Kubernetes Day 2 challenges — Isovalent brings secure connectivity, nabs funding
There’s no question that Kubernetes has become the new enterprise standard when it comes to building and operating modern applications.
According to the Cloud Native Computing Foundation’s (CNCF) annual survey, 96% of organizations are either using or evaluating the container orchestration system.
As such, today’s enterprises and telcos are past the Day 1 phase of Kubernetes, said Dan Wendlandt, CEO of Isovalent.
And, as they grow into the Day 2 phase, organizations are learning that Kubernetes does not, on its own, provide a networking layer with the security, observability, reliability and performance required of more mission-critical workloads, he pointed out.
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
This has pushed demand for open-source technologies — including Cilium and eBPF. To help meet these ever-increasing needs, Isovalent today announced that it has closed a $40M series B funding round. The company created the Cilium project and provides Isovalent Cilium Enterprise, technologies both enabled by the new Linux kernel technology eBPF.
“eBPF is the single most interesting thing to happen in Linux in the past 10 or even 20 years,” said Wendlandt. And, while Isovalent started as an “all-in” bet on the technology and Kubernetes, “we are still in the early days of seeing all the ways in which Cilium and eBPF will transform the modern infrastructure layer.”
Kubernetes Day 2 challenges
- “Which Kubernetes distro do I run?”
- “How do I migrate my initial applications onto Kubernetes?”
Those are common Day 1 questions. But now that businesses have “figured out” how to run Kubernetes itself, they are tackling Day 2 challenges such as the following:
- “How do I troubleshoot connectivity failures or poor performance between two services running in Kubernetes?”
- “How does my security team perform an incident investigation in my Kubernetes environment?”
Not only does Kubernetes not have built-in capabilities to tackle these problems, but traditional network infrastructure devices — firewalls, network load-balancers, network monitoring devices — are also limited in closing gaps, said Wendlandt. Such devices then become bottlenecks, given the explosion of API-communication between modern applications. Similarly, their focus on traditional packet-layer identity means they can’t understand service-identity and API-call details in modern workloads.
Cilium addresses these challenges by providing a multicloud and on-premises connectivity fabric that is secure and observable. This runs directly in the Linux kernel alongside each application workload.
“This technological leap enables Isovalent to provide rich context and insight for security and operator teams,” said Wendlandt.
Making eBPF consumable
eBPF, without a doubt, has fueled Cilum’s rapid rise, said Wendlandt. “eBPF essentially allows us to teach the Linux kernel new tricks,” he said.
Without it, the networking stack within Linux is largely composed of code that hasn’t changed much in 20 years, he said, and that was designed in an era when Linux was either running on a standalone server or a network appliance connecting static services.
The world looks “drastically different” when Linux is used as the foundation for Kubernetes infrastructure, Wendlandt said, with hundreds of containers running on each node and rapidly appearing and disappearing as workloads life-cycle via automated continuous integration/continuous delivery (CI/CD) pipelines.
“eBPF allows us to teach Linux to identify and properly connect, load-balance, firewall, and monitor these containerized workloads in a way that would never be scalable or performant using the legacy Linux networking,” said Wendlandt.
Still, he described it as a “very low-level technology.” Cilium’s open-source community ultimately makes eBPF consumable, he said.
“Cilium provides a consistent way to connect, secure and observe workloads across any type of underlying multicloud infrastructure,” said Wendlandt.
Meeting modern workload needs
And Cilium continues to evolve. The technology initially focused on Kubernetes networking and security use cases such as connectivity, load-balancing and firewalling, said Wendlandt. But demand prompted expansion to network observability (Hubble), runtime security observability and enforcement (Tetragon) and Cilium Service Mesh. Organizations are also looking to use eBPF to measure and enforce software supply chain security and workload profiling.
“It is really not an exaggeration to say that eBPF will change every aspect of how modern workloads run on any and all Linux platforms,” said Wendlandt.
Wendlandt underscored the fact that Kubernetes promises consistency in life-cycle application workloads regardless of underlying infrastructure. Multicloud environments where workloads can seamlessly migrate isn’t “some pie-in-the-sky notion,” he said.
“Rather, it is a realization that we are and will continue to be in a world of heterogeneous infrastructure, often comprised of a mix of private cloud and one or more public cloud providers,” he said.
He also pointed out that enterprises, vendors, analysts and venture capitalists alike are struggling to define the new, emerging layer in the enterprise infrastructure stack.
“As applications shift toward being a collection of API-driven services, the security, reliability, observability and performance of all applications becomes fundamentally dependent on this new connectivity layer,” said Wendlandt.
The next step in the Kubernetes journey
Since its introduction in 2018, Cilium has been selected as the default in several managed Kubernetes offerings of major public cloud providers: Google Kubernetes Engine, Google Anthos and Amazon EKS Anywhere.
Rapid adoption of Cilium across many verticals — finance/payments, ecommerce/retail, insurance, telecommunications, government, data analytics, entertainment — “highlights the fact that we are solving a critical piece of the puzzle for users as they take the next step on their Kubernetes journey,” said Wendlandt.
Furthermore, Cilium is one of the fastest-growing cloud-native connectivity projects in the Kubernetes ecosystem, he said, and it is the only Container Network Interface (CNI) at the incubation level in the CNCF. Its full “Graduated” project status is targeted for early 2023.
Isovalent also co-maintains the eBPF codebase upstream in the Linux kernel, maintains ebpf.io, hosts the eBPF Summit, and helped create the eBPF Foundation along with Meta, Netflix, Google and Microsoft.
The newest funding round was led by Thomvest Ventures, joined by Google, Cisco, Microsoft and Grafana Labs. Additional investors include Andreessen Horowitz, Mango Capital, and Mirae Asset Capital. The round will help Isovalent double its team — reaching roughly 100 employees — to continue supporting open-source communities while addressing demand for Cilium Enterprise, said Wendlandt.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.