2

About this Report

2022 has been a wild ride for the Cilium project! The project itself is now 7 years old, but I feel like
we are just at the start of the most exciting part. With Kubernetes finally reaching large scale and
widespread adoption, the strengths of Cilium are truly beginning to show. 2022 was the year where
Cilium became the de-facto standard CNI. All major cloud providers and many of the most popular
Kubernetes distributions are using Cilium. This standardization on Cilium is bringing the benefits of
eBPF everywhere, giving companies a consistent connectivity experience wherever they need to
deploy Kubernetes, in or across clouds, on-prem, or even on a ship.

Based on the feedback from our user survey, this consistent connectivity is crucial because most
people are running multiple clusters with different tenants across disparate infrastructure. Having
Cilium as the CNI everywhere creates a seamless user experience anywhere you need to connect an
application - and in distributed computing everything goes over the network. End users across
diverse industries like finance, retail, software, and telecommunications are all realizing the
benefits of Cilium and eBPF and have shown that it is production ready at scale.

2022 is the year of the CNI for Cilium, but this is just the beginning of the Cilium ecosystem. The
purpose of this report is to share highlights of events, milestones, and feedback in the Cilium
Project's community. The data included in this report is taken from the Cilium User Survey, project's
public dashboard, GitHub organization, Slack, blog, and social media. If you have any comments or
feedback about this report, please reach out to the project at [email protected].

Thomas Graf
This is just the Co-Creator Cilium Project

beginning of the
Cilium ecosystem

THOMAS GRAF, Co-Creator

 3

Project snapshot

Cilium has seen tremendous growth in the project and community over the past year. These stats
provide a quick snapshot of some of that work!

Contributors

The top 10 contributors by number of PRs were Tobias Klauser, Paul Chaignon, Joe Stringer, André
Martins, Michi Mutsuzaki, Tam Mach, Martynas Pumputis, Bill Mulligan, William Findlay, and Jarno
Rajahalme. Thank you for all the work you have done for the project!

The number of people commenting on issues and PRs has increased by over 60% in the past year alone,
and over 6x in the past 5 years.

All unique comments (Year)

The top contributing companies
to Cilium by number of PRs
2018

2019 1 Isovalent

2 Independent
2020

3 Red Hat
2021
4 Google

2022
5 Datadog

0 200 400 600 800 1000 1200 1400

Users

The number of public users has more than tripled from 30 to 91! Alongside that, Cilium now also has
28 public case studies.
 4

Geographic location of our contributors

We had contributors from 53 countries with the most contributions coming from US, Germany, China, UK,
and India.

More countries
USA, 22.2% Germany, 10.7%

Canada, 2.7% Australia, 1.9%

Poland, 2.3% Netherlands, 1.9%

Japan, 2.7% India, 5.1%

53 Chech Republic, 2.1% Turkey, 1.4%

countries

Switzerland, 4.3% United Kingdom, 6.4% Russian Federation, 1.9%

...And Others, 15.4%

France, 5.1% China, 10.3%

Blog posts
125

100

The number of blogs produced by the community 75

at cilium.io/blog has more than quadrupled. It is 50

great to see the excitement in the community for 25

Cilium! 0
2017 2018 2019 2020 2021 2022

Growth ....20k here were come!

Cilium
from 9990 stars to 14055

Hubble
from 1680 to 2405

Tetragon
from 0 to 2013

Committers

Finally, we would like to thank the committers of Cilium for all the work and effort they put into the
project. Cilium has welcomed six new committers in 2022, and and we look forward to adding more in
2023. Cilium committers come from AMD, Datadog, Docker, Google, Independent, Isovalent, Palantir, Red
Hat, and SUSE.
 4

Release Highlights

Cilium 1.12 was released in July and made many improvements across networking, security, and
service mesh. The 1.13 release is imminent, with release candidate 4 already in preview.

Networking

Kubernetes Ingress

Cilium now provides a fully conformant implementation of Kubernetes Ingress to provide

features such as path-based routing, TLS termination, or sharing a single load-balancer IP for
many services.

Cluster Mesh

Topology-aware routing and service affinity allows services to be configured to prefer endpoints in the
local or remote cluster.
 4

Multi-Cluster for External Workloads allows connecting existing non-Kubernetes workloads into the
Kubernetes cluster for a consistent experience. For example, enforcing network policies across Kubernetes,
OpenStack, and bare-metal environments all at once.

Egress Gateway

Cilium enables users to route selected

cluster-external connections through
specific Gateway nodes, masquerading
them with predictable IP addresses to
allow integration with traditional
firewalls that require static IP addresses.

BGP and IPv6

IPv6 support has been added to the BGP control plane. By leveraging a new feature-rich BGP engine,
Cilium can now set up IPv6 peering sessions and advertise BGP IPv6 Pod CIDRs.

Load-Balancing

Cilium Layer 4 load-balancer (L4LB) now

supports NAT46 and NAT64 for services. This
allows exposing an IPv6-only Pod via an IPv4
service IP or vice versa. This is particularly
useful to load-balance IPv4 client traffic at
the edge to IPv6-only clusters.

Performance

Cilium is the first CNI to support TCP BBR (Bottleneck Bandwidth and Round-trip Propagation Time)
congestion control for Pods in order to achieve significantly better throughput and lower latency for Pods
exposed to lossy networks such as the Internet. The bandwidth manager used to rate-limit Pod traffic and
optimize network utilization has been promoted to stable.
 5

Security

Tetragon

Tetragon is the latest open-source project in the Cilium family. Currently considered beta-level
maturity, it provides eBPF-based transparent security observability combined with real-time runtime
enforcement. The deep visibility is achieved without requiring application changes and is provided at
low overhead thanks to smart in-kernel filtering and aggregation logic built directly into the
eBPF-based kernel-level collector. The embedded runtime enforcement layer is capable of performing
access control on the system call and other enforcement levels.

Security Posture

You can now run Cilium as an unprivileged

container/Pod to reduce the attack surface of
a Cilium installation and the required
Kubernetes privileges have been greatly
reduced to the least needed for Cilium to
operate.

Service Mesh

Cilium 1.12 included the GA release of

Cilium Service Mesh, enabling a service
mesh that doesn’t need sidecars in every
pod. This release supports Kubernetes
Ingress and the Envoy CRD as control plane
options, as well as a simple option to
enable L7 visibility with Prometheus and
OpenTelemetry as outputs. This is an
alternative to Cilium’s previously existing
ability to act as the dataplane for an Istio
deployment. The SPIFFE and Gateway API
integrations are currently in the works.
 6

User Surveys

We took the chance to survey our users to see what they said about the project. When we asked what
feature of Cilium was most important, there was a mix of responses alluding to Cilium being used in
many different ways with different requirements and priorities. However, when asked what the biggest
challenge with Kubernetes networking is, our respondents resoundingly answered “observability”, and
expressed thanks for Hubble’s help in this area.

When we asked our users what features they were relying upon the most they answered networking,
kube-proxy replacement, and Hubble. Service Mesh, Ingress, Multi-cluster, Encryption, and LB are
the most evaluated and planned features and some people are already running Service Mesh in
production today!

No one feature is most important to our users

What do you consider Cilium’s most critical feature?

32 responses

eBPF-based Networking
31.3%

15.6% Network visibility & Metrics

18.8% Performance

Transparent Encryption

9.4% 6.3%
Scalability

Network policy

12.5% 6.3%

Multi-Cluster

People are excited about expanding their use cases for Cilium! This all makes sense when we look at
how people are running their Kubernetes environments with almost everyone running more than one
cluster and most clusters having multiple tenants. Being able to connect them together and secure the
network will be key.
 7

Basically everyone runs more than one cluster

How many Kubernetes clusters are you running?

25%

21.9% 1

2-5

6-20
12.5%

>20

40.6%

Majority of clusters are multi-tenant

Is your Kubernetes environment hosting multiple app teams?

12.6%

Single tenant per cluster

25% 2-5 tenants per cluster

6-50 tenants per cluster

43.8% >50 tenants per cluster

18.8%
 8

Cilium in Production

In 2022, Cilium has gone from a few stories to full blown production everywhere. All major cloud
providers now use Cilium in their Kubernetes offerings and Cilium is the CNI for many of the most
popular Kubernetes distributions.
 9

Community Quotes

Microsoft

Microsoft is thrilled to partner with the Cilium community to bring the power of eBPF and Cilium
natively in Azure. Leveraging Cilium’s capabilities to provide eBPF-enriched features like efficient
load-balancing, extensive network security features, and rich observability integrated well along
with industry-leading robust and scalable Azure CNI IP Address Management (IPAM), with VNET and
Overlay mode, will give the most performant and best-in-class container networking platform for
our customers. As a native offering, customers will find it significantly easier to leverage Cilium
directly on Azure and with other integration work in progress to offer the advanced features of
Cilium, we are truly excited about the future of Cilium on Azure.”

Chandan Aggarwal, Principal Software Engineering Manager of Microsoft

Grafana

We want to make sure that Grafana observability is easily available wherever our ever-expanding
community needs it. eBPF and Cilium are quickly becoming the de facto standard for secure and
observable connectivity in Kubernetes, so we partnered with the Cilium team to help our mutual
users with a critical need. Our engineering teams are now working together to leverage the open
source Grafana LGTM Stack (Loki for logs, Grafana for visualization, Tempo for traces, and Mimir for
metrics) to enhance eBPF-based observability for monitoring, troubleshooting, and security
workflows."

Raj Dutt, CEO and co-founder of Grafana Labs

SP Global

It is important to create a Highway in our Kubernetes world in order for the network to seamlessly
communicate with all of the ecosystem and still provide the perfect end user experience. Using
Cilium CNI, we built that Highway and that Highway today communicates seamlessly with our
on-prem, cloud, SaaS, and all our downstream systems in order to make that experience very
reliable and very smooth so that every time the app owner or application developer doesn't have to
rethink, re-enovate, or redo how do I connect to my data and data center, how do I connect to my
database, how do I connect to my a service in a SaaS. Using Cilium CNI, the Highway is built and
through the common fabric of Cilium we provide that very seamless and secure connectivity.”

Guruprasad Ramamoorthy, VP Global Head of Network Architecture, Engineering & Operations of

S&P Global
 10

Community Events

KubeCon

Cilium was well represented at both KubeCon EU and NA. There were 10 talks about Cilium in
Valencia and 14 in Detroit. In Detroit, Cilium hosted its first in-person project meeting, and applied
for graduation in the CNCF.

KubeCon Europe in Valencia

KubeCon + CloudNativeCon EU was the first in

person Kubecon since 2019 and there was a lot to
catch up on. Cilium was covered in both technical
talks from contributors and end user stories from
people putting Cilium into production. There were
presentations on everything from Cilium Clustermesh
to Cilium for telco workloads to a tour of the Cilium
service mesh.

KubeCon NA in Detroit

Cilium was a part of 13 talks at KubeCon +

CloudNativeCon North America covering KubeCon,
eBPF Day, ServiceMeshCon, Observability Con,
Security Con, and Kubernetes on Edge Day. You can
read all about them in blog post. Microsoft
announced they were choosing Cilium for AKS and
Grafana also announced an integration with Cilium.

Thomas Graf submitted the application live on

stage at KubeCon and you can show your
support for our graduation application on the PR.
 11

eBPF Summit

eBPF Summit is the yearly conference looking at the innovation around eBPF from many different
perspectives, from kernel maintainers working on eBPF implementation, through projects using
eBPF technology to create next-generation tools, to end users sharing their experiences of
leveraging this awesome new set of capabilities. Cilium was well represented with production
use cases and debugging stories.

Press a hexagon to watch the talk on eBPF

Meetups

2022 was the first year back to in person meet ups and it was great to see Cilium popping up in
different countries. You can catch all of the videos on Youtube.
 12

Looking forward to 2023

If 2022 has been the year of Cilium as the CNI, I have three predictions for 2023: service mesh maturity,
ecosystem expansion, and increased software supply chain security. Finally, as a milestone, I think
Cilium will also graduate from the CNCF.

Cilium service mesh was launched at the end of 2021 and the first users already have it in
production. Just like using the same CNI everywhere provides a consistent user experience across
infrastructures, Cilium Service Mesh provides one solution to control, observe, and secure your
network from L3-L7. The main service mesh feature that is missing right now is mTLS, but that will be
included in one of the next releases of Cilium. Check out the release candidates to get involved in the
testing! Once that is just a flag away, the onboarding to Cilium Service Mesh will massively accelerate.
With Cilium Service Mesh, end users finally will have control of their network from L3-L7 in one place
rather than trying to debug networking issues across layers and tools.

With Cilium as the standard CNI, an ecosystem can now begin to emerge around it. Standardization
makes it massively easier to provide integrations and extensions since everyone is using the same
base. We can already see this ecosystem beginning to form with the Grafana announcement. With
Cilium everywhere capturing observability data using eBPF, it makes total sense to connect it to Grafana
and visualize the data. With Cilium capturing data in the kernel with eBPF, the ecosystem around
Cilium can leverage this data and functionality to build better platforms for end users. 2023 will be
when we start to see these integrations and functionalities explode.

Finally, it wouldn’t be 2022 without mentioning the software supply chain security and 2023 will see
Cilium at the forefront of it. Cilium as a project has already taken steps forward on this front by
generating signed releases and a software bill of materials (SBOM). We have also worked to
reduce the privileges needed to run and operate Cilium. More far reaching than this though is how
people are using Tetragon to secure the software supply chain by verifying eBPF traces for Supply
Chain Artifacts. There are so many use cases for Tetragon to make systems more secure and the
excitement around the project just highlights that. 2023 will see an even more secure Cilium and better
protected software supply chain because of Cilium.

If all of this has gotten you excited about Cilium, there are many ways to get involved. The best way to
start is to check out the Cilium project on GitHub. There, you can find information about the project, as
well as ways to get involved, such as reporting bugs, suggesting new features, or contributing code.
Additionally, the Cilium community is active on Slack and Twitter. If you want to just follow along for
now, be sure to sign up for the newsletter. If you have any questions or comments please reach out to
[email protected].