KubeArmor VS cilium

Falco is a cloud native Kubernetes threat detection tool. It can detect unexpected behavior, intrusions, and data theft in real time. In the backend, it uses Linux eBPF technology to trace your system and applications at runtime. For example, it can detect if someone tries to read a secret file inside a container, access a pod as a root user, etc, and trigger a webhook or send logs to the monitoring system. There are similar tools like Tetragon, KubeArmor, and Tracee which also provide Kubernetes runtime security.

We're building a KubeArmor - a container-aware runtime security enforcement system n using LSMs - between India, Korea and the US

https://github.com/accuknox/kubearmor

They would have had to add a few externals to get to Graduated but it's definitely a minority:

https://github.com/cilium/cilium/blob/main/MAINTAINERS.md

Next-gen networking thanks to Cilium

Hello there, I recently have the need to proxy my pod traffic through WireGuard. I initially have my eyes on https://github.com/angelnu/pod-gateway but I just couldn't get it working. It turns out that Cilium made a CVE patch couple years ago that basically nuked ability to do inter-pod encapsulated traffic (https://github.com/cilium/cilium/issues/15991). I wonder if there is any other way that can let me do this without switching out of Cilium? Thank you guys in advance :)

I have used Cilium as CNI and installing it with helm.

I'm using the default RaspiOS Lite 64bits and as highlighted in this issue, the RaspiOS kernel does not support CONFIG_ARM64_VA_BITS_48, which makes cilium-envoy to fail building. As solution, I was told to use either Ubuntu as base OS or Traefik Ingress Controller, which is not configured in K3s.

Working on integrating cilium and loxilb as a hobby k8s project. Both are eBPF based and will be interesting to see what will be the final outcome.

Particularly in Cilium, Gateway API is very proof-of-concept. So much so that you can't even change the type of the underlying service (or anything else about the generated object) yet.

Authentication using mTLS was later merged into cilium (https://github.com/cilium/cilium/pull/24263). It uses mTLS between cilium agents to authorize flows, but do note that the mTLS auth is de-coupled from the datapath transport (i.e. you need to configure cilium to use ipsec or wireguard, as otherwise traffic won't be encrypted). As a consequence, there are some gaps in the implementation right now, like packet drops. see https://github.com/cilium/cilium/issues/23808

network plugin to be used, based on the documentation. (Project Calico ,Flannel, Cilium )