Support for Traffic Collection with Cilium CNI
Cilium provides the Container Network Interface (CNI) that supports traffic collection in Container Protection with the advantage of eBPF.
Extended Berkeley Packet Filter (eBPF) is a new programming paradigm that extend the capability of the Linux Kernel using sandbox programs without having to modify the kernel source code.
Advantage of using Cilium with eBPF
- Reduce the reliance on iptables as in other CNI plugins - by using eBPF mode, Cilium has more efficient IP address look up capability in managing high quantity of cluster nodes.
- eBPF programs runs more securely than loading a kernel module and more efficiently with its native execution using Just In Time (JIT) compiler.
Prerequisite
- Linux Kernel Version needs to be 5.0 or above. Use the command:
uname -r
to check with your version. - Install the Cilium CNI plug-in. Reference: https://docs.cilium.io/en/v0.12/install/
Steps to install Kubernetes agent with eBPF mode
- Uninstall the current Kubernetes agent using this command:
kubectl delete namespace fortinet
- Download the latest version of fcli command line tool for kubernetes agent deployment:
- Deploy the Kubernetes agent using this command:
Operating System |
Kubernetes Agent Download Link |
---|---|
Mac OS | https://forticwp-kubernetes-agent.s3.amazonaws.com/mac/fcli |
Linux | https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli |
./fcli deploy kubernetes --tcMode ebpf --token <AccessToken> --region <Region>
After Kubernetes agent is installed with eBPF mode, the Traffic Collection would be enabled: