Cilium provides the Container Network Interface (CNI) that supports traffic collection in Container Protection with the advantage of eBPF.
Extended Berkeley Packet Filter (eBPF) is a new programming paradigm that extend the capability of the Linux Kernel using sandbox programs without having to modify the kernel source code.
- Reduce the reliance on iptables as in other CNI plugins - by using eBPF mode, Cilium has more efficient IP address look up capability in managing high quantity of cluster nodes.
- eBPF programs runs more securely than loading a kernel module and more efficiently with its native execution using Just In Time (JIT) compiler.
- Linux Kernel Version needs to be 5.0 or above. Use the command:
uname -rto check with your version.
- Install the Cilium CNI plug-in. Reference: https://docs.cilium.io/en/v0.12/install/
- Uninstall the current Kubernetes agent using this command:
kubectl delete namespace fortinet
- Download the latest version of fcli command line tool for kubernetes agent deployment:
- Deploy the Kubernetes agent using this command:
Kubernetes Agent Download Link
./fcli deploy kubernetes --tcMode ebpf --token <AccessToken> --region <Region>
After Kubernetes agent is installed with eBPF mode, the Traffic Collection would be enabled: