Join the Cilium Slack
Cilium is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us on Slack! Find out what's happening and get involved.
Join the SlackTraditional service meshes, despite their benefits, can present significant challenges. These include the complexity and error-prone nature of IP and port-based network policies, performance overhead due to their proxy-based architecture, limited granularity in visibility of service-to-service communication, interoperability issues with existing infrastructure, scalability challenges as the number of services and traffic volumes increase, and operational and resource overhead.
Cilium Service Mesh redefines traditional service mesh frameworks by integrating the mesh layer directly into the kernel using eBPF, thus eliminating the need for sidecar proxies. It manages connectivity at both the networking and application protocol layers, handling protocols like IP, TCP, UDP, HTTP, Kafka, gRPC, and DNS with greater efficiency.
At the heart of Cilium is eBPF, a revolutionary technology built into the Linux kernel. With eBPF, Cilium delivers lightning-fast, efficient, and scalable networking. This bypasses the performance drawbacks of traditional proxies, enabling direct and efficient communication between your services.
Cilium Service Mesh gives users the choice of control plane options for the ideal balance of complexity and richness, from simpler options such as Ingress and Gateway API to richer options with Istio, to the full power of Envoy via the Envoy CRD.
With Cilium Service Mesh, users now have the choice to run a service mesh with sidecars or without them, based on their specific requirements and constraints. This flexibility reduces the complexity and overhead impact of sidecars.
The Roche team utilized Cilium's service mesh as a solution for managing network connectivity across their edge clusters. Cilium enabled them to have more fine-grained traffic control, and simplified the operations and configuration of network policies using a GitOps approach, alongside the deployment of workloads.
We started using Cilium in our EKS clusters and encountered security challenges. So many microservices were running without any kind of authentication or encryption. This prompted us to start doing a service mesh proof of concept. Although we already had Cilium available, we also evaluated Consul Connect, Kong Mesh, and Istio. Cilium stood out as it did not require sidecars, appealing to us not only for resource savings but also to avoid potential load issues caused by additional software. Cilium's sidecar-less approach did call our attention, leading us to adopt it to provide security across all our microservices.
Matheus Morais - IT Infrastructure Analyst, Sicredi
The New York Times migrated from Istio to Cilium service mesh to simplify their multi-tenant Kubernetes clusters on Amazon EKS. Cilium's service mesh capabilities reduced management complexity, improved manageability with a smaller footprint, and offered a more user-friendly experience for defining network policies. This shift streamlined network operations and enhanced security for their cloud-native applications.
Cilium is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us on Slack! Find out what's happening and get involved.
Join the SlackCilium has extensive documentation that covers its features and use cases. The docs also features tutorials for common user stories.
Read the DocsGet help with Cilium through Slack, Github, training, support, and FAQs. The community can also help you tell or promote your story around Cilium.
Get HelpDeep dive into Cilium and its features with labs provided by companies within the Cilium ecosystem
Try a Lab