First Cilium Install

CNI hello world.

Overview

The first Cilium install moves Kubernetes networking from basic CNI to eBPF-based modern networking. Cilium provides L7 policy, observability, and service mesh capabilities; the install introduces patterns the team will use for years.

• CNI hello world. eBPF-based pod networking; matches modern Linux kernel capabilities.
• L7-aware policy. HTTP and gRPC method-level policy; produces real protection at the application layer.
• Hubble observability. Per-flow visibility; supports investigation by exposing pod-to-pod traffic.
• Service mesh option plus BGP integration. Cilium Service Mesh without sidecars matches modern stacks; BGP integration matches enterprise routing.

The approach

The practical approach: install via Helm, default-deny network policy, L7 policy for sensitive workloads, Hubble for observability, documented per-cluster configuration. The team’s discipline produces predictable Cilium that survives operator turnover.

• helm install cilium. Standard install; the canonical entry point.
• Default-deny network policy. Per-namespace block-by-default; produces real protection rather than hopes.
• L7 policy for sensitive. HTTP method-level for APIs; matches the threat model where authorisation matters.
• Hubble for observability plus documented install. Per-flow visibility supports investigation; per-cluster configuration committed for review.

Why this compounds

Cilium discipline compounds across clusters. Each cluster inherits the patterns; the team’s modern networking expertise grows; new clusters adopt eBPF networking by default.

• Better security. L7 policy reduces blast radius; the unauthorised request is blocked at the network layer.
• Better observability. Hubble reveals real flows; supports investigation when service-to-service behaviour is in doubt.
• Better performance. eBPF avoids sidecar overhead; the resource cost stays low even at high pod count.
• Institutional knowledge. Each cluster teaches modern networking; the team’s networking muscle grows.

The first Cilium install is an infrastructure investment that pays off across years. Nova AI Ops integrates with Cilium telemetry, surfaces patterns, and supports the team’s networking discipline.