Cilium is a CNCF Graduated Kubernetes networking, security, and observability project that uses eBPF to move datapath, policy, and visibility logic closer to the Linux kernel. The project is Apache-2.0, active on GitHub with 24K+ stars, and documented around Cilium 1.19.x at the time of this update. Its core value is giving Kubernetes teams an eBPF-based alternative to older iptables-heavy networking and policy paths.
The source-backed cloud story should be precise. Google Cloud documentation says GKE Dataplane V2 is implemented using Cilium and eBPF and is enabled by default for new Autopilot clusters, while Microsoft documents Azure CNI Powered by Cilium for AKS. Those facts are stronger and safer than broad claims that every major cloud provider has made Cilium the default networking layer in every Kubernetes offering.
Cilium’s surrounding ecosystem adds Hubble for flow observability, Tetragon for runtime-security observability and enforcement, Cluster Mesh for multi-cluster connectivity, and service-mesh-adjacent features such as mutual TLS, Gateway API integration, and Layer 7 protocol visibility. Teams should still plan migrations carefully and keep dedicated service-mesh platforms in scope when they need advanced L7 traffic management.
