Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2020

Cilium 1.8: Secure Connectivity, Visualized

K8s Guru
2 min read
#cilium #ebpf #hubble #wireguard #kubernetes
Cilium 1.8: Secure Connectivity, Visualized

Table of Contents

Introduction

Released on June 30, 2020, Cilium 1.8 expands beyond policy enforcement into full-stack service connectivity and observability. With Hubble UI, WireGuard encryption, and cluster mesh GA, operators gain zero-trust networking with clear visibility.

Hubble Observability Suite

  • Hubble UI delivers service maps, flow logs, and latency histograms powered by eBPF data. Drill into pod-to-pod conversations without packet captures.
  • L7 visibility spans HTTP, gRPC, Kafka, and DNS, highlighting policy verdicts and request outcomes.
  • Export flows to Prometheus, Grafana, and external SIEM tools via the Hubble Relay API.

WireGuard Encryption (Beta)

  • Toggle --enable-wireguard to encrypt pod traffic without sidecars or overlay tunnels.
  • Uses Linux kernel WireGuard support for minimal overhead and native rotations of keys.
  • Works alongside identity-aware policies, ensuring encryption integrates with existing rules.

Cluster Mesh GA

  1. Multi-Cluster Service Discovery: Share services and identities across clusters while preserving least privilege.
  2. Global Services: Configure failover routing with DNS & envoy integration.
  3. Transparent Encryption: Combine with WireGuard to secure east-west traffic across data centers.

Operational Upgrades

  • Helm charts revamped for AKS, EKS, and GKE; declarative values files simplify upgrades.
  • Envoy 1.14 integration yields HTTP/2 and gRPC enhancements along with WASM filter previews.
  • CRDs add status conditions and metrics for quicker troubleshooting.

Getting Started

helm repo add cilium https://helm.cilium.io
helm upgrade -i cilium cilium/cilium --version 1.8.0 \
  --set hubble.enabled=true --set hubble.relay.enabled=true \
  --set encryption.enabled=true --set encryption.type=wireguard

Launch Hubble UI:

kubectl port-forward -n kube-system svc/hubble-ui 12000:80
open http://localhost:12000

Summary

AspectDetails
Release DateJune 30, 2020
Headline FeaturesHubble UI, WireGuard encryption, cluster mesh GA
Why it MattersGives platform teams a unified, observable, zero-trust data plane for multi-cluster Kubernetes

Cilium 1.8 proves eBPF can deliver policy, encryption, and visibility—all from a single, operator-friendly platform.