Cilium logo

Cilium

API-aware networking and security for containers
33
78
+ 1
1

What is Cilium?

Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes.
Cilium is a tool in the Security category of a tech stack.
Cilium is an open source tool with 18.3K GitHub stars and 2.6K GitHub forks. Here’s a link to Cilium's open source repository on GitHub

Who uses Cilium?

Companies
11 companies reportedly use Cilium in their tech stacks, including main, PayIt, and xxxx-trial.

Developers
22 developers on StackShare have stated that they use Cilium.

Cilium Integrations

Docker, Kubernetes, Kafka, Istio, and gRPC are some of the popular tools that integrate with Cilium. Here's a list of all 6 tools that integrate with Cilium.
Pros of Cilium
1
Sidecarless

Cilium's Features

  • Identity Based Security - Cilium visibility and security policies are based on the container orchestrator identity (e.g., Kubernetes labels). Never again worry about network subnets or container IP addresses when writing security policies, auditing, or troubleshooting.
  • Blazing Performance - BPF is the underlying Linux superpower to do the heavy lifting on the datapath by providing sandboxed programmability of the Linux kernel with incredible performance.
  • API-Protocol Visibility + Security - Traditional firewalls only see and filter packets based on network headers like IP address and ports. Cilium can do this as well, but also understands and filters the individual HTTP, gRPC, and Kafka requests that stitch microservices together.
  • Designed for Scale - Cilium was designed for scale, with no node-to-node interactions required when new pods are deployed, and all coordination through a highly scalable key-value store.

Cilium Alternatives & Comparisons

What are some alternatives to Cilium?
Weave
Weave can traverse firewalls and operate in partially connected networks. Traffic can be encrypted, allowing hosts to be connected across an untrusted network. With weave you can easily construct applications consisting of multiple containers, running anywhere.
Istio
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.
Envoy
Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.
linkerd
linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.
OpenSSL
It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
See all alternatives

Cilium's Followers
78 developers follow Cilium to keep up with related blogs and decisions.