Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Cilium Story - Why We Created Cilium

Thomas Graf
April 18, 2023
Technology
1
310

The Cilium Story - Why We Created Cilium

Cilium is well known today but why did we create it? This talk takes us back to the origins of Cilium. Together, we explore the adventure that led to the creation of the first few lines of Cilium source code. What was the vision? How close was it to what Cilium has become today? As we make our way exploring the many Cilium milestones, we look back to Cilium's roots in Switzerland, the many surprises on the way, and the major milestones that put Cilium on the trajectory it is today.

Thomas Graf

April 18, 2023
Tweet

More Decks by Thomas Graf

See All by Thomas Graf
Cilium Service Mesh - ServiceMeshCon Europe 2022
tgraf
0
230

Other Decks in Technology

See All in Technology
全AWSエンジニアに捧ぐ、CloudWatch 設計・運用 虎の巻 / CloudWatch design and operation bible
iselegant
26
8.7k
3 Critical Reasons I Stopped Using Story Points
eiki
0
230
日浅流、 エンジニアリングマネージャーのしごと
takahia1988
0
110
LLMの普及による機械学習の民主化とMLPdMの重要性 / democratization-of-ml-and-importance-of-mlpdm-by-llm
yuya4
2
1.6k
Keynote: Kishore Gopalakrishna, StarTree - The Rise of Real-Time Analytics | RTA Summit 2023
startree
PRO
0
130
個人データの利用に対する許容度に関する社会調査
hiroshinakagawa
0
140
[春のDojo祭り'23] いまからでも遅くない!データベース超入門 ハンズオン編
leekwangsoo1995
1
260
ABEMAのRenderScript Intrinsics Replacement Toolkit 導入事例
takahana
0
230
高さ比べじゃない、キャリアは歩んできた道
dzeyelid
0
210
ユーザーストーリーマッピング
kawaguti
PRO
4
780
Tech Dojo Introduction Of Monitoring
norimuraz
0
280
CyberAgent AI事業本部MLOps研修基礎編
hosimesi11
2
410

Featured

See All Featured
Building Flexible Design Systems
yeseniaperezcruz
315
35k
Reflections from 52 weeks, 52 projects
jeffersonlam
341
18k
We Have a Design System, Now What?
morganepeng
38
6.1k
How To Stay Up To Date on Web Technology
chriscoyier
779
250k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
Facilitating Awesome Meetings
lara
35
4.8k
Agile that works and the tools we love
rasmusluckow
322
20k
A Philosophy of Restraint
colly
195
15k
Learning to Love Humans: Emotional Interface Design
aarron
264
38k
Designing Experiences People Love
moore
130
22k
For a Future-Friendly Web
brad_frost
166
8k
The Art of Programming - Codeland 2020
erikaheidi
37
11k

Transcript

  1. Thomas Graf, Isovalent
    Co-Creator Cilium
    The Cilium
    Story
    Why we created Cilium

    View Slide

  2. - Networking
    - Security
    - Observability
    - Service Mesh & Ingress
    -based:
    Foundation
    Created by
    Technology
    Scalable, Secure,
    High Perfomance
    Networking
    Sidecar-free Service
    Mesh, Ingress, &
    Gateway API
    Security Observability &
    Runtime Enforcement
    Network
    Observability &
    Monitoring
    Cilium
    CNI
    Tetragon
    Cilium
    Service Mesh
    Hubble

    View Slide

  3. The Origins

    View Slide

  4. First Cilium Commit

    View Slide

  5. But First, we had
    to make it possible

    View Slide

  6. Makes the Linux kernel
    programmable in a
    secure and efficient
    way.
    “What JavaScript is to the
    browser, eBPF is to the
    Linux Kernel”
    Process
    Scheduler
    execve()
    Linux
    Kernel
    Syscall

    View Slide

  7. Origins of eBPF
    PlumGrid Crew: Pere Monclus, Brenden Blanco, Alexei Starovoitov
    Daniel Borkmann, Alexei, & Thomas discussing eBPF in the
    PlumGrid office
    Alexei Starovoitov

    View Slide

  8. eBPF Superpowers
    Brendan Gregg

    View Slide

  9. Daniel Borkmann speaking about eBPF
    eBPF
    Community Passion
    Brenden (VMware), Alexei (FB), Daniel (Isovalent) discussing
    the eBPF verifier at the Facebook booth

    View Slide

  10. Picture from a recent eBPF Kernel Conference with David S. Miller
    (Linux Kernel Networking Maintainer)

    View Slide

  11. The Founding

    View Slide

  12. From Left to Right:
    ● Thomas Graf
    ● Daniel Borkmann
    ● Madhu Challa
    ● Andre Martins
    25 Years Linux Birthday Party, Linux Foundation Event
    Early Cilium Presentation, ioVisor Summit
    Cilium Founding Team

    View Slide

  13. 1st Cilium Design Summit
    Cilium Design Summit, Diavolezza, Switzerland
    The moment we
    realized that
    observability
    matters

    View Slide

  14. - IPv6 Only
    - Built for Containers
    - Scalable & Flat L3
    - Identity-based security
    First Conference Talks

    View Slide

  15. Thomas Graf
    Co-Founder & CTO
    Dan Wendlandt,
    Co-Founder & CEO
    Isovalent
    Martin Casado
    General Partner, a16z
    Liz Rice
    Chief Open Source
    Officer
    Cilium joins CNCF
    Umesh Padval
    Venture Partner,
    Thomvest

    View Slide

  16. “We chose Cilium because
    we were looking for a simple
    solution, a resilient solution,
    and one which is ready for
    day two operations.“
    – Alex Berger, Chief Architect
    Cilium is a critical part of the
    Datadog network stack as it
    provides consistent Kubernetes
    networking across cloud
    providers as well as performant
    and secure communications,
    thanks to eBPF.
    – Laurent Bernaille, Staff Engineer
    The Beginning

    View Slide

  17. DockerCon
    2017

    View Slide

  18. “We are a bank. Everything
    is security first. We had to
    have a way to audit the
    network traffic down to the
    specific application that
    initiated the connection.”
    – Bradley Whitfield,
    Senior Lead Platform Engineer
    “We choose Cilium as it
    supports Network Policies at
    Layer 3/4/7, Cloud agnostic
    & easy to deploy anywhere.”
    – Adelina Simion,
    Technology Evangelist
    Network Policy

    View Slide

  19. Batman
    Visits
    From Left To Right: Thomas, Batman, Cynthia Thomas
    Dan, Cynthia, Thomas

    View Slide

  20. Getting an Office
    Martynas Pumputis (author kube-proxy replacement) performing engineering tasks
    New Logo
    Design
    Happy Birthday
    Andre Martins
    (Cilium Maintainer)

    View Slide

  21. “With Hubble, we are able to
    get easy traceability of
    network calls associated to
    a Kubernetes pod.”
    – Vlad Ungureanu, Backend
    Software Engineer
    Hubble

    View Slide

  22. Hubble UI
    Network
    Policy Editor

    View Slide

  23. Starting to
    Grow
    KubeCon! (Arvind Soni, Andre Martins, Ian Vernon)
    2K GitHub
    Stars
    Celebration
    Michi & Joe
    Cilium Maintainers

    View Slide

  24. “What makes Cilium Cluster
    Mesh unique in our opinion is:
    ● Cross cluster Service
    Discovery
    ● Cross cluster Service
    Load Balancing
    ● Cross Cluster Network
    Policies”
    – Karsten Nielsen, Senior Systems
    Engineer, Swedish Home
    Furnishings Retailer
    Cluster Mesh

    View Slide

  25. The Swiss Roots
    Live On
    Fondue in
    an AirBnB,
    Palo Alto
    Snow Chain
    Incident,
    Julier Pass
    (Product Manager
    is looking up
    tutorial on
    YouTube)
    Glib Smaga
    Hubble Maintainer
    and team
    Zurich Offsite

    View Slide

  26. Things get crazy…
    AWS picks Cilium for EKS-A
    Google picks Cilium for GKE & Anthos
    Cilium joins the CNCF

    View Slide

  27. Security Observability &
    Runtime Enforcement

    View Slide

  28. Tetragon

    View Slide

  29. eBPF & Cilium Team Spirits
    Duffie Cooley
    Summer Hike, Cilium Team Europe
    CI Testing of Floating Equipment,
    Cilium Team US

    View Slide

  30. Microsoft picks Cilium for AKS
    eBPF for Windows & Cilium for AKS

    View Slide

  31. Isovalent & Grafana Labs
    Strategic Partnership

    View Slide

  32. We Keep Growing….
    … and skiing

    View Slide

  33. The Team Grows
    Bill Mulligan,
    Cilium Community Pollinator
    Isovalent Work Uniform
    Watching Star Wars
    :jibicibation:

    View Slide

  34. The advantages of a service mesh
    without the management overhead of
    running Istio or Linkerd is mind-blowing
    – Staff Software Engineer,
    Popular Fitness App
    Cilium Service Mesh

    View Slide

  35. Service Mesh

    View Slide

  36. We don’t always ski
    Liz Rice, Cilium Maintainer,
    Chief Open Source Officer
    Cilium Team Ride in Swiss Mountains
    Sebastian Wicki, Hubble Maintainer
    …sometimes we bike

    View Slide

  37. or walk if we have to
    Kornilios, Nathalia, Maciej, Tobias, Timo, Nicolas, Tom
    Quentin & Team

    View Slide

  38. What is Next?

    View Slide

  39. View Slide

  40. mTLS Support
    for Network Policy
    mTLS via just Network Policy,
    no service mesh needed
    SPIFFE Integration
    Roadmap Highlights
    Certificate management via
    SPIFFE/SPIRE + SPIFFE ID
    selector matching
    Day 2 Ops

    View Slide

  41. One more…

    View Slide

  42. Cilium Mesh
    One Mesh to Connect Them All
    Connect!

    View Slide

  43. Cilium Mesh
    One Mesh to Connect Them All

    View Slide

  44. Cilium Mesh
    Connect!
    One Mesh to Connect Them All
    Principle #1:
    Combines all Cilium
    components into a single
    mesh:
    - Kubernetes Networking
    (CNI)
    - Cluster Mesh (Multi-Cluster)
    - Ingress & Egress Gateway
    - Load Balancer
    - Service Mesh
    Principle #2:
    Connects Kubernetes, VMs, and Servers across
    cloud, on-prem, and edge.

    View Slide

  45. Thank you!
    isovalent.com

    View Slide