Cilium has become the leading Container Network Interface for Kubernetes by leveraging eBPF to move networking, security, and observability logic directly into the Linux kernel. This architectural decision eliminates the overhead of traditional iptables-based networking, enabling sub-millisecond latency, efficient load balancing with XDP and Direct Server Return, and identity-aware network policies that operate on Kubernetes labels rather than IP addresses. Google chose Cilium as the basis for GKE Dataplane V2, AWS adopted it for EKS Anywhere, and Azure integrates it into AKS.
The Cilium ecosystem extends beyond basic networking through three complementary projects. Hubble provides deep network observability with real-time service dependency maps, network flow monitoring, and Layer 7 traffic inspection exportable to Prometheus, OpenTelemetry, and Grafana. Tetragon adds security observability and runtime enforcement through eBPF programs that monitor process execution, file access, and network activity with synchronous enforcement directly in the kernel. Cilium Cluster Mesh enables secure multi-cluster connectivity with global service discovery across hybrid and multi-cloud deployments.
Cilium graduated from the CNCF in October 2023 and has become one of the fastest-moving projects in the cloud native ecosystem with over 20,000 GitHub stars. It supports service mesh capabilities including traffic management, mutual TLS, and integration with the Kubernetes Gateway API. The project provides a complete replacement for kube-proxy, Kubernetes NetworkPolicy, service mesh data planes, and traditional firewalling through a single eBPF-powered platform.