The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Cilium.

Cilium is an eBPF-powered open source, cloud native solution for providing, securing, and observing network connectivity between workloads.

Cilium began as an eBPF-based implementation of the Container Networking Interface to provide Layer 3-4 connectivity between container workloads. It has since expanded to include capabilities like network policy, meshing multiple Kubernetes clusters together, replacing kube-proxy, providing network encryption, integrated ingress and egress gateway, bandwidth management, BGP, and connecting external workloads into Kubernetes. The Cilium project pioneered sidecarless service mesh, and its sub-project Hubble provides network observability for layers 3-7, metrics, service map, and UI, while Tetragon focuses on security observability and runtime enforcement.

"Cilium's graduation highlights its evolution from a simple CNI to a complete networking, observability, and security solution that prepares platforms and organizations for the next steps on their cloud native journey," said Thomas Graf, Cilium co-founder and CTO of Isovalent. "On behalf of the project, we wish to thank every contributor who has collectively brought us to graduation within CNCF."

Cilium was initially created by Isovalent and was built from the ground up based on eBPF. It became an Incubating CNCF project in October 2021 and now has maintainers from 7 different companies and over 800 individual contributors. The project powers some of the largest Kubernetes clusters in the world, with end users ranging from digital native startups to the world's largest financial institutions and telcos. It has 46 public case studies from companies, including Bell Canada, Bloomberg, DB Schenker, S&P Global, Sky, and The New York Times, and well over 100 organizations listed in its USERS file. Cilium is the second most active CNCF project in terms of the number of commits, behind only Kubernetes.

"eBPF has grown into a powerful technology for extending the Linux kernel to meet a variety of use cases," said Chris Aniszczyk, CTO of CNCF. "Cilium and the modern eBPF stack will help shape the future of cloud native networking and observability. Cilium has demonstrated really impressive growth in its nearly two years in the Incubator, and we're excited to watch as the ecosystem continues to push the benefits of eBPF even further."

Graduation is not the end goal but rather the beginning of creating the ecosystem around Cilium. The project is growing beyond just Kubernetes to include support for external workloads, like bare metal and virtual machines. It was the first project to add support for Gateway API and includes a Layer 4 load balancer for north-south traffic. Cilium Service Mesh also enables workloads to mutually authenticate their connections using SPIFFE/SPIRE. Cilium now integrates with Prometheus and Grafana for simplified Day 2 operations.

"When embarking on a project, one can never predict its ultimate success, but the belief in its potential to address complex challenges is the driving force," said André Martins, Cilium maintainer. "Witnessing Cilium achieve CNCF graduation is a testament to the unwavering support the community has contributed over the years. With each passing year, as the community continues to grow and deepen its support, it instills a profound sense of confidence in more organizations to adopt and integrate it into their infrastructure. This graduation isn't the end; rather, it serves as a validation of the breakthroughs Cilium will pioneer in the years to come."

"From the earliest days of Kubernetes, we knew that a thriving ecosystem was a critical ingredient, and Cilium is perhaps the most visible demonstration of this. Cilium taps into the power and excitement of eBPF to super-charge Kubernetes networking," said Tim Hockin, distinguished software engineer at Google Cloud. "While it may have started as 'just a network plugin', Cilium has evolved into much more than that, with a broad feature set which speaks to many types of users from startups to major enterprises. I'm thrilled to see Cilium be successful – it's really a win for Kubernetes users everywhere."

To officially graduate from incubating status, the project underwent a due diligence process with the CNCF Technical Oversight Committee (TOC), completed a third-party security audit, and drove the process to allow CNCF projects to include GPL-licensed eBPF code to run in the kernel. Graduation validates Cilium's growth, maturity, and future outlook and cements the project's leadership in the eBPF space.