{"id":616,"date":"2024-04-20T10:00:00","date_gmt":"2024-04-20T10:00:00","guid":{"rendered":"https:\/\/jacar.es\/cilium-service-mesh\/"},"modified":"2024-04-20T10:00:00","modified_gmt":"2024-04-20T10:00:00","slug":"cilium-service-mesh","status":"publish","type":"post","link":"https:\/\/jacar.es\/en\/cilium-service-mesh\/","title":{"rendered":"Cilium Service Mesh: When You Don&#8217;t Need Sidecars"},"content":{"rendered":"<p><strong><a href=\"https:\/\/cilium.io\/\">Cilium<\/a><\/strong> started as an eBPF-based CNI and evolved into a complete alternative to traditional service meshes \u2014 <strong>without sidecars<\/strong>. Its architecture leverages eBPF to do policy, observability, and encryption in kernel, without per-pod proxy. For large clusters, resource savings are significant. Istio responded with <strong>Ambient Mode<\/strong> (similar philosophy). This article compares the sidecarless approach and when to pick each.<\/p>\n<h2 id=\"the-sidecar-problem\">The Sidecar Problem<\/h2>\n<p>The sidecar model (Linkerd, classic Istio):<\/p>\n<ul>\n<li><strong>One Envoy\/linkerd-proxy per pod<\/strong>.<\/li>\n<li><strong>Resource overhead<\/strong>: 50-200MB RAM + CPU per pod.<\/li>\n<li><strong>Additional latency<\/strong>: 2-5ms round-trip.<\/li>\n<li><strong>Operational complexity<\/strong>: many processes, lifecycle management.<\/li>\n<\/ul>\n<p>In clusters with thousands of pods, multiplied by sidecar, it\u2019s significant.<\/p>\n<h2 id=\"ciliums-approach\">Cilium\u2019s Approach<\/h2>\n<p>Cilium replaces sidecar proxies with:<\/p>\n<ul>\n<li><strong>eBPF in kernel<\/strong> for simple policy and encryption.<\/li>\n<li><strong>Centralised Envoy<\/strong> for complex L7 features (only where used).<\/li>\n<li><strong>Hubble<\/strong> for native observability.<\/li>\n<li><strong>CNI integration<\/strong> \u2014 Cilium is both CNI and service mesh in one piece.<\/li>\n<\/ul>\n<p>Result: comparable features with less overhead.<\/p>\n<h2 id=\"main-features\">Main Features<\/h2>\n<h3 id=\"ebpf-based-mtls\">eBPF-based mTLS<\/h3>\n<p>Cilium can encrypt inter-node traffic with <strong>WireGuard<\/strong> (simple and fast) or <strong>IPsec<\/strong> (more compatible). No sidecar injection needed.<\/p>\n<div class=\"sourceCode\" id=\"cb1\">\n<pre class=\"sourceCode yaml\"><code class=\"sourceCode yaml\"><span id=\"cb1-1\"><a href=\"#cb1-1\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"co\"># CiliumClusterwideEncryptionPolicy<\/span><\/span>\n<span id=\"cb1-2\"><a href=\"#cb1-2\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"fu\">apiVersion<\/span><span class=\"kw\">:<\/span><span class=\"at\"> cilium.io\/v2<\/span><\/span>\n<span id=\"cb1-3\"><a href=\"#cb1-3\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"fu\">kind<\/span><span class=\"kw\">:<\/span><span class=\"at\"> CiliumClusterwideNetworkPolicy<\/span><\/span>\n<span id=\"cb1-4\"><a href=\"#cb1-4\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"fu\">metadata<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb1-5\"><a href=\"#cb1-5\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">  <\/span><span class=\"fu\">name<\/span><span class=\"kw\">:<\/span><span class=\"at\"> enforce-encryption<\/span><\/span>\n<span id=\"cb1-6\"><a href=\"#cb1-6\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"fu\">spec<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb1-7\"><a href=\"#cb1-7\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">  <\/span><span class=\"fu\">endpointSelector<\/span><span class=\"kw\">:<\/span><span class=\"at\"> <\/span><span class=\"kw\">{}<\/span><\/span>\n<span id=\"cb1-8\"><a href=\"#cb1-8\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">  <\/span><span class=\"fu\">ingress<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb1-9\"><a href=\"#cb1-9\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">    <\/span><span class=\"kw\">-<\/span><span class=\"at\"> <\/span><span class=\"fu\">fromEntities<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb1-10\"><a href=\"#cb1-10\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">        <\/span><span class=\"kw\">-<\/span><span class=\"at\"> cluster<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>WireGuard per node, not per pod. Less granular than per-service mTLS but more efficient.<\/p>\n<h3 id=\"l7-policies\">L7 Policies<\/h3>\n<p>Cilium supports application-level policy:<\/p>\n<div class=\"sourceCode\" id=\"cb2\">\n<pre class=\"sourceCode yaml\"><code class=\"sourceCode yaml\"><span id=\"cb2-1\"><a href=\"#cb2-1\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"fu\">apiVersion<\/span><span class=\"kw\">:<\/span><span class=\"at\"> cilium.io\/v2<\/span><\/span>\n<span id=\"cb2-2\"><a href=\"#cb2-2\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"fu\">kind<\/span><span class=\"kw\">:<\/span><span class=\"at\"> CiliumNetworkPolicy<\/span><\/span>\n<span id=\"cb2-3\"><a href=\"#cb2-3\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"fu\">spec<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-4\"><a href=\"#cb2-4\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">  <\/span><span class=\"fu\">endpointSelector<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-5\"><a href=\"#cb2-5\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">    <\/span><span class=\"fu\">matchLabels<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-6\"><a href=\"#cb2-6\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">      <\/span><span class=\"fu\">app<\/span><span class=\"kw\">:<\/span><span class=\"at\"> api<\/span><\/span>\n<span id=\"cb2-7\"><a href=\"#cb2-7\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">  <\/span><span class=\"fu\">ingress<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-8\"><a href=\"#cb2-8\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">    <\/span><span class=\"kw\">-<\/span><span class=\"at\"> <\/span><span class=\"fu\">fromEndpoints<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-9\"><a href=\"#cb2-9\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">        <\/span><span class=\"kw\">-<\/span><span class=\"at\"> <\/span><span class=\"fu\">matchLabels<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-10\"><a href=\"#cb2-10\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">            <\/span><span class=\"fu\">app<\/span><span class=\"kw\">:<\/span><span class=\"at\"> frontend<\/span><\/span>\n<span id=\"cb2-11\"><a href=\"#cb2-11\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">      <\/span><span class=\"fu\">toPorts<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-12\"><a href=\"#cb2-12\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">        <\/span><span class=\"kw\">-<\/span><span class=\"at\"> <\/span><span class=\"fu\">ports<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-13\"><a href=\"#cb2-13\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">            <\/span><span class=\"kw\">-<\/span><span class=\"at\"> <\/span><span class=\"fu\">port<\/span><span class=\"kw\">:<\/span><span class=\"at\"> <\/span><span class=\"st\">&quot;80&quot;<\/span><\/span>\n<span id=\"cb2-14\"><a href=\"#cb2-14\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">              <\/span><span class=\"fu\">protocol<\/span><span class=\"kw\">:<\/span><span class=\"at\"> TCP<\/span><\/span>\n<span id=\"cb2-15\"><a href=\"#cb2-15\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">          <\/span><span class=\"fu\">rules<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-16\"><a href=\"#cb2-16\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">            <\/span><span class=\"fu\">http<\/span><span class=\"kw\">:<\/span><\/span>\n<span id=\"cb2-17\"><a href=\"#cb2-17\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">              <\/span><span class=\"kw\">-<\/span><span class=\"at\"> <\/span><span class=\"fu\">method<\/span><span class=\"kw\">:<\/span><span class=\"at\"> <\/span><span class=\"st\">&quot;GET&quot;<\/span><\/span>\n<span id=\"cb2-18\"><a href=\"#cb2-18\" aria-hidden=\"true\" tabindex=\"-1\"><\/a><span class=\"at\">                <\/span><span class=\"fu\">path<\/span><span class=\"kw\">:<\/span><span class=\"at\"> <\/span><span class=\"st\">&quot;\/api\/v1\/users&quot;<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>For traffic requiring L7 (HTTP verbs, paths), Cilium starts an Envoy <strong>per node<\/strong> (not per pod). Less overhead.<\/p>\n<h3 id=\"hubble-observability\">Hubble: Observability<\/h3>\n<p><strong>Hubble<\/strong> is Cilium\u2019s observability layer:<\/p>\n<ul>\n<li>Detailed flow logs.<\/li>\n<li>Service dependency maps (who talks to whom).<\/li>\n<li>Policy verdicts (why a request was allowed\/denied).<\/li>\n<li>Prometheus and Grafana integration.<\/li>\n<\/ul>\n<p>Functional equivalent to Kiali + linkerd-viz but integrated.<\/p>\n<h3 id=\"load-balancing\">Load Balancing<\/h3>\n<p>Cilium includes kube-proxy-replacement load balancer:<\/p>\n<ul>\n<li><strong>XDP<\/strong> for ingress with massive throughput.<\/li>\n<li><strong>Session affinity<\/strong>, <strong>health checks<\/strong>.<\/li>\n<li><strong>BGP integration<\/strong> to announce LoadBalancer IPs.<\/li>\n<\/ul>\n<p>For large clusters, direct replacement for MetalLB + kube-proxy.<\/p>\n<h3 id=\"multicluster-and-distributed-service-mesh\">Multicluster and Distributed Service Mesh<\/h3>\n<p>Cilium Cluster Mesh connects multiple clusters:<\/p>\n<ul>\n<li>Services accessible by DNS name across clusters.<\/li>\n<li>Automatic failover between clusters.<\/li>\n<li>Cross-cluster consistent policy.<\/li>\n<\/ul>\n<p>Operationally simpler than Istio federation.<\/p>\n<h2 id=\"cilium-vs-istio-ambient\">Cilium vs Istio Ambient<\/h2>\n<p>Istio responded to the sidecar critique with <strong>Ambient Mode<\/strong> (GA in 2024):<\/p>\n<ul>\n<li><strong>ztunnel<\/strong> per node (L4 + mTLS).<\/li>\n<li>Optional <strong>Waypoint proxy<\/strong> per namespace\/cluster for L7.<\/li>\n<li>Advantage: sidecar-less, similar to Cilium.<\/li>\n<\/ul>\n<table>\n<thead>\n<tr class=\"header\">\n<th>Aspect<\/th>\n<th>Cilium<\/th>\n<th>Istio Ambient<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr class=\"odd\">\n<td>Kernel layer<\/td>\n<td>Native eBPF<\/td>\n<td>iptables + ztunnel<\/td>\n<\/tr>\n<tr class=\"even\">\n<td>L4 encryption<\/td>\n<td>Per-node WireGuard<\/td>\n<td>Per-identity mTLS in ztunnel<\/td>\n<\/tr>\n<tr class=\"odd\">\n<td>L7 features<\/td>\n<td>Per-node Envoy on-demand<\/td>\n<td>Per-namespace Waypoint<\/td>\n<\/tr>\n<tr class=\"even\">\n<td>CNI integration<\/td>\n<td>Native<\/td>\n<td>Separate<\/td>\n<\/tr>\n<tr class=\"odd\">\n<td>Policy API<\/td>\n<td>CiliumNetworkPolicy<\/td>\n<td>Istio AuthorizationPolicy<\/td>\n<\/tr>\n<tr class=\"even\">\n<td>Observability<\/td>\n<td>Hubble<\/td>\n<td>Kiali + istioctl<\/td>\n<\/tr>\n<tr class=\"odd\">\n<td>Sidecarless maturity<\/td>\n<td>GA 2023<\/td>\n<td>GA 2024<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Cilium has more ground in sidecarless. Istio Ambient is newer but has Istio\u2019s mature ecosystem.<\/p>\n<h2 id=\"cilium-vs-linkerd\">Cilium vs Linkerd<\/h2>\n<p>Linkerd continues with sidecars (Rust linkerd2-proxy):<\/p>\n<ul>\n<li><strong>Linkerd<\/strong> is simpler to operate but has sidecar overhead (though very light).<\/li>\n<li><strong>Cilium<\/strong> has more features but more complexity.<\/li>\n<li><strong>Cilium<\/strong> is also CNI; Linkerd complements your CNI.<\/li>\n<\/ul>\n<p>For clusters already having a CNI (Calico, Flannel), migrating to Cilium is big step. For greenfield, unified Cilium is attractive.<\/p>\n<h2 id=\"resource-comparisons\">Resource Comparisons<\/h2>\n<p>Orientation benchmark (cluster 100 nodes, 1000 pods):<\/p>\n<table>\n<thead>\n<tr class=\"header\">\n<th>Stack<\/th>\n<th>Total overhead<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr class=\"odd\">\n<td>Classic Istio (sidecars)<\/td>\n<td>~100GB RAM<\/td>\n<\/tr>\n<tr class=\"even\">\n<td>Linkerd<\/td>\n<td>~10GB RAM<\/td>\n<\/tr>\n<tr class=\"odd\">\n<td>Cilium + CNI<\/td>\n<td>~5GB RAM<\/td>\n<\/tr>\n<tr class=\"even\">\n<td>Istio Ambient<\/td>\n<td>~15GB RAM<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Approximate numbers, depend heavily on configuration.<\/p>\n<h2 id=\"real-cases\">Real Cases<\/h2>\n<p>Cilium in production:<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/www.datadoghq.com\/\">Datadog<\/a><\/strong>: replaced iptables-based networking.<\/li>\n<li><strong><a href=\"https:\/\/www.bell.ca\/\">Bell Canada<\/a><\/strong>: standard CNI.<\/li>\n<li><strong><a href=\"https:\/\/www.sky.com\/\">Sky UK<\/a><\/strong>: multi-cluster service mesh.<\/li>\n<li><strong><a href=\"https:\/\/www.lyft.com\/\">Lyft<\/a><\/strong>: considering migration.<\/li>\n<li>Google GKE integrates Cilium as Dataplane V2.<\/li>\n<\/ul>\n<p>Greater adoption in teams with eBPF expertise.<\/p>\n<h2 id=\"limitations\">Limitations<\/h2>\n<p>Honest about Cilium:<\/p>\n<ul>\n<li><strong>High learning curve<\/strong>: eBPF, CRDs, specific tooling.<\/li>\n<li><strong>Kernel compatibility<\/strong>: requires recent kernels for best features.<\/li>\n<li><strong>Less granular identity<\/strong>: per-node vs per-service encryption. For strict multi-tenant, Istio Ambient with per-pod-identity mTLS is better.<\/li>\n<li><strong>Disruptive migration<\/strong>: changing CNI in existing cluster is project.<\/li>\n<li><strong>Smaller community<\/strong> than Istio.<\/li>\n<\/ul>\n<h2 id=\"when-to-choose-cilium\">When to Choose Cilium<\/h2>\n<p>Good fits:<\/p>\n<ul>\n<li><strong>Large clusters<\/strong> (&gt;500 pods) where sidecar overhead matters.<\/li>\n<li><strong>Teams with eBPF experience<\/strong> or willing to invest.<\/li>\n<li><strong>Greenfield<\/strong> Kubernetes without legacy CNI.<\/li>\n<li><strong>Need for L7 policy<\/strong> with high throughput.<\/li>\n<li><strong>Multi-cluster<\/strong> with advanced connectivity requirements.<\/li>\n<\/ul>\n<h2 id=\"when-not-cilium\">When NOT Cilium<\/h2>\n<ul>\n<li><strong>Small cluster<\/strong> where sidecars aren\u2019t a problem.<\/li>\n<li><strong>Already running Istio<\/strong> with complex features \u2014 migration doesn\u2019t pay.<\/li>\n<li><strong>Team without low-level networking experience<\/strong>.<\/li>\n<li><strong>Fine per-pod identity requirements<\/strong> (prefer Istio Ambient).<\/li>\n<\/ul>\n<h2 id=\"commercial-ecosystem\">Commercial Ecosystem<\/h2>\n<p><strong><a href=\"https:\/\/isovalent.com\/\">Isovalent<\/a><\/strong> (company behind Cilium) was <strong>acquired by Cisco<\/strong> in 2024, signaling enterprise validation but also potential vendor push. Open-source alternative still works without dependency.<\/p>\n<h2 id=\"conclusion\">Conclusion<\/h2>\n<p>Cilium represents a genuine service-mesh evolution: sidecarless, eBPF-native, CNI-integrated. For large clusters and technically capable teams, it offers real resource and feature advantages. Not the right choice for everyone \u2014 Linkerd remains valid for simplicity, classic Istio for feature-completeness, Istio Ambient as sidecarless alternative with different trade-offs. Service-mesh choice in 2024 has more mature options than ever; decision should be based on your technical context and team, not trend.<\/p>\n<p>Follow us on jacar.es for more on Kubernetes, eBPF, and service mesh.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cilium offers sidecar-less service mesh via eBPF. When it beats Linkerd\/Istio and when its novel approach has limits.<\/p>\n","protected":false},"author":1,"featured_media":617,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[131,59,58,437,103,438],"class_list":["post-616","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-arquitectura","tag-cilium","tag-ebpf","tag-kubernetes","tag-networking","tag-service-mesh","tag-sidecarless"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"en","enabled_languages":["es","en"],"languages":{"es":{"title":true,"content":true,"excerpt":true},"en":{"title":true,"content":true,"excerpt":true}}},"gutentor_comment":0,"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cilium Service Mesh: When You Don&#039;t Need Sidecars - Jacar<\/title>\n<meta name=\"description\" content=\"Cilium Service Mesh: sidecarless eBPF architecture, mTLS, L7 routing. Comparison with Istio Ambient and when to pick each.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jacar.es\/cilium-service-mesh\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cilium Service Mesh: When You Don&#039;t Need Sidecars - Jacar\" \/>\n<meta property=\"og:description\" content=\"Cilium Service Mesh: sidecarless eBPF architecture, mTLS, L7 routing. Comparison with Istio Ambient and when to pick each.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jacar.es\/cilium-service-mesh\/\" \/>\n<meta property=\"og:site_name\" content=\"Jacar\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-20T10:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\/wp-content\/uploads\/2020\/09\/favicon.png\" \/>\n\t<meta property=\"og:image:width\" content=\"252\" \/>\n\t<meta property=\"og:image:height\" content=\"229\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"javi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"javi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/\"},\"author\":{\"name\":\"javi\",\"@id\":\"https:\\\/\\\/jacar.es\\\/#\\\/schema\\\/person\\\/54a7f7b4224b38fafc9866eb3e614208\"},\"headline\":\"Cilium Service Mesh: When You Don&#8217;t Need Sidecars\",\"datePublished\":\"2024-04-20T10:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/\"},\"wordCount\":1629,\"publisher\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/20035229\\\/jwp-1546227-19710.jpg\",\"keywords\":[\"cilium\",\"ebpf\",\"kubernetes\",\"networking\",\"service mesh\",\"sidecarless\"],\"articleSection\":[\"Arquitectura\"],\"inLanguage\":\"en-US\"},{\"@type\":[\"WebPage\",\"ItemPage\"],\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/\",\"url\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/\",\"name\":\"Cilium Service Mesh: When You Don't Need Sidecars - Jacar\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/20035229\\\/jwp-1546227-19710.jpg\",\"datePublished\":\"2024-04-20T10:00:00+00:00\",\"description\":\"Cilium Service Mesh: sidecarless eBPF architecture, mTLS, L7 routing. Comparison with Istio Ambient and when to pick each.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/#primaryimage\",\"url\":\"https:\\\/\\\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/20035229\\\/jwp-1546227-19710.jpg\",\"contentUrl\":\"https:\\\/\\\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/20035229\\\/jwp-1546227-19710.jpg\",\"width\":1200,\"height\":800,\"caption\":\"L\u00edneas de red fibra \u00f3ptica iluminadas azules conectando nodos\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/jacar.es\\\/cilium-service-mesh\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/jacar.es\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cilium Service Mesh: cuando no necesitas sidecars\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/jacar.es\\\/#website\",\"url\":\"https:\\\/\\\/jacar.es\\\/\",\"name\":\"Jacar\",\"description\":\"Passion for Technology\",\"publisher\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/jacar.es\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/jacar.es\\\/#organization\",\"name\":\"Jacar\",\"url\":\"https:\\\/\\\/jacar.es\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/jacar.es\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/jacar.es\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/favicon.png\",\"contentUrl\":\"https:\\\/\\\/jacar.es\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/favicon.png\",\"width\":252,\"height\":229,\"caption\":\"Jacar\"},\"image\":{\"@id\":\"https:\\\/\\\/jacar.es\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/javiercanetearroyo\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/jacar.es\\\/#\\\/schema\\\/person\\\/54a7f7b4224b38fafc9866eb3e614208\",\"name\":\"javi\",\"sameAs\":[\"https:\\\/\\\/jacar.es\"],\"url\":\"https:\\\/\\\/jacar.es\\\/en\\\/author\\\/javi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cilium Service Mesh: When You Don't Need Sidecars - Jacar","description":"Cilium Service Mesh: sidecarless eBPF architecture, mTLS, L7 routing. Comparison with Istio Ambient and when to pick each.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jacar.es\/cilium-service-mesh\/","og_locale":"en_US","og_type":"article","og_title":"Cilium Service Mesh: When You Don't Need Sidecars - Jacar","og_description":"Cilium Service Mesh: sidecarless eBPF architecture, mTLS, L7 routing. Comparison with Istio Ambient and when to pick each.","og_url":"https:\/\/jacar.es\/cilium-service-mesh\/","og_site_name":"Jacar","article_published_time":"2024-04-20T10:00:00+00:00","og_image":[{"width":252,"height":229,"url":"https:\/\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\/wp-content\/uploads\/2020\/09\/favicon.png","type":"image\/png"}],"author":"javi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"javi","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jacar.es\/cilium-service-mesh\/#article","isPartOf":{"@id":"https:\/\/jacar.es\/cilium-service-mesh\/"},"author":{"name":"javi","@id":"https:\/\/jacar.es\/#\/schema\/person\/54a7f7b4224b38fafc9866eb3e614208"},"headline":"Cilium Service Mesh: When You Don&#8217;t Need Sidecars","datePublished":"2024-04-20T10:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/jacar.es\/cilium-service-mesh\/"},"wordCount":1629,"publisher":{"@id":"https:\/\/jacar.es\/#organization"},"image":{"@id":"https:\/\/jacar.es\/cilium-service-mesh\/#primaryimage"},"thumbnailUrl":"https:\/\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\/wp-content\/uploads\/2024\/04\/20035229\/jwp-1546227-19710.jpg","keywords":["cilium","ebpf","kubernetes","networking","service mesh","sidecarless"],"articleSection":["Arquitectura"],"inLanguage":"en-US"},{"@type":["WebPage","ItemPage"],"@id":"https:\/\/jacar.es\/cilium-service-mesh\/","url":"https:\/\/jacar.es\/cilium-service-mesh\/","name":"Cilium Service Mesh: When You Don't Need Sidecars - Jacar","isPartOf":{"@id":"https:\/\/jacar.es\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jacar.es\/cilium-service-mesh\/#primaryimage"},"image":{"@id":"https:\/\/jacar.es\/cilium-service-mesh\/#primaryimage"},"thumbnailUrl":"https:\/\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\/wp-content\/uploads\/2024\/04\/20035229\/jwp-1546227-19710.jpg","datePublished":"2024-04-20T10:00:00+00:00","description":"Cilium Service Mesh: sidecarless eBPF architecture, mTLS, L7 routing. Comparison with Istio Ambient and when to pick each.","breadcrumb":{"@id":"https:\/\/jacar.es\/cilium-service-mesh\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jacar.es\/cilium-service-mesh\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jacar.es\/cilium-service-mesh\/#primaryimage","url":"https:\/\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\/wp-content\/uploads\/2024\/04\/20035229\/jwp-1546227-19710.jpg","contentUrl":"https:\/\/jcs-wp-jacar-es.fsn1.your-objectstorage.com\/wp-content\/uploads\/2024\/04\/20035229\/jwp-1546227-19710.jpg","width":1200,"height":800,"caption":"L\u00edneas de red fibra \u00f3ptica iluminadas azules conectando nodos"},{"@type":"BreadcrumbList","@id":"https:\/\/jacar.es\/cilium-service-mesh\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/jacar.es\/"},{"@type":"ListItem","position":2,"name":"Cilium Service Mesh: cuando no necesitas sidecars"}]},{"@type":"WebSite","@id":"https:\/\/jacar.es\/#website","url":"https:\/\/jacar.es\/","name":"Jacar","description":"Passion for Technology","publisher":{"@id":"https:\/\/jacar.es\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jacar.es\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jacar.es\/#organization","name":"Jacar","url":"https:\/\/jacar.es\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jacar.es\/#\/schema\/logo\/image\/","url":"https:\/\/jacar.es\/wp-content\/uploads\/2020\/09\/favicon.png","contentUrl":"https:\/\/jacar.es\/wp-content\/uploads\/2020\/09\/favicon.png","width":252,"height":229,"caption":"Jacar"},"image":{"@id":"https:\/\/jacar.es\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/in\/javiercanetearroyo\/"]},{"@type":"Person","@id":"https:\/\/jacar.es\/#\/schema\/person\/54a7f7b4224b38fafc9866eb3e614208","name":"javi","sameAs":["https:\/\/jacar.es"],"url":"https:\/\/jacar.es\/en\/author\/javi\/"}]}},"_links":{"self":[{"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/posts\/616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/comments?post=616"}],"version-history":[{"count":0,"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/posts\/616\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/media\/617"}],"wp:attachment":[{"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/media?parent=616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/categories?post=616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jacar.es\/en\/wp-json\/wp\/v2\/tags?post=616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}