Cilium + eBPF Day at Kubecon 2024

Alongside KubeCon 2024 Europe, Cilium + eBPF Day featured almost 20 sessions that ranged from deep dives from contributors to lightning talks and practical talks from end users. The event highlighted Cilium’s continued transformation of cloud-native networking.

Among the big moments of the day, CEO Idit Levine delivered a keynote address talking about the CAKES stack and making several announcements.

Announcing CAKES

Based on our experience working with many customers over the past years, we wanted to create a suitable stack for modern application networking. Each layer and project in the stack is built on the foundational principles of declarative configuration, strong workload identity, and standard integration points.

We’re calling this stack CAKES. The projects in the stack are the ones we know and love and make up the layers we need to build for the future of networking.

CAKES stack

Everything is based on Kubernetes. The first layer on top of Kubernetes is Cilium (or other CNIs) responsible for L3/L4 container connectivity and policies. To enforce policies at L7, the stack uses the SPIFFE/SPIRE projects for strong workload identities.

The Istio ambient mode is responsible for L4/L7 east-west connectivity, traffic splitting and routing, circuit breakers, and outlier detection. This layer also uses the strong workload identities provided by SPIFFE/SPIRE to create authorization policies. Lastly, for ingress/egress and API gateway, the stack relies on the Envoy proxy.

It’s important to bring the different layers of the stack together and ensure they work well. As part of this effort, we’ve done work in Istio’s ambient mode that enables it to work seamlessly, not just with Cilium, but with any other CNI. One of the exciting announcements made at KubeCon was that Istio’s ambient mode will reach beta status in the upcoming release!

Idit also announced Gloo Network for Cilium, which will help our customers accelerate their Cilium adoption. This integrated solution can help customers onboard, integrate, and monitor Cilium. It features enterprise support, an insights engine through a unified console, and seamless integration with Gloo Mesh.

But how can we help organizations adopt and implement the CAKES stack? Our enthusiasm for open source projects extends to the Backstage project. For that reason, we’ve announced Spotlight, an enterprise-grade Backstage distribution.

Cilium Capabilities Demo

Daneyon Hansen discussed supercharging Kubernetes networking with Cilium and IPv6 and showed a demo of Cilium IPv6 capabilities running on a Kubernetes cluster that’s configured for IPv6 only.

In the demo session, Daneyon showed multiple features resolving around Cilium’s IPv6 capabilities. The cluster is set up in such a way that the nodes get assigned IPv6 pod CIDRs. When Cilium is installed, the IPAM (IP address management) will assign IPv6 addresses to pods scheduled on the cluster nodes.

Daneyon showed the network connectivity between the pods running across multiple nodes, exposing one of the pods as a service and showing how the service gets assigned an IPv6 address. Finally, he showed DNS resolution and how kube-dns correctly resolved the DNS name to an IPv6 address. Similarly, tools like Hubble and NetworkPolicy CRDs work as well with IPv6.

Lastly, Daneyon demonstrated the BIG TCP feature added to the Linux kernel in the 5.19 release. This feature allows the kernel to handle larger transmit and receive packets, improving performance and latency and reducing CPU load.

Stay Tuned

KubeCon and co-located events like Cilium + eBPF Day serve as excellent opportunities to meet and chat with project maintainers and cloud-native leaders. This year, we were particularly excited to learn what’s new and what to expect in the future. Stay tuned for more information about CAKES and Spotlight!