A Guided Tour of Cilium Service Mesh

The presentation discusses the benefits of a sidecarless service mesh with CNI and eBPF for improved performance and reduced complexity.

• The traditional sidecar model of service mesh can be problematic due to resource consumption and management complexity.
• A sidecarless service mesh with CNI and eBPF can reduce resource consumption and improve network performance.
• The use of eBPF allows for direct connection between the application and network interface, reducing the need for routing through the proxy.
• The presentation provides survey data and performance measurements to support the benefits of this approach.

The presenter shared a comment from a beta tester who found the sidecarless service mesh with CNI to be a perfect solution for their needs.

The Cilium project is adding Service Mesh features to its existing eBPF-enabled, identity-aware Kubernetes networking capabilities. This demo-driven talk explores how this works, and shows why it’s now possible to create a service mesh without sidecars. - Demonstrate why, before eBPF, the sidecar model was necessary for accessing an application pod’s network traffic - Explore how Cilium uses eBPF programs to connect Kubernetes endpoints - Show how this makes the sidecar model unnecessary for identity-aware connectivity - Demonstrate an example Cilium Service Mesh in use - Compare the resources used (in both userspace and the kernel) for both models Along the way, this talk will clarify some container and kernel concepts so that attendees can leave with a mental model of how eBPF-enabled service mesh really works.Click here to view captioning/translation in the MeetingPlay platform!