eBPF-powered tool has been adopted by well over 100 organizations
SAN FRANCISCO, Calif. – October 11, 2023 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of Cilium. Cilium is an eBPF-powered open source, cloud native solution for providing, securing, and observing network connectivity between workloads.
Cilium began as an eBPF-based implementation of the Container Networking Interface to provide Layer 3-4 connectivity between container workloads. It has since expanded to include capabilities like network policy, meshing multiple Kubernetes clusters together, replacing kube-proxy, providing network encryption, integrated ingress and egress gateway, bandwidth management, BGP, and connecting external workloads into Kubernetes. The Cilium project pioneered sidecarless service mesh, and its sub-project Hubble provides network observability for layers 3-7, metrics, service map, and UI, while Tetragon focuses on security observability and runtime enforcement.
“Cilium’s graduation highlights its evolution from a simple CNI to a complete networking, observability, and security solution that prepares platforms and organizations for the next steps on their cloud native journey,” said Thomas Graf, Cilium co-founder and CTO of Isovalent. “On behalf of the project, we wish to thank every contributor who has collectively brought us to graduation within CNCF.”
Cilium was initially created by Isovalent and was built from the ground up based on eBPF. It became an Incubating CNCF project in October 2021 and now has maintainers from 7 different companies and over 800 individual contributors. The project powers some of the largest Kubernetes clusters in the world, with end users ranging from digital native startups to the world’s largest financial institutions and telcos. It has 46 public case studies from companies, including Bell Canada, Bloomberg, DB Schenker, S&P Global, Sky, and The New York Times, and well over 100 organizations listed in its USERS file. Cilium is the second most active CNCF project in terms of the number of commits, behind only Kubernetes.
“eBPF has grown into a powerful technology for extending the Linux kernel to meet a variety of use cases,” said Chris Aniszczyk, CTO of CNCF. “Cilium and the modern eBPF stack will help shape the future of cloud native networking and observability. Cilium has demonstrated really impressive growth in its nearly two years in the Incubator, and we’re excited to watch as the ecosystem continues to push the benefits of eBPF even further.”
Graduation is not the end goal but rather the beginning of creating the ecosystem around Cilium. The project is growing beyond just Kubernetes to include support for external workloads, like bare metal and virtual machines. It was one of the first projects to add support for Gateway API and includes a Layer 4 load balancer for north-south traffic. Cilium Service Mesh also enables workloads to mutually authenticate their connections using SPIFFE/SPIRE. Cilium now integrates with Prometheus and Grafana for simplified Day 2 operations.
“When embarking on a project, one can never predict its ultimate success, but the belief in its potential to address complex challenges is the driving force,” said André Martins, Cilium maintainer. “Witnessing Cilium achieve CNCF graduation is a testament to the unwavering support the community has contributed over the years. With each passing year, as the community continues to grow and deepen its support, it instills a profound sense of confidence in more organizations to adopt and integrate it into their infrastructure. This graduation isn’t the end; rather, it serves as a validation of the breakthroughs Cilium will pioneer in the years to come.”
“From the earliest days of Kubernetes, we knew that a thriving ecosystem was a critical ingredient, and Cilium is perhaps the most visible demonstration of this. Cilium taps into the power and excitement of eBPF to super-charge Kubernetes networking,” said Tim Hockin, distinguished software engineer at Google Cloud. “While it may have started as ‘just a network plugin’, Cilium has evolved into much more than that, with a broad feature set which speaks to many types of users from startups to major enterprises. I’m thrilled to see Cilium be successful – it’s really a win for Kubernetes users everywhere.”
To officially graduate from incubating status, the project underwent a due diligence process with the CNCF Technical Oversight Committee (TOC), completed a third-party security audit, and drove the process to allow CNCF projects to include GPL-licensed eBPF code to run in the kernel. Graduation validates Cilium’s growth, maturity, and future outlook and cements the project’s leadership in the eBPF space.
To provide input on the direction of the project, please fill out the recently launched Cilium User Survey. You can also talk to project maintainers at the upcoming CiliumCon on November 6th in Chicago, join the Contribfest, and watch the eBPF Documentary premiering at KubeCon + CloudNativeCon North America on November 8 in Chicago, IL or virtually.
Supporting Quotes
“With the rise of distributed computing and microservices, networking has become the key layer tying everything together,” said Dan Wendlandt, CEO of Isovalent. “Isovalent is proud of our role in the creation and development of Cilium as a solution for networking, observability, and security in the cloud native world. Cilium’s graduation highlights its leading position as a critical component of the modern computing stack and reinforces our belief that eBPF is a key technology enabling future innovation.”
“Datadog has been running Cilium in production for years, and it is our choice of CNI on all cloud providers because it provides a consistent experience for networking and network policy,” said Hemanth Malla, senior software engineer at Datadog. “eBPF and Cilium helped us to push the boundaries both within operations and also with product development. To do things safer, faster, and more easily than what we could have with traditional techniques like iptables. It has also been great to be able to give back to the community with two maintainers of the project, multiple conference talks and blog posts. We are really excited to see that a critical component of our stack is now a CNCF graduated project.”
“Our customers need a scalable, performant, and rich container networking solution to meet the demands of their rapidly expanding cloud native footprint,” said Deepak Bansal, corporate vice president and technical fellow, Microsoft Azure. “In collaboration with the CNCF community, we integrated the open source Cilium into our CNI to meet these needs. Cilium is based on eBPF and Microsoft has been working in collaboration with the robust eBPF community to make sure that eBPF works great for everyone. The response and adoption have been very positive amongst our customers. We are very excited for the CNCF Graduation of the project and looking forward to continued collaboration with the community.”
“The CNCF TOC is thrilled to welcome Cilium as a newly graduated CNI that cloud providers and adopters can confidently use as a mature solution,” said Emily Fox, TOC chair and Cilium graduation co-sponsor. “The cloud native networking ecosystem has come a long way since 2017 when the CNI specification, libraries, and plugins were first accepted. Cilium’s graduation confirms that the collaboration between cloud native projects, the TOC, and, more broadly, CNCF allow for continued experimentation of innovative and different solutions to address industry challenges as technology advances and as end users identify new needs within their cloud, on-prem, hybrid, and cloud native architectures.”
“I would like to congratulate Cilium on its graduation,” said Artjoms Laivins, Tietoevry. “I’m glad that we have been able to follow along on the project journey for the past few years since our platform engineers saw its potential. Since we began with Cilium, we now have over 20 Kubernetes clusters running it as a CNI. Cilium was quite easy to get started with and we can now get a real-time overview of networks in the cluster thanks to the Hubble UI, and network policies have increased our control and the security of our network. We look forward to being a part of the next steps on the journey.”
“As an early adopter of Cilium, Schuberg Philis is pleased to see its integration within CNCF and wants to congratulate everyone involved with this milestone,” said Stephen Hoekstra, Schuberg Philis. “Cilium’s use of eBPF technology has been a valuable addition to the way we run Kubernetes for our mission critical customers, significantly improving security and visibility.”
- To learn more about Cilium:
Check out the project website and GitHub repository. - Read the documentation.
- Join the community Slack.
- Follow the project on Twitter and LinkedIn.
- Fill out the User Survey
- Catch the eBPF Documentary at KubeCon + CloudNativeCon
About Cloud Native Computing Foundation
Cloud native computing empowers organizations to build and run scalable applications with an open source software stack in public, private, and hybrid clouds. The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure, including Kubernetes, Prometheus, and Envoy. CNCF brings together the industry’s top developers, end users, and vendors and runs the largest open source developer conferences in the world. Supported by more than 800 members, including the world’s largest cloud computing and software companies, as well as over 200 innovative startups, CNCF is part of the nonprofit Linux Foundation. For more information, please visit www.cncf.io.
###
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page. Linux is a registered trademark of Linus Torvalds.
Media Contact
Katie Meinders
The Linux Foundation
PR@CNCF.io