Kubernetes Day 2 challenges — Isovalent brings safe connectivity, nabs funding

There’s no query that Kubernetes has turn into the brand new enterprise normal on the subject of constructing and working fashionable purposes. 

In line with the Cloud Native Computing Basis’s (CNCF) annual survey, 96% of organizations are both utilizing or evaluating the container orchestration system. 

As such, at the moment’s enterprises and telcos are previous the Day 1 section of Kubernetes, stated Dan Wendlandt, CEO of Isovalent. 

And, as they develop into the Day 2 section, organizations are studying that Kubernetes doesn’t, by itself, present a networking layer with the safety, observability, reliability and efficiency required of extra mission-critical workloads, he identified. 

This has pushed demand for open-source applied sciences — together with Cilium and eBPF. To assist meet these ever-increasing wants, Isovalent at the moment introduced that it has closed a $40M collection B funding spherical. The corporate created the Cilium undertaking and offers Isovalent Cilium Enterprise, applied sciences each enabled by the brand new Linux kernel know-how eBPF. 

“eBPF is the one most attention-grabbing factor to occur in Linux up to now 10 and even 20 years,” stated Wendlandt. And, whereas Isovalent began as an “all-in” guess on the know-how and Kubernetes, “we’re nonetheless within the early days of seeing all of the methods by which Cilium and eBPF will rework the fashionable infrastructure layer.”

Kubernetes Day 2 challenges

• “Which Kubernetes distro do I run?” 
• “How do I migrate my preliminary purposes onto Kubernetes?” 

These are frequent Day 1 questions. However now that companies have “found out” methods to run Kubernetes itself, they’re tackling Day 2 challenges similar to the next:  

• “How do I troubleshoot connectivity failures or poor efficiency between two providers working in Kubernetes?”
• “How does my safety staff carry out an incident investigation in my Kubernetes surroundings?”

Not solely does Kubernetes not have built-in capabilities to deal with these issues, however conventional community infrastructure gadgets — firewalls, community load-balancers, community monitoring gadgets — are additionally restricted in closing gaps, stated Wendlandt. Such gadgets then turn into bottlenecks, given the explosion of API-communication between fashionable purposes. Equally, their concentrate on conventional packet-layer identification means they will’t perceive service-identity and API-call particulars in fashionable workloads. 

Cilium addresses these challenges by offering a multicloud and on-premises connectivity material that’s safe and observable. This runs instantly within the Linux kernel alongside every software workload. 

“This technological leap allows Isovalent to offer wealthy context and perception for safety and operator groups,” stated Wendlandt. 

Making eBPF consumable

eBPF, certainly, has fueled Cilum’s fast rise, stated Wendlandt. “eBPF basically permits us to show the Linux kernel new methods,” he stated. 

With out it, the networking stack inside Linux is essentially composed of code that hasn’t modified a lot in 20 years, he stated, and that was designed in an period when Linux was both working on a standalone server or a community equipment connecting static providers.

The world seems “drastically completely different” when Linux is used as the muse for Kubernetes infrastructure, Wendlandt stated, with tons of of containers working on every node and quickly showing and disappearing as workloads life-cycle through automated steady integration/steady supply (CI/CD) pipelines.

“eBPF permits us to show Linux to establish and correctly join, load-balance, firewall, and monitor these containerized workloads in a manner that may by no means be scalable or performant utilizing the legacy Linux networking,” stated Wendlandt. 

Nonetheless, he described it as a “very low-level know-how.” Cilium’s open-source group finally makes eBPF consumable, he stated. 

“Cilium offers a constant technique to join, safe and observe workloads throughout any kind of underlying multicloud infrastructure,” stated Wendlandt. 

Assembly fashionable workload wants

And Cilium continues to evolve. The know-how initially targeted on Kubernetes networking and safety use instances similar to connectivity, load-balancing and firewalling, stated Wendlandt. However demand prompted enlargement to community observability (Hubble), runtime safety observability and enforcement (Tetragon) and Cilium Service Mesh. Organizations are additionally trying to make use of eBPF to measure and implement software program provide chain safety and workload profiling. 

“It’s actually not an exaggeration to say that eBPF will change each side of how fashionable workloads run on any and all Linux platforms,” stated Wendlandt.

Wendlandt underscored the truth that Kubernetes guarantees consistency in life-cycle software workloads no matter underlying infrastructure. Multicloud environments the place workloads can seamlessly migrate isn’t “some pie-in-the-sky notion,” he stated. 

“Reasonably, it’s a realization that we’re and can proceed to be in a world of heterogeneous infrastructure, usually comprised of a mixture of non-public cloud and a number of public cloud suppliers,” he stated. 

He additionally identified that enterprises, distributors, analysts and enterprise capitalists alike are struggling to outline the brand new, rising layer within the enterprise infrastructure stack.

“As purposes shift towards being a set of API-driven providers, the safety, reliability, observability and efficiency of all purposes turns into basically depending on this new connectivity layer,” stated Wendlandt. 

The following step within the Kubernetes journey

Since its introduction in 2018, Cilium has been chosen because the default in a number of managed Kubernetes choices of main public cloud suppliers: Google Kubernetes Engine, Google Anthos and Amazon EKS Anyplace. 

Speedy adoption of Cilium throughout many verticals — finance/funds, ecommerce/retail, insurance coverage, telecommunications, authorities, information analytics, leisure — “highlights the truth that we’re fixing a important piece of the puzzle for customers as they take the following step on their Kubernetes journey,” stated Wendlandt. 

Moreover, Cilium is without doubt one of the fastest-growing cloud-native connectivity tasks within the Kubernetes ecosystem, he stated, and it’s the solely Container Community Interface (CNI) on the incubation degree within the CNCF. Its full “Graduated” undertaking standing is focused for early 2023.

Isovalent additionally co-maintains the eBPF codebase upstream within the Linux kernel, maintains ebpf.io, hosts the eBPF Summit, and helped create the eBPF Basis together with Meta, Netflix, Google and Microsoft. 

The latest funding spherical was led by Thomvest Ventures, joined by Google, Cisco, Microsoft and Grafana Labs. Further traders embrace Andreessen Horowitz, Mango Capital, and Mirae Asset Capital. The spherical will assist Isovalent double its staff — reaching roughly 100 workers — to proceed supporting open-source communities whereas addressing demand for Cilium Enterprise, stated Wendlandt.