The CNCF Technical Oversight Committee (TOC) has voted to accept Cilium as a CNCF incubating project.
Cilium provides networking, security, and observability for cloud native environments by acting as a CNI and enhanced networking layer for Kubernetes using eBPF.
“Cilium and eBPF are changing the networking and security landscape, with the majority of big cloud providers now relying on Cilium,” said Thomas Graf, co-creator of Cilium. “Organizations across financial services, cloud, hyperscalers, and enterprises use Cilium for its deep security, performance, scalability, and observability. The CNCF is the ideal home for Cilium and its entire community as the project evolves further.”
Cilium is used across the Kubernetes ecosystem by organizations like Adobe, Capital One, Cognite, Datadog, GitLab, Palantir, SAP Concur, Telenor, Trip.com, Wildlife Studios, Yahoo, and many more. In addition, cloud providers such as Alibaba, AWS, DigitalOcean, and Google Cloud use Cilium as the CNI plugin of choice for managed cloud and on-premises Kubernetes platforms. Cilium is tightly integrated with Envoy and Prometheus and provides an extension framework based on Go.
“Cilium is a critical part of the Datadog network stack as it provides consistent Kubernetes networking across cloud providers as well as performant and secure communications thanks to eBPF,” said Laurent Bernaille, Staff Engineer at Datadog.
“Cilium brings the power of eBPF to the world of Kubernetes. This enables GKE to offer greater observability, security, flexibility, and efficiency of the datapath to its customers,” said Weilong Cui, Senior Software Engineer, Google.
Main Components:
The Cilium project consists of multiple components and layers which can be used independently of each other. This allows users to pick a particular functionality or to run Cilium in combination with other CNIs.
- Agent: The agent runs on all Kubernetes worker nodes and other servers hosting workloads. It provides the core eBPF platform and is the foundation for all other Cilium components.
- Network Plugins (CNI): The CNI plugin enables organizations to use Cilium to provide networking for Kubernetes clusters and other orchestration systems which rely on the CNI specification.
- Hubble: Hubble is the observability component of Cilium. It provides network and security logs, metrics, tracing data, and several graphical user interfaces.
- ClusterMesh: ClusterMesh implements a network or service mesh that can span multiple clusters and external workloads running on external virtual machines or bare-metal servers. It provides connectivity, service discovery, network security, and observability across clusters and workloads.
- Load Balancer: The load balancer is capable of running in the cluster to implement Kubernetes services and standalone to provide north-south load-balancing in front of Kubernetes clusters.
Notable Milestones:
- > 9K GitHub Stars
- > 12K pull requests
- 342 GitHub contributors
- > 365+ Releases
- > 8.3K Slack members
“eBPF allows programs in the kernel to run without kernel modules or modifications,” said Chris Aniszczyk, CTO of CNCF. “It is enabling a new generation of software to extend the behavior of the kernel. In the case of Cilium, it provides sidecar less high-performance networking, advanced load balancing, and more. We’re excited to welcome more eBPF-based projects into the cloud native ecosystem and look forward to watching Cilium help grow the eBPF ecosystem.”
As a CNCF incubating project, Cilium has planned a full roadmap and is actively adding new features and functionality. The team will be adding new service mesh functionality, including support for the OpenTelemetry project and L7 load balancing controls, building on the existing Envoy Proxy integration. They will also incorporate additional features for on-premises deployments, including advanced IPAM modes, multi-homing, service changing, and enhanced support for external workloads. Finally, the team will focus on evolving security capabilities by adding further identity integrations, deeper workload visibility, and continuing to focus on identity-based enforcement.
As a CNCF-hosted project, joining incubating technologies Argo, Buildpacks, CloudEvents, CNI, Contour, Cortex, CRI-O, Crossplane, Dragonfly, emissary-ingress, Falco, Flagger, Flux, gRPC, KEDA, KubeEdge, NATS, Notary, OpenTelemetry, Operator Framework, SPIFFE, SPIRE, and Thanos, Cilium is part of a neutral foundation aligned with its technical interests, as well as the larger Linux Foundation, which provides governance, marketing support, and community outreach. For more information on maturity requirements for each level, please visit the CNCF Graduation Criteria.