An Intellyx Brain Candy Brief
One of the most important cloud-native principles Kubernetes brings to enterprise infrastructure is the notion of abstracted identity.
No longer can we identify endpoints with IP addresses, as those addresses are now ephemeral. Furthermore, cloud-native zero-trust computing relies on abstracting endpoints which might correspond to user devices, microservices, APIs, or other types of endpoints.
Kubernetes deployments typically deliver this notion of ‘Kubernetes identity’ by layering abstractions on top of TCP/IP, supported by hypervisor infrastructure and the operating system.
Isovalent upends this entire model by leveraging the extended Berkeley Packet Filter (eBPF), a feature built into the kernel of all modern Linux distributions to implement Kubernetes identity directly in the Linux kernel.
Isovalent offers the open source Cilium, which delivers eBPF-powered networking, observability, and security from the kernel, thus skipping the traditional layers of abstraction.
The result is far better performance, identity-aware network visibility, and verifiable security than abstraction-based endpoint identity-based offerings can deliver.
Copyright © Intellyx LLC. Intellyx publishes the Cloud-Native Computing poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, none of the organizations mentioned in this article are Intellyx customers. To be considered for a Brain Candy article, email us at pr@intellyx.com.
