What is Cilium?
Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes.
Cilium is a tool in the Security category of a tech stack.
Cilium is an open source tool with 15.5K GitHub stars and 2.2K GitHub forks. Here’s a link to Cilium's open source repository on GitHub
Who uses Cilium?
9 companies reportedly use Cilium in their tech stacks, including main, PayIt, and xxxx-trial.
19 developers on StackShare have stated that they use Cilium.
Docker, Kubernetes, Kafka, Istio, and gRPC are some of the popular tools that integrate with Cilium. Here's a list of all 6 tools that integrate with Cilium.
Pros of Cilium
- Identity Based Security - Cilium visibility and security policies are based on the container orchestrator identity (e.g., Kubernetes labels). Never again worry about network subnets or container IP addresses when writing security policies, auditing, or troubleshooting.
- Blazing Performance - BPF is the underlying Linux superpower to do the heavy lifting on the datapath by providing sandboxed programmability of the Linux kernel with incredible performance.
- API-Protocol Visibility + Security - Traditional firewalls only see and filter packets based on network headers like IP address and ports. Cilium can do this as well, but also understands and filters the individual HTTP, gRPC, and Kafka requests that stitch microservices together.
- Designed for Scale - Cilium was designed for scale, with no node-to-node interactions required when new pods are deployed, and all coordination through a highly scalable key-value store.
Cilium Alternatives & Comparisons
What are some alternatives to Cilium?
See all alternatives
Weave can traverse firewalls and operate in partially connected networks. Traffic can be encrypted, allowing hosts to be connected across an untrusted network. With weave you can easily construct applications consisting of multiple containers, running anywhere.
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.
Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.
linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.
It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.