Networking (Cilium)

Cilium is an eBPF-based Container Network Interface (CNI) plugin for Kubernetes. On its own, Kubernetes doesn't know how to route traffic between pods. Cilium is the component that does all the routing. Being largely based on eBPF, Cilium is extremely fast and has good observability capabilities.

Deployment

The OCF deployment of Cilium is configured to replace the default kube-proxy component with Cilium's implementation. We also use the Cilium ingress provider wherever possible (although there's no harm in deploying other ingress controllers if needed). The full configuration is available at ocf/kubernetes/apps/cilium.py.

Future Work

There's a lot we can do to optimize Cilium's performance. So far, not a lot of it has been done, since everything is more than fast enough for the OCF's needs. If this changes, there's probably a decent amount of free performance to be had by evaluating the Cilium tuning guide and deciding to use some of those optimizations.