Английская Википедия:Cilium (computing)
Cilium is a cloud native technology for networking, observability, and security.[1] It is based on the kernel technology eBPF, originally for better networking performance, and now leverages many additional features for different use cases. The core networking component has evolved from only providing a flat Layer 3 network for containers to including advanced networking features, like BGP and Service mesh, within a Kubernetes cluster, across multiple clusters, and connecting with the world outside Kubernetes.[1] Hubble was created as the network observability component and Tetragon was later added for security observability and runtime enforcement.[1] Cilium runs on Linux and is one of the first eBPF applications being ported to Microsoft Windows through the eBPF on Windows project.[2]
History
Evolution from Networking CNI
Cilium began as a networking CNI[3] for container workloads. It was originally IPv6 only and supported multiple container orchestrators, like Kubernetes. The original vision for Cilium was to build an intent and identity-based high-performance container networking platform.[4] As the cloud native ecosystem expanded, Cilium added new projects and features to address new problems in the space.
The table below summarises some of the most significant milestones of this evolution:
- December 2015 - Initial commit to the Cilium project[5]
- May 2016 - Network policy was added, expanding the scope beyond just networking[6]
- August 2016 - Cilium was initially announced during LinuxCon as a project providing fast IPv6 container networking with eBPF and XDP.[4] Today, Cilium has been adopted by major cloud provider's Kubernetes offerings and is one of the most widely used CNIs.
- August 2017 - ebpf-go was created as a library to read, modify, and load eBPF programs and attach them to various hooks.[7]
- April 2018 - Cilium 1.0 is the first stable release[8]
- November 2019 - Hubble was launched to provide eBPF-based observability to network flows[9]
- August 2020 - Chosen by Google as the basis for their Kubernetes Dataplane v2[10]
- September 2021 - AWS picks Cilium for Networking & Security on EKS Anywhere[11]
- October 2021 - Pwru was launched for tracing network packets in the Linux kernel with advanced filtering capabilities[12][13]
- October 2021 - Accepted into CNCF as an incubation level project[14]
- December 2021 - Cilium Service Mesh launched to help manage traffic between services[15]
- May 2022 - Tetragon open sourced to cover security observability and runtime enforcement[16][17]
- October 2022 - Chosen as CNI for Azure[18][19]
- April 2023 - Cilium Mesh launched to connect workloads and machines across cloud, on-prem, and edge[20][21][22]
- April 2023 - First CiliumCon hosted as a part of KubeCon[23]
- October 2023 - Cilium becomes a CNCF Graduated project [24]
CNCF
Cilium was accepted into the Cloud Native Computing Foundation on October 13th, 2021 as an incubation-level project. It applied to become a graduated project on October 27th 2022[14]. It became a Graduated project one year later. Cilium is one of the fastest-moving projects in the CNCF ecosystem.[25]
Adoption
Cilium has been adopted by many large-scale production users, including over 100 that have stated it publicly,[26] for example:
- Datadog uses Cilium as their CNI and kube-proxy replacement[27][28]
- Ascend uses Cilium as their one CNI across multiple cloud providers[29]
- Bell Canada uses Cilium and eBPF for telco networking[30][31]
- Cosmonic uses Cilium for their Nomad-based PaaS[32][33][34]
- IKEA uses Cilium for their self-hosted bare-metal private cloud[35]
- S&P Global uses Cilium as its CNI[36]
- Sky uses Cilium as their CNI and for network security[37]
- The New York Times uses Cilium on EKS for multi-region multi-tenant shared clusters[38]
- Trip.com uses Cilium both on premise and in AWS[39]
Cilium is the CNI for many cloud providers including Alibaba,[40] APPUiO,[41] Azure,[42] AWS,[11] DigitalOcean,[43] Exoscale,[44] Google Cloud,[10] Hetzner,[45] and Tencent Cloud.[46]
Projects Overview
Cilium
Cilium began as a container networking project. With the growth of Kubernetes and container orchestration, Cilium became a CNI,[3] providing basic things like configuring container network interfaces and Pod to Pod connectivity. From the beginning, Cilium based its networking on eBPF rather than iptables or IPVS, betting that eBPF would become the future of cloud native networking.[47]
Cilium’s eBPF based dataplane provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode with Cilium Cluster Mesh. It is Layer 7-protocol aware and can enforce network policies on Layer 3 to Layer 7 and with FQDN using an identity-based security model that is decoupled from network addressing.
Cilium implements distributed load balancing for traffic between Pods and to external services, and is able to fully replace kube-proxy,[48] using XDP, socket-based load-balancing and efficient hash tables in eBPF. It also supports advanced functionality like integrated ingress and egress gateways,[49] bandwidth management, a stand-alone load balancer, and service mesh.[50]
Cilium is the first CNI to support advanced kernel features such as BBR TCP congestion control[51] and BIG TCP[52] for Kubernetes Pods.[53]
Hubble
Hubble is the observability, service map, and UI of Cilium which is shipped with the CNI.[54] [55] It can be used to observe individual network packet flows, view network policy decisions to allow or block traffic, and build up service maps showing how Kubernetes services are communicating.[56] Hubble can export this data to Prometheus, OpenTelemetry, Grafana, and Fluentd for further analysis of Layer 3/4 and Layer 7 metrics.[57]
Tetragon
Tetragon is the security observability and runtime enforcement project of Cilium.[58] Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF. It allows users to monitor and observe the complete lifecycle of every process execution on their machine, translate policies for file monitoring, network observability, container security, and more into eBPF programs, and do synchronous monitoring, filtering, and enforcement completely in the kernel.
Go eBPF Library
ebpf-go is a pure-Go library to interact with the eBPF subsystem in the Linux kernel.[59] It has minimal external dependencies, emphasises reliability and compatibility, and is widely deployed in production.
Pwru
pwru ("Packet, where are you?") is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities. It allows fine-grained introspection of kernel state to facilitate debugging network connectivity issues. Under the hood, pwru attaches eBPF debugging programs to all Linux kernel functions which are responsible for processing network packets.
This gives a user finer-grained view into a packet processing in the kernel than with tcpdump, Wireshark, or more traditional tools. Also, it can show packet metadata such as network namespace, processing timestamp, internal kernel packet representation fields, and more.
Community
Cilium's official website lists online forums, messaging platforms, and in-person meetups for the Cilium user and developer community.
Conferences
Conferences dedicated to Cilium development in the past have included:
- CiliumCon EU 2023,[23] held in conjunction with KubeCon + CloudNativeCon EU 2023[60]
- CiliumCon NA 2023,[61] held in conjunction with KubeCon + CloudNativeCon NA 2023[62]
Annual Report
The Cilium community releases an annual report to cover how the community developed over the course of the year:
See also
References
External links
- ↑ 1,0 1,1 1,2 Ошибка цитирования Неверный тег
<ref>; для сносок:1не указан текст - ↑ Шаблон:Cite web
- ↑ 3,0 3,1 Шаблон:Cite web
- ↑ 4,0 4,1 Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ 10,0 10,1 Шаблон:Cite web
- ↑ 11,0 11,1 Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ 14,0 14,1 Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ 23,0 23,1 Шаблон:Cite web
- ↑ https://www.cncf.io/announcements/2023/10/11/cloud-native-computing-foundation-announces-cilium-graduation/
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite journal
- ↑ Шаблон:Cite web
- ↑ Шаблон:Citation
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
