Isovalent announces Cilium maintainer recognized as top CNCF contributor

Bart: Who are you? What's your role? And who do you work for?

Liz: Hi, my name is Liz Rice. I work at Isovalent, now part of Cisco, and I am Chief Open Source Officer there.

Bart: Liz, what do you want to share with us today about Isovalent? You can share your thoughts as an expert, and maybe mention your work or Liz Rice's personal projects.

Liz: The exciting news is that I've just come from the keynotes where one of the Isovalent team, who is also one of the maintainers on Cilium, Joe Stringer, has just been voted top committer/maintainer for the CNCF in 2024. I'm super pleased for Joe about that, and it's really exciting.

Bart: For people who don't know, what problems are you solving at Isovalent?

Liz: So, we are the originators of the Cilium project, which provides networking and security, as well as network observability, for Kubernetes users. As Isovalent, we provide the Isovalent enterprise distribution, giving enterprises what they need to connect their Kubernetes clusters and external workloads with coherent security and deep observability. We also have Tetragon, our runtime security, all of which is built on eBPF. The team is full of CNCF experts and pioneers, making it a really powerful platform for building this kind of infrastructure tool.

Bart: Regarding CNCF, what's been the sort of before and after of the arrival of CNCF on the scene in the Kubernetes ecosystem?

Liz: Maybe two or three years ago, a very small number of people had heard of eBPF and they didn't really know what it was. Now, there's huge excitement about it as a technology. People are increasingly understanding its power. There are more and more projects and vendors taking advantage of eBPF. We're seeing huge adoption, not just of Cilium and Tetragon and products like Isovalent's, but also lots of other eBPF-based tooling across the ecosystem.

Bart: Are Cilium and Tetragon part of the CNCF landscape?

Liz: Cilium is a graduated project in the CNCF and Tetragon is a sub-project within Cilium along with Hubble, which is the observability component.

Bart: What's Isovalent's business model?

Liz: So, we have an enterprise distribution where enterprise users, if they are using Kubernetes in production and have critical workloads, need to know that those workloads will be securely connected, as I mentioned before, potentially also connected to external workloads, such as VM workloads. They come to us, Isovalent, to help solve all those potentially complex networking and security issues.

Bart: Since you mentioned networking, we did a survey with a bunch of folks about what are their least favorite features of Kubernetes. And one of the ones that was mentioned most frequently was [network policy management](what is the specific link for network policy management?). Do you agree? Or why do you think that is?

Liz: I think that's fair. We had a Cilium Developer Summit earlier in the week with a small group of very involved contributors and maintainers. Network policy management was one of the topics that was brought up as something that can probably be improved. Now, that is something that in the Isovalent world, the enterprise distribution, we do have some much more connected components to make it easier to manage your network policies.

Bart: Isovalent's main competitors are likely companies specializing in eBPF technology or providing similar cloud native solutions for networking, security, and observability.

Liz: So, in some senses, we compete against the Cilium open source project. We do have a lot of people who use the open source distribution very successfully. In a lot of ways, those are the main people who could be using the Isovalent platform and aren't. All the cloud providers have adopted Cilium in some shape or form. For example, Google GKE's data plane V2 is based on Cilium, and they could be using the Microsoft Azure CNI that's based on Cilium. There are lots of ways for people to consume Cilium in addition to consuming it through the Isovalent platform. However, we think that's great because the more people who are using Cilium, the better. We don't see it as a zero-sum game at all.

Bart: For some of the other cloud providers that are out there, in terms of how they're offering Cilium, eBPF, even Tetragon, what differentiates Isovalent's offering?

Liz: I think we bring everything together in a coherent package. You get to work with experts, including Daniel Bortman, one of the maintainers of eBPF in the kernel. If changes in the kernel are required, there is no better person, and you won't find greater expertise than in the Isovalent team.

Bart: What should we expect next from Isovalent?

Liz: That's a great question. We were acquired by Cisco earlier this year and one of the things we're working on is Cisco's Hypershield product, a security solution that leans quite heavily on the Tetragon technology we're providing.

Bart: Kubernetes turned 10 years old earlier this year. What do you expect in the next 10 years to come?

Liz: One of the consequences of the acquisition by Cisco is that I have been involved in the Kubernetes world and the cloud native world for a long time, but I now realize there's a whole other world of people who are using VMs, using traditional workloads, who haven't yet or are only dipping their toes in the water of cloud native. I think there's a huge distance to go in making sure those users get coherent tools, consistent tools that allow them to manage their VM workloads and their containerized workloads in a consistent manner, so they're not having to do two sets of operations. Certainly, in 10 years, that will be a solved problem, and I am excited to be a part of Isovalent, working with experts like my colleagues, and I must say, I am grateful to be speaking with you, and I hope our conversation will be useful to the audience, as I am Liz Rice.

Bart: Can you tell me about some news that came out on Cilium and eBPF Day?

Liz: Cilium and eBPF Day was a co-located event. We announced the eBPF Foundation published an audit of the eBPF verifier that was commissioned from a third party. This did find and we have now fixed a vulnerability in the eBPF verifier. That's really great progress. We also announced an eBPF threat model that Controlplane have written. This assesses the potential risks and benefits of using eBPF. These are really great documents for people who are considering adopting eBPF-based tools to reassure themselves about the security of using eBPF as a platform.

Bart: If people want to know more, what's the best way to get in touch with you, Liz Rice from Isovalent?

Liz: So, I'm Liz Rice, pretty much everywhere on the internet.