Cilium Service Mesh features eBPF-based connectivity, traffic management, security, and observability, supporting both sidecar and sidecar-less deployments. Credit: Brzus / Getty Images Cilium has added a service mesh to the latest release of its open source network connectivity software, Cilium 1.12, as it looks to give developers more flexibility over how they control, monitor, and load balance their cloud-native applications. Despite all of their utility, service meshes are also notoriously complex to operate at enterprise scale, leading to something of an arms race to find the right balance between simplicity and performance, with existing solutions like Linkerd, Istio, Microsoft’s Open Service Mesh (OSM), and many others all vying for developers’ attention. How is the Cilium service mesh different? The Cilium Service Mesh has been built using native Kubernetes resources, and can be run without the need for a separate “sidecar” container for certain functionality like logging and auditing, while also complementing the popular existing sidecar-based method. It does this by combining the extended Berkley Packet Filter (eBPF) technology, which enables developers to safely embed programs in any piece of software, including operating system kernels, with the popular Envoy service proxy. “Cilium Service Mesh is all about choice,” Thomas Graf, the Cilium creator and Isovalent cofounder, said in a statement. “Enterprises want the ability to choose sidecars or sidecar-less, and they want a high-performance data plane powered by eBPF and Envoy that allows them to choose the best control plane for their use case.” To sidecar, or not to sidecar, that is the question With the Cilium 1.12 launch, Cilium is making the case that eBPF can be used to improve service performance by removing the inefficiencies created by a sidecar. Whether and when to use a sidecar or not will come down to the specific needs of the user, but by providing both options in parallel, Cilium hopes to allow developers to make better decisions regarding these tradeoffs for themselves. “Cilium’s argument is that eBPF can be used to improve performance, and I would expect other vendors to harness that technology accordingly,” Forrester analyst David Mooter said. However, while other vendors might start with the sidecar and augment that with capabilities enabled by eBPF, Cilium is betting on an eBPF-first approach. “If they can prove that eBPF can do this 100%, that would shake things up,” Mooter added. What else is in Cilium 1.12? In addition to the new service mesh, Cilium 1.12 also includes: A fully compliant Kubernetes Ingress controller—powered by Envoy and eBPF for security and visibility. ClusterMesh enhancements—to treat services running on multiple clusters as a single global service. With added service affinity, services can also be configured to prefer endpoints in the local or remote cluster. Egress Gateway and additional support for external workloads—to forward connections to external, legacy workloads through specific Gateway nodes, and masquerade them with predictable IP addresses to allow integration with legacy firewalls that require static IP addresses. Cilium Tetragon—to detect and and respond to security-significant events, such as process execution events, system call activity, and I/O activity including network and file access. Related content feature What is Rust? Safe, fast, and easy software development Unlike most programming languages, Rust doesn't make you choose between speed, safety, and ease of use. Find out how Rust delivers better code with fewer compromises, and a few downsides to consider before learning Rust. By Serdar Yegulalp Nov 20, 2024 11 mins Rust Programming Languages Software Development how-to Kotlin for Java developers: Classes and coroutines Kotlin was designed to bring more flexibility and flow to programming in the JVM. Here's an in-depth look at how Kotlin makes working with classes and objects easier and introduces coroutines to modernize concurrency. By Matthew Tyson Nov 20, 2024 9 mins Java Kotlin Programming Languages analysis Azure AI Foundry tools for changes in AI applications Microsoft’s launch of Azure AI Foundry at Ignite 2024 signals a welcome shift from chatbots to agents and to using AI for business process automation. By Simon Bisson Nov 20, 2024 7 mins Microsoft Azure Generative AI Development Tools news Microsoft unveils imaging APIs for Windows Copilot Runtime Generative AI-backed APIs will allow developers to build image super resolution, image segmentation, object erase, and OCR capabilities into Windows applications. By Paul Krill Nov 19, 2024 2 mins Generative AI APIs Development Libraries and Frameworks Resources Videos