Introducing CAKES

CAKES is an acronym for open-source technologies that effectively integrate and solve modern application networking challenges, as well as a metaphor for layering certain technologies in order to provide a holistic solution.

Certain principles are important when evaluating a suitable application networking stack, but so are the open source communities surrounding those cloud-native tools. We strongly considered the strength of each community as well as successful technology adoption within the ecosystem when selecting the technologies for the various layers in an effective modern networking stack. Learn more about this in our full white paper on CAKES.

For an overview of CAKES, read on.

CAKES Application Networking Layers

CAKES consists of the following layers:

C – CNI / Cilium / Calico

Cilium and Calico are CNI (container networking interface) implementations. They address concerns in the L3 and L4 layers of the networking stack on top of Kubernetes. This component needs to provide a few basic capabilities that form the foundation of the rest of the networking layers: basic network connectivity, network policy, and SNAT/DNAT between the Kubernetes overlay and the VPC.

A – Ambient mode / Istio

This layer solves issues like secure zero trust connectivity using SPIFFE workload identity and mTLS, authorization policies, traffic management/load balancing, service discovery, and L7 observability metrics, traces, and logs.

K – Kubernetes

Kubernetes is the foundation of modern platforms that platform engineering teams should start with and build upon. Kubernetes is a powerful container orchestration and service abstraction tool responsible for deploying and managing services across a fleet of machines.

E – Envoy / API Gateway

This layer provides the L7 functionality needed in an ingress/egress API gateway. This layer provides functionality like TLS termination and origination, rate limiting, external authorization integration, load balancing, traffic routing, observability, metric collection, and more.

S – SPIFFE / Spire

This layer is the foundation of workload identity in our networking solution. SPIFFE is an open-source specification for assigning cryptographic workload identity in a dynamic and heterogeneous environment and can be leveraged by other layers in the stack.

Explore the full descriptions for each technology in our CAKES white paper.

Adopting CAKES

These technologies can be adopted individually or holistically with platform engineering. We recommend incrementally building an organization platform based on user/developer feedback.

CAKES empowers platform owners and engineers to improve the developer experience, speed of delivery, and compliance posture. CAKES is well-suited for platform engineering approaches and fits natively within GitOps workflows. is at the forefront of driving the respective OSS projects that make up the CAKES stack and is the only one to provide commercial support for this stack.

To learn more about CAKES, download our white paper.