
Cilium 1.4 released - rochacon
https://cilium.io/blog/2019/02/12/cilium-14
======
hardwaresofton
Support for multi-cluster routing is _huge_. One of the main pain points
managing Kubernetes in the large-deployment or cross-cloud use case is how to
bridge multiple clusters. SIG multi-cluster works on related architecture
issues/designs full time, and there are lots of other solutions out there, but
they're all kind of large and bulky.

If one "thing" (Cilium) can give me local-node breakneck speed (via eBPF
magic) _and_ cross-cluster (v1.4) _and_ node <-> node routing I would
absolutely drop everything and switch to it (my deployment is _very very_
small).

All that said, I'm currently very happy with kube-router[0], because it gave
me all-in-one node & service/pod routing (as in, you can actually _get rid of_
kube-proxy. Cilium is now way higher on my short list of things to check out
now as well.

[0]: [https://www.kube-router.io/](https://www.kube-router.io/)

~~~
lima
How does kube-router compare to Project Calico?

~~~
dexcs
Calico or Cilium? ;)

Compared to Cilium I would spontaneously say it's bpf and fqdn based network
policies.

------
01100011
For those of us that don't know everything, it is sometimes helpful to put a
description of a project in the title when announcing a new release.

In case anyone is ignorant like me:

> Cilium is open source software for transparently providing and securing the
> network and API connectivity between application services deployed using
> Linux container management platforms like Kubernetes, Docker, and Mesos.

~~~
jsilence
How does Cilium compare to HA-Proxy or Traefik? Are they operating in the same
realm or is that on another layer?

~~~
hardwaresofton
They're completely different products for different uses -- Cilium is a
overlay networking solution (so, more than one program working together) for
use inside container orchestration frameworks like Kubernetes/Mesos/Nomad,
where as HAProxy/Traefik are applications that do reverse proxying and load
balancing.

Cilium may happen to do some proxying and balancing but you dont do things
like "add a backend to Cilium" \-- you "add a backend" to Kubernetes, Cilium
is handling your networking, so it sees that, and ensure your frontend (which
is already deployed let's say) inside the same kubernetes cluster can speak to
the backend when it reaches out for it.

HAProxy is a TCP-only reverse proxy and load balancer similar to NGINX.

Traefik is a reverse proxy and load balancer (currently HTTP only I believe)
built relatively recently with modern features like a HTTP administration
interface, OpenTracing compliant (IIRC) request tracing, let's encrypt for
certs, and automatic polling of a container orchestration layer (if you have
one) to populate backends/frontends.

~~~
dnautics
This seems cool, but maybe I don't understand something... Wouldn't your
frontend and your backend be in the same kubernetes cluster?

~~~
hardwaresofton
Yeah, they would be -- Cilium handles your inter-cluster routing first and
foremost (making sure those two things can talk to each other, and have a
unique IP, which is a requirement of Kubernetes).

Some companies that are trying to do multi-cloud or really large kubernetes
installations (or just multi-tenancy) are finding that they have to split up
the clusters for isolation or availability as well, so now Cilium offers a
solution for that as well.

~~~
dnautics
Thank you for explaining!

~~~
hardwaresofton
No problem! Counting on the HN community to speak up and correct any mistakes
I may have made :)

