The Cilium Story - Why We Created Cilium

Transcript

1. Thomas Graf, Isovalent Co-Creator Cilium The Cilium Story Why we

   created Cilium

2. - Networking - Security - Observability - Service Mesh &

   Ingress -based: Foundation Created by Technology Scalable, Secure, High Perfomance Networking Sidecar-free Service Mesh, Ingress, & Gateway API Security Observability & Runtime Enforcement Network Observability & Monitoring Cilium CNI Tetragon Cilium Service Mesh Hubble

3. The Origins

4. First Cilium Commit

5. But First, we had to make it possible

6. Makes the Linux kernel programmable in a secure and efficient

   way. “What JavaScript is to the browser, eBPF is to the Linux Kernel” Process Scheduler execve() Linux Kernel Syscall

7. Origins of eBPF PlumGrid Crew: Pere Monclus, Brenden Blanco, Alexei

   Starovoitov Daniel Borkmann, Alexei, & Thomas discussing eBPF in the PlumGrid office Alexei Starovoitov

8. eBPF Superpowers Brendan Gregg

9. Daniel Borkmann speaking about eBPF eBPF Community Passion Brenden (VMware),

   Alexei (FB), Daniel (Isovalent) discussing the eBPF verifier at the Facebook booth

10. Picture from a recent eBPF Kernel Conference with David S.

    Miller (Linux Kernel Networking Maintainer)

11. The Founding

12. From Left to Right: • Thomas Graf • Daniel Borkmann

    • Madhu Challa • Andre Martins 25 Years Linux Birthday Party, Linux Foundation Event Early Cilium Presentation, ioVisor Summit Cilium Founding Team

13. 1st Cilium Design Summit Cilium Design Summit, Diavolezza, Switzerland The

    moment we realized that observability matters

14. - IPv6 Only - Built for Containers - Scalable &

    Flat L3 - Identity-based security First Conference Talks

15. Thomas Graf Co-Founder & CTO Dan Wendlandt, Co-Founder & CEO

    Isovalent Martin Casado General Partner, a16z Liz Rice Chief Open Source Officer Cilium joins CNCF Umesh Padval Venture Partner, Thomvest

16. “We chose Cilium because we were looking for a simple

    solution, a resilient solution, and one which is ready for day two operations.“ – Alex Berger, Chief Architect Cilium is a critical part of the Datadog network stack as it provides consistent Kubernetes networking across cloud providers as well as performant and secure communications, thanks to eBPF. – Laurent Bernaille, Staff Engineer The Beginning

17. DockerCon 2017

18. “We are a bank. Everything is security first. We had

    to have a way to audit the network traffic down to the specific application that initiated the connection.” – Bradley Whitfield, Senior Lead Platform Engineer “We choose Cilium as it supports Network Policies at Layer 3/4/7, Cloud agnostic & easy to deploy anywhere.” – Adelina Simion, Technology Evangelist Network Policy

19. Batman Visits From Left To Right: Thomas, Batman, Cynthia Thomas

    Dan, Cynthia, Thomas

20. Getting an Office Martynas Pumputis (author kube-proxy replacement) performing engineering

    tasks New Logo Design Happy Birthday Andre Martins (Cilium Maintainer)

21. “With Hubble, we are able to get easy traceability of

    network calls associated to a Kubernetes pod.” – Vlad Ungureanu, Backend Software Engineer Hubble

22. Hubble UI Network Policy Editor

23. Starting to Grow KubeCon! (Arvind Soni, Andre Martins, Ian Vernon)

    2K GitHub Stars Celebration Michi & Joe Cilium Maintainers

24. “What makes Cilium Cluster Mesh unique in our opinion is:

    • Cross cluster Service Discovery • Cross cluster Service Load Balancing • Cross Cluster Network Policies” – Karsten Nielsen, Senior Systems Engineer, Swedish Home Furnishings Retailer Cluster Mesh

25. The Swiss Roots Live On Fondue in an AirBnB, Palo

    Alto Snow Chain Incident, Julier Pass (Product Manager is looking up tutorial on YouTube) Glib Smaga Hubble Maintainer and team Zurich Offsite

26. Things get crazy… AWS picks Cilium for EKS-A Google picks

    Cilium for GKE & Anthos Cilium joins the CNCF

27. Security Observability & Runtime Enforcement

28. Tetragon

29. eBPF & Cilium Team Spirits Duffie Cooley Summer Hike, Cilium

    Team Europe CI Testing of Floating Equipment, Cilium Team US

30. Microsoft picks Cilium for AKS eBPF for Windows & Cilium

    for AKS

31. Isovalent & Grafana Labs Strategic Partnership

32. We Keep Growing…. … and skiing

33. The Team Grows Bill Mulligan, Cilium Community Pollinator Isovalent Work

    Uniform Watching Star Wars :jibicibation:

34. The advantages of a service mesh without the management overhead

    of running Istio or Linkerd is mind-blowing – Staff Software Engineer, Popular Fitness App Cilium Service Mesh

35. Service Mesh

36. We don’t always ski Liz Rice, Cilium Maintainer, Chief Open

    Source Officer Cilium Team Ride in Swiss Mountains Sebastian Wicki, Hubble Maintainer …sometimes we bike

37. or walk if we have to Kornilios, Nathalia, Maciej, Tobias,

    Timo, Nicolas, Tom Quentin & Team

38. What is Next?

39. None

40. mTLS Support for Network Policy mTLS via just Network Policy,

    no service mesh needed SPIFFE Integration Roadmap Highlights Certificate management via SPIFFE/SPIRE + SPIFFE ID selector matching Day 2 Ops

41. One more…

42. Cilium Mesh One Mesh to Connect Them All Connect!

43. Cilium Mesh One Mesh to Connect Them All

44. Cilium Mesh Connect! One Mesh to Connect Them All Principle

    #1: Combines all Cilium components into a single mesh: - Kubernetes Networking (CNI) - Cluster Mesh (Multi-Cluster) - Ingress & Egress Gateway - Load Balancer - Service Mesh Principle #2: Connects Kubernetes, VMs, and Servers across cloud, on-prem, and edge.

45. Thank you! isovalent.com