VMblog Expert Interview: Isovalent on the Launch of Cilium Service Mesh : @VMblog

Article

Search:

Follow VMblog.com:

Delivering a Friction-Free Experience for the Worker from Anywhere in the World

VMblog Expert Interview: Isovalent on the Launch of Cilium Service Mesh

Exclusive interview with Liz Rice, chief open source officer at Isovalent on the Launch of Cilium Service Mesh.

VMblog: Why does the cloud-native community need another service mesh, and what is Cilium Service Mesh's unique value to Kubernetes platform teams?

Liz Rice: Lots of platform teams would like the features of a service mesh for their Kubernetes infrastructure, but many report that sidecars bring additional administrative complexity and resource overhead. Cilium Service Mesh gives platform teams a sidecar-less option that is much lower latency and more resource efficient, and avoids the complexity of injecting sidecars.

VMblog: What are the main advantages of bringing service mesh capabilities closer to the Linux kernel? And how does Cilium Service Mesh accomplish this?

Rice: Cilium Service Mesh is able to achieve these performance breakthroughs because it's based on eBPF. eBPF is an operating system abstraction that allows dynamic changes to kernel behavior, and the Cilium project has long been using eBPF to provide a highly efficient networking solution for Kubernetes. We've now extended Cilium's capabilities to add Service Mesh functionality in the latest 1.12 release.

In the sidecar model, every single packet between two pods has to traverse two userspace proxies, making the network path very convoluted. When users choose the sidecarless option in Cilium Service Mesh, the network path becomes much shorter and more efficient. It also avoids duplicating the memory needed to run a proxy in every pod in the sidecar model, instead running one proxy per node (see: How eBPF will solve Service Mesh - Goodbye Sidecars).

VMblog: Who are the main contributors and maintainers involved with Cilium and this Cilium Service Mesh launch?

Rice: Cilium was originally created by the team at Isovalent, but we contributed it to the CNCF last year to cement its status as a community project. Major contributors include Datadog, F5, Form3, Google, Isovalent, Microsoft, Seznam.cz, and The New York Times.

VMblog: Where do you see cloud-native infrastructure evolving most rapidly today? What are its hardest unsolved problems?

Rice: If we consider Kubernetes to be the distributed operating system, then we need distributed tools for networking, observability and security. eBPF is a great platform for building these tools, and we'll see the ability to move more functionality into the kernel creating great strides in performance of cloud-native infrastructure tooling.

VMblog: Tell VMblog readers about Isovalent, the company. Who is involved, and why is this a company to watch in cloud-native infrastructure?

Rice: All of the core maintainers of the Cilium project share a deep focus on low-level network and security infrastructure, right down to the operating system kernel. Cilium creator and CTO and co-founder at Isovalent, Thomas Graf, had a long background as a kernel maintainer with eBPF and Open vSwitch. Daniel Borkmann from our team is one of the two eBPF maintainers for the Linux kernel. Isovalent uses our broad experience to create an enterprise distribution of Cilium that's being used by major brands in some highly scaled deployments, such as Adobe, Bell Canada, and IKEA as well as many managed Kubernetes platforms including products from Google Cloud and AWS.