Dear Airlock Team,
We are currently preparing a migration of our Kubernetes environment from RKE to RKE2 and are switching from Canal to Cilium as the CNI. In this process, we are evaluating whether to enable Cilium’s kube-proxy replacement mode (eBPF-based service handling).
We’ve read in your documentation that this mode is currently not supported due to the Microgateway’s reliance on iptables. Since we are using Airlock Microgateway in sidecar mode to protect our applications, we would like to ask:
-
Are there plans to support Cilium’s kube-proxy replacement mode in a future version of Airlock Microgateway?
-
If so, could you share an approximate timeline or version target?
-
Are there any known workarounds or experimental setups that could be considered in the meantime?
Thank you in advance!