Wow! The Isovalent team has had an amazing week at KubeCon Europe 2023 and while Amsterdam wasn’t as warm as Valencia, it turned out to be a great location.
Here are twelve things we took away from our week in Amsterdam:
1. CiliumCon rocked
Cilium was very well covered at the conference: with 15 (!) talks about Cilium, a packed project meeting (we were expecting 15 to 20 people and ended up with 3 times that as you can see one of the pictures below), a Cilium stand and an Isovalent booth and the inaugural CiliumCon, it felt at times as if Cilium and Isovalent were everywhere.
CiliumCon was an opportunity to listen to great stories: the likes of Ikea, New York Times and Bloomberg shared their experiences using Cilium at scale while Thomas told the genesis of Cilium. It’s during that talk that he also introduced our latest project: Cilium Mesh.
2. The Mesh to Connect Them All
The idea of extending the benefits of Cilium – high-performance networking, built-in observability and advanced security – across multiple clouds and to non-Kubernetes environments resonated.
Building a multi-cloud networking heterogenous platform with consistent security policies would have been quite the undertaking if we had started from scratch but Cilium Mesh actually leverages several existing Cilium components. Cluster Mesh (the feature to connect clusters together for load-balancing and service discovery and a hot topic at KubeCon) has been used in production by many users across many clouds, and the feature that adds non-Kubernetes objects to clusters and enforces network policies was introduced back in Cilium 1.9.
The VM support in particular really seemed to resonate with people – I heard from a user that wanted to leverage Cilium Mesh to connect edge locations to their Kubernetes clusters (with the edge locations being radio telescopes spread across the world and where there’s no Kubernetes cluster yet). We might take Kubernetes for granted but there are still many environments running effectively without it.
Cilium Mesh does two things: it combines these components into a single platform and, in the enterprise edition, adds some additional components (such as Transit Gateway) to provide high-performance and resilient end-to-end connectivity.
Liz’s demo on Cilium Mesh closed the conference and even though I have seen many of her terrific demos, it has to be up there with one of the best live KubeCon demos ever.
If you’d like to know more about the Cilium Mesh, sign up for the Cilium Mesh Introduction & AMA webinar on May 17.
3. “Isovalent, it’s freaking crazy!”
Companies founded by the creators of popular open source products can sometimes find it difficult to be distinguished from the original product. Last year, I remember having to explain who Isovalent were and being asked several times how “the job was at Cilium”.
This year, we found that the people were not just excited about Cilium – they were buzzing about our company, our brand, our enterprise product, our leaders and staff.
I overheard some French attendees saying “Isovalent, c’est ouf!”, which would roughly translate to “Isovalent, it’s freaking crazy!”
And I spoke to half a dozen people who wanted to join us (good news – we are hiring!).
4. Hearing from users
One of the minor inconvenience that comes with working in technical marketing is that I don’t get to spend as much time as I’d like with users of our tools. That’s why I skipped the vast majority of the sessions to talk to visitors to our booth.
While some of them would simply come for the swag and the chance to win a giant knitted bee (these are not words I had ever expected to write), many of them came with a use case in mind or because of a feature they had seen during one of our talks.
I’d listen to the attendees’ questions and requirements before embarking into a 5-minute pitch and some demos. The embedded Network Policy Editor in Isovalent Cilium Enterprise and the integration with Prometheus and Grafana were both key features that got folks really excited.
Consolidating their tools was another evident benefit.
5. Reducing the tool sprawl
I mentioned this in our deep dive on the Gateway API blog post but this is worth reiterating. Operators are overwhelmed by the number of tools they have to use for their Kubernetes networking needs.
So when you explain that Cilium natively supports observability, encryption of traffic in transit, an Ingress controller, Gateway API, load balancer and NAT46/64 capabilities and many more features. it potentially avoids the need for many tools (including unwieldy service meshes).
I mentioned Gateway API – this was a very hot topic at KubeCon and it was awesome to see our own Nick Young on stage co-presenting some of the exciting advancements in Kubernetes networking.
6. The iptables pain and eBPF to the rescue.
On many occasions, visitors to our booth were not after a specific feature – rather, they were in search of a solution to their scaling issues.
Several of us had conversations with customers – banks in particular – running Kubernetes at scale and experiencing latency and performance issues. Many of the embedded network CNIs in self-managed solutions are iptables-based and we heard many anecdotes of significant scaling issues. It doesn’t come as a surprise to us – iptables was never designed for the scale and the churn that comes with Kubernetes – and we would explain how Cilium’s eBPF kube-proxy replacement addresses many scaling issues by eliminating most iptables rules (as I highlighted in a previous blog post).
7. Migrating to Cilium and adopting Network Policies
We were also asked some more pragmatic operational queries such as:
- How do I migrate to Cilium?
- How do I move to a Zero-Trust network policy model?
And while there’s still some work to be done to make it as seamless as possible, we have made a lot of progress on that front in the past few months.
I pointed folks that were looking at migrating to Cilium to the recently launched Migrating to Cilium lab. Likewise, for anyone looking at using Cilium to leverage its advanced network policy capabilities, I recommended our Zero-Trust lab where the lab participant can leverage Isovalent Cilium Enterprise and Grafana to migrate from an open access model to a deny-all network-policy one.
8. No Ops without Observability
On the topic of Grafana: I hadn’t realized how ubiquitous Prometheus and Grafana were. Appropriately, we’ve announced the availability of a new Hubble datasource plugin for Grafana while Raymond and Anna presented to a packed room how best to monitor service connectivity and collect tracing data and golden metrics using standard Prometheus, Grafana, and OpenTelemetry exported from Cilium and eBPF.
If you want to learn more, sign up for our upcoming virtual workshop: Golden Signals with Hubble & Grafana on May 16.
9. Book Signings
Both Liz and Natalia had hundreds of folks queueing up to pick up copies of their books. eBPF is clearly such a hot topic that many people want to learn it!
If you didn’t get the chance to get your signed copy, you can always download it here.
I encourage you, dear reader, to play “Where’s
Wally Liz?” in this picture.
10. Bee-Come Secure with Tetragon
Meanwhile, Natalia’s book on Security Observability and her session on Tetragon with John show how, a year after its initial public release, Tetragon is gaining popularity as container runtime security tool.
Hundreds of attendees attended Duffie and Raphael’s session to get their hands on Tetragon – if you couldn’t make it, just head over to our Tetragon lab page to learn how to detect a container escape.
11. Cilium in the Cloud
Time and time again, we heard EKS, AKS and GKE users wanting to move to Cilium. Sometimes, I had to explain that they were already using Cilium: GKE Dataplane v2 is enabled for all new clusters and is implemented using Cilium while Cilium is the preferred CNI option for AKS (this recently-published page describes in details Cilium on Azure).
As for EKS users, they are blessed with many Cilium options: CNI chaining to deploy Cilium on top of the existing AWS-CNI, Cilium in ENI mode to benefit from Cilium’s IP address flexibility or even Isovalent Cilium Enterprise via the AWS Marketplace.
12. Hive Mind Mingle
Finally, I wanted to conclude with a thanks to our events and field marketing team for the exceptional planning and running of the booth and events. None of the above happens without their dedication. Our third Hive Mind Mingle was particularly popular: it was fantastic to spend the evening with some of the great minds in the cloud native infrastructure space.
See you next year, at my hometown in Paris.
Want to learn more on what’s next in the Cilium evolution? Sign up for our upcoming webinar: What’s new in Cilium 1.13 and beyond! on May 30.
- 1. CiliumCon rocked
- 2. The Mesh to Connect Them All
- 3. “Isovalent, it’s freaking crazy!”
- 4. Hearing from users
- 5. Reducing the tool sprawl
- 6. The iptables pain and eBPF to the rescue.
- 7. Migrating to Cilium and adopting Network Policies
- 8. No Ops without Observability
- 9. Book Signings
- 10. Bee-Come Secure with Tetragon
- 11. Cilium in the Cloud
- 12. Hive Mind Mingle