002F\u002Fblog.devops.dev\u002Fkubernetes-networking-explained-cni-ebpf-and-why-cilium-is-taking-over-c1fffb7b22c1",[19],"DevOps.dev の詳細記事","が指摘するように、この方式にはスケーラビリティの限界があります。",[104,105,106,122],"table",{},[107,108,109],"thead",{},[110,111,112,116,119],"tr",{},[113,114,115],"th",{},"項目",[113,117,118],{},"iptables ベース",[113,120,121],{},"Cilium (eBPF)",[123,124,125,137,148,159,170,180],"tbody",{},[110,126,127,131,134],{},[128,129,130],"td",{},"ルール評価",[128,132,133],{},"線形走査（O(n)）",[128,135,136],{},"ハッシュテーブル（O(1)）",[110,138,139,142,145],{},[128,140,141],{},"Service 数増加時の影響",[128,143,144],{},"ルール数に比例して遅延増大",[128,146,147],{},"影響なし",[110,149,150,153,156],{},[128,151,152],{},"NetworkPolicy",[128,154,155],{},"L3\u002FL4 のみ",[128,157,158],{},"L3\u002FL4\u002FL7 対応",[110,160,161,164,167],{},[128,162,163],{},"カーネル空間処理",[128,165,166],{},"限定的",[128,168,169],{},"完全対応",[110,171,172,175,177],{},[128,173,174],{},"可視性",[128,176,166],{},[128,178,179],{},"Hubble によるフル可観測性",[110,181,182,185,188],{},[128,183,184],{},"スループット",[128,186,187],{},"ベースライン",[128,189,190],{},"最大 10 倍向上",[11,192,193,198],{},[15,194,197],{"href":195,"rel":196},"https:\u002F\u002Fwww.gocodeo.com\u002Fpost\u002Fcilium-the-ebpf-based-revolution-in-kubernetes-networking-security-and-observability",[19],"Gocodeo の解説","によると、eBPF ベースのロードバランシングは効率的なハッシュテーブルを使用しており、高いサービス密度でも低レイテンシを維持できます。特に Service 数が 1,000 を超えるような大規模クラスタでは、その差は歴然です。",[200,201,203],"h3",{"id":202},"cilium-のデプロイ","Cilium のデプロイ",[205,206,211],"pre",{"className":207,"code":208,"language":209,"meta":210,"style":210},"language-bash shiki shiki-themes tokyo-night","# Helm による Cilium のインストール\nhelm repo add cilium https:\u002F\u002Fhelm.cilium.io\u002F\nhelm install cilium cilium\u002Fcilium --version 1.16.5 \\\n  --namespace kube-system \\\n  --set kubeProxyReplacement=true \\\n  --set hubble.enabled=true \\\n  --set hubble.relay.enabled=true \\\n  --set hubble.ui.enabled=true\n","bash","",[212,213,214,223,243,268,279,293,305,317],"code",{"__ignoreMap":210},[215,216,219],"span",{"class":217,"line":218},"line",1,[215,220,222],{"class":221},"sbD-w","# Helm による Cilium のインストール\n",[215,224,226,230,234,237,240],{"class":217,"line":225},2,[215,227,229],{"class":228},"sE3pS","helm",[215,231,233],{"class":232},"sPY7s"," repo",[215,235,236],{"class":232}," add",[215,238,239],{"class":232}," cilium",[215,241,242],{"class":232}," https:\u002F\u002Fhelm.cilium.io\u002F\n",[215,244,246,248,251,253,256,260,264],{"class":217,"line":245},3,[215,247,229],{"class":228},[215,249,250],{"class":232}," install",[215,252,239],{"class":232},[215,254,255],{"class":232}," cilium\u002Fcilium",[215,257,259],{"class":258},"sT800"," --version",[215,261,263],{"class":262},"sOJ5S"," 1.16.5",[215,265,267],{"class":266},"sAklC"," \\\n",[215,269,271,274,277],{"class":217,"line":270},4,[215,272,273],{"class":258},"  --namespace",[215,275,276],{"class":232}," kube-system",[215,278,267],{"class":266},[215,280,282,285,288,291],{"class":217,"line":281},5,[215,283,284],{"class":258},"  --set",[215,286,287],{"class":232}," kubeProxyReplacement=",[215,289,290],{"class":262},"true",[215,292,267],{"class":266},[215,294,296,298,301,303],{"class":217,"line":295},6,[215,297,284],{"class":258},[215,299,300],{"class":232}," hubble.enabled=",[215,302,290],{"class":262},[215,304,267],{"class":266},[215,306,308,310,313,315],{"class":217,"line":307},7,[215,309,284],{"class":258},[215,311,312],{"class":232}," hubble.relay.enabled=",[215,314,290],{"class":262},[215,316,267],{"class":266},[215,318,320,322,325],{"class":217,"line":319},8,[215,321,284],{"class":258},[215,323,324],{"class":232}," hubble.ui.enabled=",[215,326,327],{"class":262},"true\n",[11,329,330,333],{},[212,331,332],{},"kubeProxyReplacement=true"," を設定すると、kube-proxy を完全に置き換え、eBPF ベースの Service ルーティングを有効にします。",[29,335,337],{"id":336},"l7-ネットワークポリシーとアイデンティティベースセキュリティ","L7 ネットワークポリシーとアイデンティティベースセキュリティ",[11,339,340,341,344,345,348],{},"Cilium の最大の差別化ポイントは、",[51,342,343],{},"L7（アプリケーション層）まで対応したネットワークポリシー","と",[51,346,347],{},"アイデンティティベースのセキュリティモデル","です。",[200,350,352],{"id":351},"l7-ポリシーの例","L7 ポリシーの例",[205,354,358],{"className":355,"code":356,"language":357,"meta":210,"style":210},"language-yaml shiki shiki-themes tokyo-night","apiVersion: cilium.io\u002Fv2\nkind: CiliumNetworkPolicy\nmetadata:\n  name: api-access-policy\nspec:\n  endpointSelector:\n    matchLabels:\n      app: api-server\n  ingress:\n  - fromEndpoints:\n    - matchLabels:\n        app: frontend\n    toPorts:\n    - ports:\n      - port: \"80\"\n        protocol: TCP\n      rules:\n        http:\n        - method: \"GET\"\n          path: \"\u002Fapi\u002Fv1\u002Fpublic\u002F.*\"\n        - method: \"POST\"\n          path: \"\u002Fapi\u002Fv1\u002Fdata\"\n          headers:\n          - 'content-type: application-json'\n","yaml",[212,359,360,372,382,390,400,407,414,421,431,439,451,462,473,481,491,511,522,530,538,556,571,587,601,609],{"__ignoreMap":210},[215,361,362,366,369],{"class":217,"line":218},[215,363,365],{"class":364},"s0U2E","apiVersion",[215,367,368],{"class":266},":",[215,370,371],{"class":232}," cilium.io\u002Fv2\n",[215,373,374,377,379],{"class":217,"line":225},[215,375,376],{"class":364},"kind",[215,378,368],{"class":266},[215,380,381],{"class":232}," CiliumNetworkPolicy\n",[215,383,384,387],{"class":217,"line":245},[215,385,386],{"class":364},"metadata",[215,388,389],{"class":266},":\n",[215,391,392,395,397],{"class":217,"line":270},[215,393,394],{"class":364},"  name",[215,396,368],{"class":266},[215,398,399],{"class":232}," api-access-policy\n",[215,401,402,405],{"class":217,"line":281},[215,403,404],{"class":364},"spec",[215,406,389],{"class":266},[215,408,409,412],{"class":217,"line":295},[215,410,411],{"class":364},"  endpointSelector",[215,413,389],{"class":266},[215,415,416,419],{"class":217,"line":307},[215,417,418],{"class":364},"    matchLabels",[215,420,389],{"class":266},[215,422,423,426,428],{"class":217,"line":319},[215,424,425],{"class":364},"      app",[215,427,368],{"class":266},[215,429,430],{"class":232}," api-server\n",[215,432,434,437],{"class":217,"line":433},9,[215,435,436],{"class":364},"  ingress",[215,438,389],{"class":266},[215,440,442,446,449],{"class":217,"line":441},10,[215,443,445],{"class":444},"sgJMe","  -",[215,447,448],{"class":364}," fromEndpoints",[215,450,389],{"class":266},[215,452,454,457,460],{"class":217,"line":453},11,[215,455,456],{"class":444},"    -",[215,458,459],{"class":364}," matchLabels",[215,461,389],{"class":266},[215,463,465,468,470],{"class":217,"line":464},12,[215,466,467],{"class":364},"        app",[215,469,368],{"class":266},[215,471,472],{"class":232}," frontend\n",[215,474,476,479],{"class":217,"line":475},13,[215,477,478],{"class":364},"    toPorts",[215,480,389],{"class":266},[215,482,484,486,489],{"class":217,"line":483},14,[215,485,456],{"class":444},[215,487,488],{"class":364}," ports",[215,490,389],{"class":266},[215,492,494,497,500,502,505,508],{"class":217,"line":493},15,[215,495,496],{"class":444},"      -",[215,498,499],{"class":364}," port",[215,501,368],{"class":266},[215,503,504],{"class":266}," \"",[215,506,507],{"class":232},"80",[215,509,510],{"class":266},"\"\n",[215,512,514,517,519],{"class":217,"line":513},16,[215,515,516],{"class":364},"        protocol",[215,518,368],{"class":266},[215,520,521],{"class":232}," TCP\n",[215,523,525,528],{"class":217,"line":524},17,[215,526,527],{"class":364},"      rules",[215,529,389],{"class":266},[215,531,533,536],{"class":217,"line":532},18,[215,534,535],{"class":364},"        http",[215,537,389],{"class":266},[215,539,541,544,547,549,551,554],{"class":217,"line":540},19,[215,542,543],{"class":444},"        -",[215,545,546],{"class":364}," method",[215,548,368],{"class":266},[215,550,504],{"class":266},[215,552,553],{"class":232},"GET",[215,555,510],{"class":266},[215,557,559,562,564,566,569],{"class":217,"line":558},20,[215,560,561],{"class":364},"          path",[215,563,368],{"class":266},[215,565,504],{"class":266},[215,567,568],{"class":232},"\u002Fapi\u002Fv1\u002Fpublic\u002F.*",[215,570,510],{"class":266},[215,572,574,576,578,580,582,585],{"class":217,"line":573},21,[215,575,543],{"class":444},[215,577,546],{"class":364},[215,579,368],{"class":266},[215,581,504],{"class":266},[215,583,584],{"class":232},"POST",[215,586,510],{"class":266},[215,588,590,592,594,596,599],{"class":217,"line":589},22,[215,591,561],{"class":364},[215,593,368],{"class":266},[215,595,504],{"class":266},[215,597,598],{"class":232},"\u002Fapi\u002Fv1\u002Fdata",[215,600,510],{"class":266},[215,602,604,607],{"class":217,"line":603},23,[215,605,606],{"class":364},"          headers",[215,608,389],{"class":266},[215,610,612,615,618,621],{"class":217,"line":611},24,[215,613,614],{"class":444},"          -",[215,616,617],{"class":266}," '",[215,619,620],{"class":232},"content-type: application-json",[215,622,623],{"class":266},"'\n",[11,625,626,627,630],{},"この例では、",[212,628,629],{},"frontend"," ラベルを持つ Pod からの HTTP リクエストに対して、メソッドとパスレベルでアクセスを制御しています。従来の NetworkPolicy では不可能だった粒度の細かい制御です。",[200,632,633],{"id":633},"アイデンティティベースセキュリティ",[11,635,636,641,642,645],{},[15,637,640],{"href":638,"rel":639},"https:\u002F\u002Fcomputingforgeeks.com\u002Fcilium-ebpf-cni-kubernetes-production\u002F",[19],"ComputingForGeeks のガイド","が説明するように、Cilium はネットワークアドレスではなく ",[51,643,644],{},"Kubernetes のラベルに基づくアイデンティティ"," でセキュリティを適用します。IP アドレスが動的に変わるコンテナ環境では、この方式が理想的です。",[200,647,649],{"id":648},"clustermesh-によるマルチクラスタ接続","ClusterMesh によるマルチクラスタ接続",[205,651,653],{"className":355,"code":652,"language":357,"meta":210,"style":210},"# ClusterMesh の有効化\nhelm upgrade cilium cilium\u002Fcilium \\\n  --set cluster.name=cluster-1 \\\n  --set cluster.id=1 \\\n  --set clustermesh.useAPIServer=true\n",[212,654,655,660,665,670,675],{"__ignoreMap":210},[215,656,657],{"class":217,"line":218},[215,658,659],{"class":221},"# ClusterMesh の有効化\n",[215,661,662],{"class":217,"line":225},[215,663,664],{"class":232},"helm upgrade cilium cilium\u002Fcilium \\\n",[215,666,667],{"class":217,"line":245},[215,668,669],{"class":232},"  --set cluster.name=cluster-1 \\\n",[215,671,672],{"class":217,"line":270},[215,673,674],{"class":232},"  --set cluster.id=1 \\\n",[215,676,677],{"class":217,"line":281},[215,678,679],{"class":232},"  --set clustermesh.useAPIServer=true\n",[11,681,682,683,686],{},"Cilium ClusterMesh を使えば、複数の Kubernetes クラスタ間でシームレスかつ安全な通信が可能になります。",[15,684,26],{"href":24,"rel":685},[19]," で複数クラスタを運用する場合にも強力なソリューションです。",[29,688,690],{"id":689},"hubble-によるネットワーク可観測性","Hubble によるネットワーク可観測性",[11,692,693,696,697,700],{},[15,694,20],{"href":17,"rel":695},[19]," に内蔵された ",[51,698,699],{},"Hubble"," は、eBPF を活用した強力なネットワーク可観測性ツールです。",[200,702,704],{"id":703},"hubble-が提供する情報","Hubble が提供する情報",[45,706,707,713,719,725,731],{},[48,708,709,712],{},[51,710,711],{},"フローログ",": Pod 間のすべてのネットワークフローをリアルタイムで記録",[48,714,715,718],{},[51,716,717],{},"L7 プロトコル可視化",": HTTP、gRPC、Kafka 等のリクエスト\u002Fレスポンスの詳細",[48,720,721,724],{},[51,722,723],{},"NetworkPolicy の適用結果",": ポリシーによって許可\u002F拒否されたフローの可視化",[48,726,727,730],{},[51,728,729],{},"DNS クエリログ",": クラスタ内の DNS リクエストの追跡",[48,732,733,736],{},[51,734,735],{},"サービスマップ",": Pod 間の依存関係を自動生成",[200,738,740],{"id":739},"hubble-cli-の活用","Hubble CLI の活用",[205,742,744],{"className":207,"code":743,"language":209,"meta":210,"style":210},"# 特定 Namespace のフローを監視\nhubble observe --namespace production\n\n# HTTP リクエストのみをフィルタ\nhubble observe --protocol http --namespace production\n\n# 拒否されたフローを確認\nhubble observe --verdict DROPPED\n\n# サービスマップの表示\nhubble observe --output json | hubble-ui\n",[212,745,746,751,765,771,776,792,796,801,813,817,822],{"__ignoreMap":210},[215,747,748],{"class":217,"line":218},[215,749,750],{"class":221},"# 特定 Namespace のフローを監視\n",[215,752,753,756,759,762],{"class":217,"line":225},[215,754,755],{"class":228},"hubble",[215,757,758],{"class":232}," observe",[215,760,761],{"class":258}," --namespace",[215,763,764],{"class":232}," production\n",[215,766,767],{"class":217,"line":245},[215,768,770],{"emptyLinePlaceholder":769},true,"\n",[215,772,773],{"class":217,"line":270},[215,774,775],{"class":221},"# HTTP リクエストのみをフィルタ\n",[215,777,778,780,782,785,788,790],{"class":217,"line":281},[215,779,755],{"class":228},[215,781,758],{"class":232},[215,783,784],{"class":258}," --protocol",[215,786,787],{"class":232}," http",[215,789,761],{"class":258},[215,791,764],{"class":232},[215,793,794],{"class":217,"line":295},[215,795,770],{"emptyLinePlaceholder":769},[215,797,798],{"class":217,"line":307},[215,799,800],{"class":221},"# 拒否されたフローを確認\n",[215,802,803,805,807,810],{"class":217,"line":319},[215,804,755],{"class":228},[215,806,758],{"class":232},[215,808,809],{"class":258}," --verdict",[215,811,812],{"class":232}," DROPPED\n",[215,814,815],{"class":217,"line":433},[215,816,770],{"emptyLinePlaceholder":769},[215,818,819],{"class":217,"line":441},[215,820,821],{"class":221},"# サービスマップの表示\n",[215,823,824,826,828,831,834,837],{"class":217,"line":453},[215,825,755],{"class":228},[215,827,758],{"class":232},[215,829,830],{"class":258}," --output",[215,832,833],{"class":232}," json",[215,835,836],{"class":266}," |",[215,838,839],{"class":228}," hubble-ui\n",[200,841,843],{"id":842},"hubble-metrics-の-prometheus-連携","Hubble Metrics の Prometheus 連携",[205,845,847],{"className":355,"code":846,"language":357,"meta":210,"style":210},"hubble:\n  metrics:\n    enabled:\n    - dns\n    - drop\n    - tcp\n    - flow\n    - port-distribution\n    - icmp\n    - httpV2:exemplars=true;labelsContext=source_ip,source_namespace,destination_ip,destination_namespace\n",[212,848,849,855,862,869,876,883,890,897,904,911],{"__ignoreMap":210},[215,850,851,853],{"class":217,"line":218},[215,852,755],{"class":364},[215,854,389],{"class":266},[215,856,857,860],{"class":217,"line":225},[215,858,859],{"class":364},"  metrics",[215,861,389],{"class":266},[215,863,864,867],{"class":217,"line":245},[215,865,866],{"class":364},"    enabled",[215,868,389],{"class":266},[215,870,871,873],{"class":217,"line":270},[215,872,456],{"class":444},[215,874,875],{"class":232}," dns\n",[215,877,878,880],{"class":217,"line":281},[215,879,456],{"class":444},[215,881,882],{"class":232}," drop\n",[215,884,885,887],{"class":217,"line":295},[215,886,456],{"class":444},[215,888,889],{"class":232}," tcp\n",[215,891,892,894],{"class":217,"line":307},[215,893,456],{"class":444},[215,895,896],{"class":232}," flow\n",[215,898,899,901],{"class":217,"line":319},[215,900,456],{"class":444},[215,902,903],{"class":232}," port-distribution\n",[215,905,906,908],{"class":217,"line":433},[215,907,456],{"class":444},[215,909,910],{"class":232}," icmp\n",[215,912,913,915],{"class":217,"line":441},[215,914,456],{"class":444},[215,916,917],{"class":232}," httpV2:exemplars=true;labelsContext=source_ip,source_namespace,destination_ip,destination_namespace\n",[11,919,920],{},"これらのメトリクスを Prometheus でスクレイプし、Grafana で可視化することで、ネットワークレベルの完全なオブザーバビリティが実現します。",[11,922,923,926],{},[15,924,88],{"href":86,"rel":925},[19]," とHubble のデータを組み合わせることで、AI がネットワークの異常パターンを自動的に検出し、対処を提案するワークフローの構築が可能です。",[29,928,929],{"id":929},"まとめ",[11,931,932],{},"Cilium と eBPF は、Kubernetes ネットワーキングの新しいスタンダードです。本記事のポイントをまとめると：",[934,935,936,942,948,954,959],"ol",{},[48,937,938,941],{},[51,939,940],{},"eBPF"," はカーネル内でプログラムを実行し、iptables を超えるパフォーマンスとセキュリティを実現",[48,943,944,947],{},[51,945,946],{},"iptables 比で最大 10 倍のスループット向上","と、Service 数に依存しないスケーラビリティ",[48,949,950,953],{},[51,951,952],{},"L7 ネットワークポリシー","で HTTP メソッド・パスレベルのアクセス制御が可能",[48,955,956,958],{},[51,957,633],{},"で動的な Pod 環境に最適なセキュリティモデル",[48,960,961,963],{},[51,962,699],{}," によるフローログ、L7 プロトコル可視化、サービスマップ",[11,965,966,969,970,973],{},[15,967,26],{"href":24,"rel":968},[19]," は K3s ベースで CNCF エコシステムとの高い親和性を持ち、Cilium の導入により軽量かつ高性能なネットワーキング基盤を構築できます。Kubernetes のネットワーキングとセキュリティの強化に取り組む方は、ぜひ ",[15,971,26],{"href":24,"rel":972},[19]," をご検討ください。",[11,975,976,977,980,981,986],{},"AI による Kubernetes 運用の高度化に興味がある方は、",[15,978,88],{"href":86,"rel":979},[19]," の詳細をご覧ください。導入のご相談は",[15,982,985],{"href":983,"rel":984},"https:\u002F\u002Fwww.hexabase.com\u002Fcontact-us\u002F",[19],"お問い合わせ","からお気軽にどうぞ。",[988,989,990],"style",{},"html pre.shiki code .sbD-w, html code.shiki .sbD-w{--shiki-default:#51597D;--shiki-default-font-style:italic}html pre.shiki code .sE3pS, html code.shiki .sE3pS{--shiki-default:#C0CAF5}html pre.shiki code .sPY7s, html code.shiki .sPY7s{--shiki-default:#9ECE6A}html pre.shiki code .sT800, html code.shiki .sT800{--shiki-default:#E0AF68}html pre.shiki code .sOJ5S, html code.shiki .sOJ5S{--shiki-default:#FF9E64}html pre.shiki code .sAklC, html code.shiki .sAklC{--shiki-default:#89DDFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .s0U2E, html code.shiki .s0U2E{--shiki-default:#F7768E}html pre.shiki code .sgJMe, html code.shiki .sgJMe{--shiki-default:#9ABDF5}",{"title":210,"searchDepth":225,"depth":225,"links":992},[993,994,997,1002,1007],{"id":31,"depth":225,"text":32},{"id":92,"depth":225,"text":93,"children":995},[996],{"id":202,"depth":245,"text":203},{"id":336,"depth":225,"text":337,"children":998},[999,1000,1001],{"id":351,"depth":245,"text":352},{"id":633,"depth":245,"text":633},{"id":648,"depth":245,"text":649},{"id":689,"depth":225,"text":690,"children":1003},[1004,1005,1006],{"id":703,"depth":245,"text":704},{"id":739,"depth":245,"text":740},{"id":842,"depth":245,"text":843},{"id":929,"depth":225,"text":929},"2026-05-27","Cilium が eBPF 技術で Kubernetes ネットワーキングを変革する仕組みを解説。従来の CNI との比較、L7 セキュリティポリシー、Hubble による可観測性まで。","md","ja",{},"\u002Fblog\u002Fja\u002Fcilium-ebpf-kubernetes-networking",{"title":5,"description":1009},"blog\u002Fja\u002Fcilium-ebpf-kubernetes-networking",[20,940,1017,1018,1019,1020,1021,699],"Kubernetes","ネットワーキング","CNI","CNCF","セキュリティ","4h3GYC8aD4jNn2SKuApwnGkxMTWjr7pYOMAyfnucV3s",1779964617052]