The Cloud Native Computing Foundation (CNCF) announces the release of Cilium 1.12. The open source tool, tailored to secure network connections between containerized applications, now contains its own service mesh that does not require a sidecar and is therefore an alternative to Istio integration. Also new in Release 1.12 is an ingress controller that is fully compliant with Kubernetes and, like Cilium itself, is also based on Envoy and eBPF.
With or without a sidecar
With the release of the new version, the Cilium Service Mesh is officially considered stable and released for productive use. In addition to Istio, users should thus receive another service mesh alternative that can be used without a sidecar and also allows a number of control plane options, as Isovalent CTO and Cilium developer Thomas Graf emphasizes in the blog post announcing Cilium 1.12 . Like the ClusterMesh function for managing cross-cluster services, the Cilium Service Mesh also uses the native resources of Kubernetes and is based on the proven data plane from Envoy Proxy and the kernel sandboxing technology eBPF.
With CiliumEnvoyConfig (CEC), a new low-level abstraction is also available that allows direct programming of Envoy proxies for more complex L7 application scenarios via Custom Resource Definitions (CRDs) in Kubernetes. In future releases, the Cilium team intends to add more control plane options like the Kubernetes Gateway API to also ensure extended compatibility with service meshes like Istio, which have already embarked on the path towards the Gateway API.
The Cilium Service Mesh does not need a sidecar.
The Egress Gateway, previously only available as a beta, has now also reached stable status in Cilium 1.12. Connections to external legacy workloads can also be forwarded via dedicated gateway nodes. To ensure integration with firewalls that require static IP addresses, the IP addresses can be masked accordingly. In combination with ClusterMesh, external workload requests that arrive on other clusters in the mesh can also be processed.
Keep safety in mind
Other innovations in Cilium 1.12 include the Tetragon component, which is intended to provide more extensive security observability on the basis of eBPF, for example to be able to react specifically to security-related events. More details and a complete overview of all changes in the new Cilium release can be found in the CNCF blog post and on the project website.
To home page