What is Cilium?
Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes.
Cilium is a tool in the Security category of a tech stack.
Cilium is an open source tool with 20.4K GitHub stars and 3K GitHub forks. Here’s a link to Cilium's open source repository on GitHub
Who uses Cilium?
Companies
11 companies reportedly use Cilium in their tech stacks, including main, PayIt, and xxxx-trial.
Developers
24 developers on StackShare have stated that they use Cilium.
Cilium Integrations
Docker, Kubernetes, Kafka, Istio, and gRPC are some of the popular tools that integrate with Cilium. Here's a list of all 6 tools that integrate with Cilium.
Pros of Cilium
1
Cilium's Features
- Identity Based Security - Cilium visibility and security policies are based on the container orchestrator identity (e.g., Kubernetes labels). Never again worry about network subnets or container IP addresses when writing security policies, auditing, or troubleshooting.
- Blazing Performance - BPF is the underlying Linux superpower to do the heavy lifting on the datapath by providing sandboxed programmability of the Linux kernel with incredible performance.
- API-Protocol Visibility + Security - Traditional firewalls only see and filter packets based on network headers like IP address and ports. Cilium can do this as well, but also understands and filters the individual HTTP, gRPC, and Kafka requests that stitch microservices together.
- Designed for Scale - Cilium was designed for scale, with no node-to-node interactions required when new pods are deployed, and all coordination through a highly scalable key-value store.
Cilium Alternatives & Comparisons
What are some alternatives to Cilium?
Weave
Weave can traverse firewalls and operate in partially connected networks. Traffic can be encrypted, allowing hosts to be connected across an untrusted network. With weave you can easily construct applications consisting of multiple containers, running anywhere.
Istio
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.
Envoy
Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.
linkerd
linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.
Postman
It is the only complete API development environment, used by nearly five million developers and more than 100,000 companies worldwide.