Isovalent, the company that builds open-source cloud-native networking software that solves networking, security, and observability for modern infrastructure, announced the availability of Cilium Service Mesh.
Users will be able to run the service mesh completely without sidecars while supporting various control plane options.
Cilium Service Mesh complements the existing Istio integration based on sidecars that has been available as part of Cilium so far.
“With this, we aim to reduce complexity and overhead in the service mesh layer by introducing choice for our users. Users can decide based on their needs whether to run a service mesh with or without sidecars based on what best meets the requirements of their platform,” Isovalent wrote in a blog post.
As many companies are adopting Kubernetes, they increasingly look toward service meshes that originally spun out of web-scale application teams. This has brought the Kubernetes networking and service mesh layer closer together and created a demand for delivering a combination of the two.
Cilium uses eBPF as the highly efficient in-kernel datapath. Protocols at the application layer such as HTTP, Kafka, gRPC, and DNS are parsed using a proxy such as Envoy. Lastly, for service mesh use cases that go beyond the capabilities of Cilium, Cilium offers an Istio integration.
It brings all Istio features to Cilium while allowing Cilium to enforce L7 policies via the Istio-managed sidecar. Cilium also automatically optimizes some aspects of Istio such as shortening the sidecar network path injection and avoiding unencrypted data exposure between application and the sidecar.