Kubernetes is a container orchestration platform and it has emerged as the de-facto tool for managing a large number of containers. In Kubernetes, networking functions, such as managing communication between applications and network policies, are delegated to CNI plugins.
Cilium is a CNI plugin for Kubernetes which provides secure network connectivity and load-balancing between applications using eBPF.
Cilium can manage network access by using network policy functions, called “CiliumNetworkPolicy” (CNP).
Users can allow or deny specific traffic by applying a CNP.
However, currently, any traffic except for TCP/UDP (including ICMP) is denied if an L4 CNP is present, and there is no way for users to explicitly allow ICMP traffic.
Therefore, my project aims to implement a CNP for explicitly allowing ICMP traffic.