CNCF firms up Cilium cell structure
Cilium is a software project.
It is also the name of a membrane-bound organelle found on most types of eukaryotic cell, although cilia are absent in bacteria – thank you Wikipedia.
The name was clearly chosen to convey a sense of multi-tiered structure form and function for the open source software project.
The Cloud Native Computing Foundation (CNCF) and the Linux Foundation have now voted Cilium into the graduating project level.
As shown in the below graphic, Cilium’s velocity as a CNCF OSS project is only behind Kubernetes and OpenTelemetry in terms of velocity.
Cloud Native Network
Cilium’s CNCF graduation is obviously a major milestone for its maturity as an open source project (and Cilium is the first graduated project in the Cloud Native Network category), but the bigger story is argued to gravitate around how Cilium has become the tip of the spear for how open source is disrupting the massive legacy network stack and all of its devices and proprietary software-defined infrastructure.
The team behind Cilium is the same team that founded Nicira (acquired by VMware for $1.2B in 2012).
“Cilium’s rise as a universal connectivity layer for cloud-native infrastructure is a massive disruptor to the entire old-world, software-defined, proprietary networking stack – poised to make the same impact on the networking stack, as Linux did on x86 server infrastructure in the ’00s,” notes the foundations, in a joint technical statement.
Cilium began as an eBPF-based implementation of the Container Networking Interface to provide Layer 3-4 connectivity between container workloads. It has since expanded to include capabilities like network policy, meshing multiple Kubernetes clusters together, replacing kube-proxy, providing network encryption, integrated ingress and egress gateway, bandwidth management, BGP and connecting external workloads into Kubernetes.
The Cilium project pioneered ‘sidecarless service mesh’ (look it up, it’s a thing) and its sub-project Hubble provides network observability for layers 3-7, metrics, service map and UI, while Tetragon focuses on security observability and runtime enforcement.
“Cilium’s graduation highlights its evolution from a simple CNI to a complete networking, observability and security solution that prepares platforms and organizations for the next steps on their cloud native journey,” said Thomas Graf, Cilium co-founder and CTO of Isovalent. “On behalf of the project, we wish to thank every contributor who has collectively brought us to graduation within CNCF.”
What is eBPF?
For clarification, eBPF is a kernel-level technology that has been lauded as possibly the greatest revolution in operating system development in the last 15 years. It has origins in the Linux kernel and has since been made available on Windows kernels as well.
In terms of use, eBPF can run sandboxed programs to safely and efficiently extend the capabilities of an operating system kernel without requiring to change kernel source code or load kernel modules. eBPF is to an operating system, what JavaScript is to a web browser.
Cilium is an open source project whose original aim was to extend the power of eBPF to platform engineers, so that anyone could use eBPF, without having to be a kernel maintainer or understand the low-level primitives of operating systems.
Cilium uses eBPF as a core primitive, but extends it into major use cases like networking, security, observability, ingress etc. Cilium’s rise to adoption was initially due to its power as a container network interface (CNI) for Kubernetes networking – and today it is the default CNI for the most popular cloud providers’ Kubernetes offerings, such as Azure Kubernetes Service (AKS), Google Kubernetes Engineer (GKE), Amazon Elastic Kubernetes (EKS).