Securing cloud native’s most important use cases

Jordi Mon Companys, Product Marketing Manager and Nghia Tran, Senior Engineering Manager
December 19, 2023

At its core, building cloud native software means building applications and environments that are optimized for the unique characteristics of public and private clouds. Developing cloud native software implies managing a degree of chaos that not all types of software would require. 

This is especially true heading into the new year, where we can expect to see a trend in products that prioritize the developer experience and a rise in platform engineering. Good engineering and tooling gets out of the way of developers so they can focus on building and innovating. All internal developer platforms already built and those that will soon come will need to abstract as much infrastructure management from the developers as possible. 

This is precisely the problem space Chainguard wants to address, specifically with security and vulnerability management. We are committed to securing the software supply chain with tooling that doesn’t hinder the developer experience. We do this by providing minimal, hardened container images that allow our users to have accurate scanner results and get their CVE inbox alerts to zero.

Introducing new Chainguard Images bundles for Cilium and Istio

To achieve that goal, we monitor closely which open source projects are in the highest demand, but also which ones, if hardened, would provide a considerable security improvement to the whole open source ecosystem. For us to make the biggest impact across the ecosystem we should help fortify those technologies that are the bedrock of cloud native software. Istio and Cilium are clear examples of this and are fundamental building blocks of this ecosystem. With the availability of our new Chainguard Images Istio and Cilium bundles, we are providing these project user bases with an easy way to pull them securely into their build pipelines. 

In any given supply chain, there are raw materials that are more fundamental than others. If those are properly secured, this will have ripple effects down the line (or up and down the stack, if you prefer). 

Both the Cilium and Istio technologies cover a vast array of use cases that have a foundational effect on any Kubernetes environment. Cilium and Istio are two popular tools that help solve these challenges by providing features like traffic routing, load balancing, service discovery, and more. These functions are essential for ensuring that Kubernetes and other cloud native software deployments run smoothly and efficiently, but also securely. Ultimately, building cloud native software is about creating applications that are designed for the cloud – and Cilium and Istio play a critical role in helping developers achieve this goal.

The indispensable role of Istio and Cilium in cloud computing

According to the 2022 CNCF Annual Survey, Istio is the most widely used service mesh among respondents, with 73% of companies surveyed using it. This broad adoption is a testament to Istio's effectiveness in solving various service management challenges, making it an essential tool for modern enterprises looking to build robust, secure, and scalable microservices architectures. Istio has over 34,000 GitHub Stars, making it one of the most popular projects in the CNCF.

A line graph showing how Istio has progressed from 2017 to 2023, resulting in over 34,000 downloads.

From that same CNCF survey, 47% of respondents use Cilium as their preferred network plugin for container orchestration platforms like Kubernetes. It's also popular for network security, with 43% of respondents using it for this purpose. The future and power of eBPF is incredible, everyone agrees.

A line graph showing how Cilium has progressed from 2017 to 2023, resulting in over 17,000 downloads.

Get started with Chainguard Images today

Recently, we launched our new Chainguard Images Directory, a publicly available site where users can browse for all the images in our inventory. On each Chainguard Image listing, you’ll find the relevant information regarding installation, infrastructure, provenance details for signatures and SBOMs, and more. The Chainguard Images Directory also includes a new Security Advisories page, which shows users which CVEs we are aware of, the status of fixes, and more. 

Here’s a quick summary of how to navigate the Chainguard Image Directory:

You can start pulling the new Cilium and Istio Images today in the Chainguard Images Directory. Here’s a quick video on how to get started:

If you are looking for more technical guidance to stand up the Chainguard Images Cilium or Istio bundles in your local environment, check out these nifty getting started guides on Chainguard Academy from Chainguard Engineer Nghia Tran. A huge thank you to our friend Feroz Salam at Isovalent for giving us a hand with the Cilium Images, as well as  John Howard who helped us with Istio over the years! Find the guides below: 

Chainguard Developer Images are available free with the :latest and :latest-dev tags for you to use in your development and test environments. Within the new Directory, each Images page also includes important image-specific details such as version tags and other variants like FIPS and Long Term Support (LTS), which are available to our Chainguard Images customers who have purchased these solutions. If you are interested in learning more about the enterprise-ready capabilities in our Production Images, contact our team.

Related articles

Ready to lock down your supply chain?

Talk to our customer obsessed, community-driven team.