Cilium Certified Associate Study Guide
February 7, 2024 ยท View on GitHub
The aim of this study guide is to help the Cilium community prepare for the CNCF's Cilium Certified Associate(CCA) Exam ๐
About the Certification
You can find all you need to know about the Certification on its official page.
General Overview
Installation and Configuration - 10%
Topics
- Know How to Use Cilium CLI to Query and Modify the Configuration
- Using Cilium CLI to Install Cilium, Run Connectivity Tests, and Monitor its Status
Resources
- Cilium Quick Installation - Cilium Docs ๐
- eCHO episode 1: Introduction to Cilium ๐บ
- Getting Started with Cilium - Lab ๐ฅผ
- Tutorial: Tips and Tricks to install Cilium ๐
- Cilium Command Cheat Sheet - Cilium Docs ๐
Architecture - 20%
Topics
- Understand the Role of Cilium in Kubernetes Environments
- Cilium Architecture
- IP Address Management (IPAM) with Cilium
- Cilium Component Roles
- Datapath Models
Resources
- Getting Started with Cilium - Lab ๐ฅผ
- Cilium - Rethinking Linux Networking and Security for the Age of Microservices ๐
- Cilium 1.0: Bringing the BPF Revolution to Kubernetes Networking and Security ๐
- Cilium Component Overview - Cilium Docs ๐
- Cilium eBPF Datapath - Cilium Docs ๐
- IP Address Management (IPAM) - Cilium Docs ๐
- Cilium Technical Deep Dive: Under the Hood - Talk ๐บ
- Cilium's BPF kernel datapath revamped - Talk ๐บ
- Terminology - Cilium Docs ๐
Network Policy - 18%
Topics
- Interpret Cilium Network Polices and Intent
- Understand Cilium's Identity-based Network Security Model
- Policy Enforcement Modes
- Policy Rule Structure
- Kubernetes Network Policies versus Cilium Network Policies
Resources
- Identity Based - Cilium Docs ๐
- Network Policy Use Cases ๐
- From IP to identity: making cattle out of pets in cloud native ๐
- Zero Trust Security with Cilium ๐
- Network Policy - Cilium Docs ๐
- Policy Enforcement Mode - Cilium Docs ๐
- Why is Kubernetes Network Policy important? ๐บ
- Birth of Kubernetes Network Policy ๐บ
- NetworkPolicy Tutorial ๐
- eCHO Episode 43: Deep dive on FQDN Policy ๐บ
- Network Policy Editor ๐
Service Mesh - 16%
Topics
- Know How to use Ingress or Gateway API for Ingress Routing
- Service Mesh Use Cases
- Understand the Benefits of Gateway API over Ingress
- Encrypting Traffic in Transit with Cilium
- Sidecar-based versus Sidecarless Architectures
Resources
- How eBPF will solve Service Mesh โ Goodbye Sidecars ๐
- Cilium Service Mesh Use Cases ๐
- Hello eBPF! Goodbye Sidecars? ๐บ
- Cilium Service Mesh โ Everything You Need to Know ๐
- Cilium Ingress Controller - Lab ๐ฅผ
- Cilium Transparent Encryption with IPSec and WireGuard - Lab ๐ฅผ
- Gateway API Support - Cilium Docs ๐
- Cilium Gateway API - Lab ๐ฅผ
- Advanced Gateway API Use Cases - Lab ๐
- Ingress Controllers or the Kubernetes Gateway API? Which Is Right for You? ๐
- A Deep Dive into Cilium Gateway API: The Future of Ingress Traffic Routing ๐
- Mutual Authentication in Cilium - Cilium Docs ๐
- Mutual Authentication in Cilium - Lab ๐ฅผ
Network Observability - 10%
Topics
- Understand the Observability Capabilities of Hubble
- Enabling Layer 7 Protocol Visibility
- Know How to Use Hubble from the Command Line or the Hubble UI
Resources
- eCHO episode 2: Introduction to Hubble ๐บ
- Observability Use Cases ๐
- Setting up Hubble Observability - Cilium Docs ๐
- Layer 7 Protocol Visibility - Cilium Docs ๐
- Back to Basics โ L7 Flow Visibility ๐บ
- Cilium IPv6 Networking and Observability - Lab ๐ฅผ
Cluster Mesh - 10%
Topics
- Understand the Benefits of Cluster Mesh for Multi-cluster Connectivity
- Achieve Service Discovery and Load Balancing Across Clusters with Cluster Mesh
Resources
- Cilium Cluster Mesh Use Cases ๐
- Setting Up Cluster Mesh - Cilium Docs ๐
- Cilium Cluster Mesh - Lab ๐ฅผ
- Connecting Klusters on the Edge with Deep Dive into Cilium Cluster Mesh - Talk ๐บ
- An Introduction to Cilium Cluster Mesh ๐บ
- eCHO episode 41: Cilium Cluster Mesh ๐บ
- eCHO Episode 94: Cluster API and Cilium Cluster Mesh ๐บ
eBPF - 10%
Topics
- Understand the Role of eBPF in Cilium
- eBPF Key Benefits
- eBPF-based Platforms versus IPtables-based Platforms
Resources
- Why is the kernel community replacing iptables with BPF? ๐
- What is eBPF? ๐
- CNI Benchmark: Understanding Cilium Network Performance ๐
- eBPF - The Future of Networking & Security ๐
- Learning eBPF ๐
- Getting started with eBPF - Lab ๐ฅผ
- eBPF - Host Routing - Cilium Docs ๐
BGP and External Networking 6%
Topics
- Egress Connectivity Requirements
- Understand Options to Connect Cilium-managed Clusters with External Networks
Resources
- Cilium BGP Use Cases ๐
- Cilium BGP Control Plane - Cilium Docs ๐
- Cilium BGP Service Advertisement ๐บ
- BGP on Cilium - Lab ๐ฅผ
- Cilium LoadBalancer IPAM and BGP Service Advertisement - Lab ๐ฅผ
- Advanced BGP Features - Lab ๐ฅผ
- BGP with Cilium ๐
- Connecting your Kubernetes island to your network with Cilium BGP ๐
- Cilium Egress Gateway - Cilium Docs ๐
- Cilium Egress Gateway - Lab ๐ฅผ
- Cilium L2 Announcements - Cilium Docs ๐
- Cilium LoadBalancer IPAM and L2 Service Announcement - Lab ๐ฅผ
Next Steps
Finished this guide and want to learn more? Dive deep into the world of Cilium with more comprehensive hands-on labs.
