cilium VS pixie

They would have had to add a few externals to get to Graduated but it's definitely a minority:

https://github.com/cilium/cilium/blob/main/MAINTAINERS.md

Next-gen networking thanks to Cilium

Hello there, I recently have the need to proxy my pod traffic through WireGuard. I initially have my eyes on https://github.com/angelnu/pod-gateway but I just couldn't get it working. It turns out that Cilium made a CVE patch couple years ago that basically nuked ability to do inter-pod encapsulated traffic (https://github.com/cilium/cilium/issues/15991). I wonder if there is any other way that can let me do this without switching out of Cilium? Thank you guys in advance :)

I have used Cilium as CNI and installing it with helm.

I'm using the default RaspiOS Lite 64bits and as highlighted in this issue, the RaspiOS kernel does not support CONFIG_ARM64_VA_BITS_48, which makes cilium-envoy to fail building. As solution, I was told to use either Ubuntu as base OS or Traefik Ingress Controller, which is not configured in K3s.

Working on integrating cilium and loxilb as a hobby k8s project. Both are eBPF based and will be interesting to see what will be the final outcome.

Particularly in Cilium, Gateway API is very proof-of-concept. So much so that you can't even change the type of the underlying service (or anything else about the generated object) yet.

Authentication using mTLS was later merged into cilium (https://github.com/cilium/cilium/pull/24263). It uses mTLS between cilium agents to authorize flows, but do note that the mTLS auth is de-coupled from the datapath transport (i.e. you need to configure cilium to use ipsec or wireguard, as otherwise traffic won't be encrypted). As a consequence, there are some gaps in the implementation right now, like packet drops. see https://github.com/cilium/cilium/issues/23808

network plugin to be used, based on the documentation. (Project Calico ,Flannel, Cilium )

I am really curious, why build another project that has similar features as another open source software pixie - https://px.dev/.

Kibana is a good alternative if you can allow storing all your data in Elasticsearch, or you can use all-in-one monitoring tools like pixie https://github.com/pixie-io/pixie

Plenty of paid monitoring solutions out there. Instana is pretty slick. NewRelic has a new open source tool, https://github.com/pixie-io/pixie

Cilium multi-cluster mesh is a bit different, compared to service meshes, and it's L4, so should be fine with eBPF / XDP based routing. From observability standpoint I'd go for pixie - it should work just fine with both linkerd and istio, instead of Hubble, and Cilium's Tetragon was missing policies about 3-4 months ago (needs doublec-hecking if they had introduced any).

Congratulations on the launch, and thank you for choosing an awesome license!

For an unrelated reason, today I was reminded about Pixie (https://news.ycombinator.com/item?id=25375170 and https://news.ycombinator.com/item?id=31687978 and https://github.com/pixie-io/pixie#readme ), which says is also an ebpf kubernetes observability tool, also Apache licensed.

I suspect the difference may be your aspirations to move out of just kubernetes, but I wondered if that's the biggest difference between your project and theirs? Or maybe the C++ versus golang?

eBPF solutions look cool though. I heard of https://px.dev/ which sounds similar to ciliums eBPF mesh recently.