13. Cilium Enterprise

So far, we used the Cilium CNI in the Open Source Software (OSS) version. Cilium OSS has joined the CNCF as an incubating project and only recently during KubeCon 2022 NA applied to become a CNCF graduated project . Isovalent , the company behind Cilium also offers enterprise support for the Cilium CNI. In this lab, we are going to look at some of the enterprise features.

Task 13.1: Create a Kubernetes Cluster and install Cilium Enterprise

We are going to spin up a new Kubernetes cluster with the following command:

minikube start --network-plugin=cni --cni=false --kubernetes-version=1.24.3 -p cilium-enterprise

Now check that everything is up and running:

kubectl get node

This should produce a similar output:

NAME                STATUS   ROLES                  AGE   VERSION
cilium-enterprise   Ready    control-plane,master   86s   v1.24.3

Alright, everything is up and running and we can continue with the Cilium Enterprise Installation. First we need to add the Helm chart repository:

helm repo add isovalent https://....

Note

Your trainer will provide you with the Helm chart url.

Next, create a cilium-enterprise-values.yaml file with the following content:

cilium:
  hubble:
    enabled: false
    relay:
      enabled: false
  nodeinit:
    enabled: true
  ipam:
    mode: cluster-pool
hubble-enterprise:
  enabled: false
  enterprise:
    enabled: false
hubble-ui:
  enabled: false

And then install Cilium enterprise with Helm:

helm install cilium-enterprise isovalent/cilium-enterprise --version 1.12.7  \
  --namespace kube-system -f cilium-enterprise-values.yaml

To confirm that the cilium daemonset is running Cilium Enterprise, execute the following command and verify that the container registry for cilium-agent is set to quay.io/isovalent/cilium:

kubectl get ds -n kube-system cilium -o jsonpath='{.spec.template.spec.containers[0].image}' | cut -d: -f1

Run the following command and validate that cilium daemonset is up and running:

kubectl get ds -n kube-system cilium

This should give you an output similar to this:

NAME                DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
cilium              1         1         1       1            1           <none>          91s

13.1. Network Visibility with Hubble

13.2. Network Policies

13.3. Process Visibility

13.4. Exporting Events

Last modified August 6, 2025: Merge pull request #257 from acend/renovate/docker-login-action-digest (92607dc)