In this blog post you read how Isovalent convinced us in all aspects and how you as a customer can also benefit from this partnership.
As a new star in the Cloud Native sky (if we can see through the Clouds), Cilium has become one of the most hyped technologies in the space and is now an Incubating Project in the CNCF. But that wasn’t the only reason we kept an eye on Cilium. Behind the project is a Swiss man who, along with a partner, founded Isovalent which is headquartered in Zurich and California. (There are whispers that there will be some news about this office soon too). But at Puzzle, new strategies are not determined by such factors alone. The technology has to be good, our people have to have fun working with it, and it has to provide value to our customers. As you can guess from this post, Cilium delivered on all counts.
How it all started
Two years ago some team members became aware of Cilium and took a closer look at the technology. Already then, our people considered the potential to be massive. Not only that Cilium can work without iptables and therefore scales better than other CNI plugins, but also because eBPF processes many things directly in the kernel and thus reduces latency. Furthermore, the observability with Hubble drastically improved our visibility into production systems.
With Isovalent, we were able to hold an event together in Zurich last summer. Priyanka Sharma (Executive Director and General Manager of CNCF), Liz Rice (Chair of the CNCF Technical Oversight Committee), and Thomas Graf (Founder, CTO of Isovalent) gave our customers an insight into CNCF, eBPF, and Cilium. A special thanks again to Phil Meier for his support and great moderation (here you will find more information about the team).
After further positive feedback from our customers, it was clear to us that we would like to offer consulting in the area of Cilium in the future. Interested engineers deepened their knowledge and experience with Cilium throughout an intensive week. Furthermore, we integrated Cilium into our internal Rancher platforms and officially became a partner of Isovalent.
Today: Is Cilium also something for me?
We would like to clarify this question and show you the advantages of Cilium for both OpenShift and Rancher.
As also explained in this blogpost by Philip “Cilium on Rancher”, Cilium has the potential to become the de facto CNI standard for Kubernetes. For example, because Cilium can completely dispense with the use of iptables, it allows many more services to be run on individual clusters. By using eBPF, the traffic does not travel through the Linux TCP/IP stack, but can go directly through the kernel, which significantly reduces latency. Cilium also helps you easily connect multiple clusters with Cluster Mesh and visualize the traffic of your applications in the HubbleUI.
Do you have an OpenShift platform?
If you are using OpenShift, Cilium is highly interesting. Using the integrated service map, you can quickly identify communication relationships between pods and track the flow of packets. Since Cilium also provides DNS and HTTP transparency, you can see which external services or which API endpoints are being accessed. Based on this, you can also reliably monitor the “golden signals” – the four metrics that help you see the health and performance of your application in the container world based on latency, traffic, errors, and saturation – and display them in Grafana. You can also limit this visibility to namespaces allowing you to provide a separate, application-specific view for each application team. This is an often invaluable value-add to free up the OpenShift Ops team and give application developers on the platform more control and visibility into their stack.
Because of the deep insight into the network, you can also create more accurate network policies using Cilium. Cilium Network Policies understand DNS names and API endpoints, allowing for a much more granular description for required rules.
In addition, Cilium helps you connect an OpenShift cluster to other components in your data center. Cilium load balancing can simplify routing of inbound traffic, while outbound traffic, for example, can always allow the same source IP address depending on the destination – static egress IPs are supported for individual namespaces or even pods with specific labels. And if multiple OpenShift clusters are in use, Cilium can interconnect them, enabling internal, but at the same time cross-cluster routing – secured by encryption (Wireguard or IPsec) that is transparent to the applications.
Of course, Cilium is fully supported as a certified OpenShift operator.
Rancher in use?
SUSE Rancher has also recognized the potential of Cilium. Therefore, it is available as a possible CNI starting with release 2.6. You can already define Cilium as your CNI when installing SUSE Rancher. How such an installation can look and which further advantages Cilium offers you on Rancher, you can read in the blog post „Cilium on Rancher“ from Philip.
In the Cloud
Many cloud providers are already using Cilium. The most important from our point of view, APPUiO Cloud, since last December. But also well-known providers like the Google Cloud and AWS rely on Cilium.
Hybrid Cloud
As already written about OpenShift, multiple Kubernetes clusters can be connected with Cilium. In this use case, if you have one OpenShift cluster on prem and another in the Cloud, Cilium can perfectly support your Hybrid Cloud journey. Even if you rely on another Kubernetes distribution in the cloud or on prem, they can also be connected, traffic logged, checked, allowed, disallowed etc. with Cilium. You can find more information about it here.
Cilium Pricing and benefits of Cilium Enterprise
Cilium is an open source project with a constantly growing community. Isovalent offers an enterprise version of Cilium based on this technology, Isovalent Cilium Enterprise. This is hardened for enterprise use, goes through a lot of special tests, offers hotfixes and backports, and of course comes with 24/7 support to run in your environment.
In addition, this enhances the existing project with a variety of features that are especially important to you if you are using Cilium in an enterprise environment. You can find more information here or we can discuss it over a cup of coffee.
Services and Training
Since Fall 2021, we have continued to build our knowledge around Cilium. We are already in contact with several customers and have helped them with the integration and setup of Cilium. Furthermore, our partner acend has developed a Cilium training, which gives a good insight into this new world.
Get in contact with us
If we have piqued your interest, please feel free to contact us, we would love to have a coffee/beer with you and talk about the potential of Cilium in your Kubernetes environment. We are looking forward to an exchange with you.