Remove Functionality Overview from README #38993
Conversation
To Functionality Overview is too specific and not updated enough to be in the README Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
There was a problem hiding this comment.
We have other more up-to-date representations of this information at https://cilium.io/ and in the docs; several of the sections below are out-of-date and I'm not sure whether the text is putting the right highlights on the featureset we think is most important to users. I think it's a fair proposal.
There was a problem hiding this comment.
We might want to make sure that viewers that find this repository can be easily redirected towards cilium.io for getting this sort of information. Interestingly we link to ebpf.io but not the main website from this page. 😅
I would guess a lot of people arriving at this page may have already come from cilium.io, but it wouldn't hurt to encourage readers that find this page to explore the use cases on cilium.io in case they didn't already. We could do this either by integrating that encouragement into the first paragraph, or maybe place it into the "Getting Started" section. On a related note we might want to link the labs as well since that would also be a great way to get started.
There was a problem hiding this comment.
I think I've addressed all of this feedback now
There was a problem hiding this comment.
We might want to make sure that viewers that find this repository can be easily redirected towards cilium.io for getting this sort of information. Interestingly we link to ebpf.io but not the main website from this page. 😅
I would guess a lot of people arriving at this page may have already come from cilium.io, but it wouldn't hurt to encourage readers that find this page to explore the use cases on cilium.io in case they didn't already. We could do this either by integrating that encouragement into the first paragraph, or maybe place it into the "Getting Started" section. On a related note we might want to link the labs as well since that would also be a great way to get started.
|
The CI failure will need to be fixed: https://github.com/cilium/cilium/actions/runs/14506954111/job/40698022015?pr=38993#step:4:1261 |
Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
removed reference from what was deleted in the README and refreshed the what is Cilium section Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
There was a problem hiding this comment.
I can see how you're looking to improve the intro text, but that is a lot trickier than the README updates (which look good to me). I think it'd be easier to drop the reworking of "What is Cilium?" from this PR, iterate in a doc separately with a few key reviewers, then when we're happy, resubmit for review. Capturing the essence of the project into a well-formed short series of paragraphs can be pretty tricky and I don't think GitHub comments are a particularly good way to facilitate the discussion.
| Cilium is open source software for transparently securing the network | ||
| connectivity between application services deployed using Linux container | ||
| management platforms like Docker and Kubernetes. | ||
| Cilium began as a container networking project. With the growth of Kubernetes and container orchestration, Cilium became a CNI, providing basic things like configuring container network interfaces and pod to pod connectivity. From the beginning, Cilium based its networking on eBPF rather than iptables or IPVS, betting that eBPF would become the future of cloud native networking. |
There was a problem hiding this comment.
The first sentence should provide a concise encapsulation of what the project is, which we then expand on. The framing of "began as..." and "became ..." is not relevant for the first paragraph IMHO. Right from the beginning Cilium was built from the perspective of "how could we rethink networking to do it better?", and the details of container networking vs. CNI is not particularly relevant to that scope. But I also digress! The reader should come away from the first paragraph with a good grasp of the core functionality. A subsequent paragraph can expand on that to paint the picture of the existing technology landscape and our role in it (including technology selections, bets we made, how we contributed, etc).
I think that this new text is slightly downplaying the involvement we Cilium contributors have had in building core eBPF. I am undoubtedly going to read a lot more into this text than the average reader, but I read this first paragraph to have the perspective "we tried to create a project then we found this CNI thing and this eBPF thing and then we figured yeah we should bet on those things". Yes, we bet on eBPF, but we also participated in the upstream communities and collaborated with others to forge capabilities in eBPF that were not previously possible.
I know it's tricky to try to rewrite these core pieces so I'm trying not to have too much attachment to the existing text, but maybe it's worth highlighting +/- of the existing text for contrast:
- The existing text refers strongly to Linux and Docker, both of which still play very important roles in the ecosystem but both of which we do not expect to be required for Cilium in the coming years.
- key points are included: OSS, security, networking, for containers, connectivity for applications
|
|
||
| At the foundation of Cilium is a new Linux kernel technology called eBPF, which |
There was a problem hiding this comment.
I'm not sure it makes sense to drop the paragraph with emphasis on eBPF as the core technology behind Cilium. I think we should keep it (or some variation).
I recognize that eBPF is not particularly new at this stage, but I wonder if we can still convey the same emphasis in any new text. Even if we drop the word 'new' I think that would improve on it.
I recognize also that there is an over-emphasis on 'Linux' in the existing text, meanwhile eBPF on Windows is rising in prominence. The common parlance in the eBPF Foundation is "privileged context such as operating system kernel", but that's a bit of a mouthful. Maybe we can iterate on the existing text a bit just to address this shortfall. We could refer to the IETF standard rather than the target platform if we think that's worth emphasizing.
The second sentence probably had more meaning in the past, but it still speaks to the comparison with in-app security protections or sidecar based approaches. I don't know if that's necessarily the thing I would highlight as part of the "emphasise eBPF" paragraph but I don't think it's necessarily dated or inaccurate.
| within Linux itself. Because eBPF runs inside the Linux kernel, Cilium | ||
| security policies can be applied and updated without any changes to the | ||
| application code or container configuration. | ||
| Cilium’s eBPF based dataplane provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode with Cilium Cluster Mesh. It is Layer 7-protocol aware and can enforce network policies on Layer 3 to Layer 7 and with FQDN using an identity based security model that is decoupled from network addressing. |
There was a problem hiding this comment.
| Cilium’s eBPF based dataplane provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode with Cilium Cluster Mesh. It is Layer 7-protocol aware and can enforce network policies on Layer 3 to Layer 7 and with FQDN using an identity based security model that is decoupled from network addressing. | |
| Cilium’s eBPF based dataplane provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode with Cilium Cluster Mesh. It is Layer 7-protocol aware and can enforce network policies on Layer 3 to Layer 7 and with FQDN using an identity based security model that is decoupled from network addressing. |
This has some minor divergences vs. the README version, notably ... with Cilium Cluster Mesh. The sentence already describes that it spans multiple clusters, so this doesn't add new information. As we iterate on this functionality page we could add a whole section and refer to cluster mesh. Interested users could either use the search bar or navigation bar to find the multi-cluster docs, so I don't know if we need to emphasize Cilium Cluster Mesh as a brand at this point of the docs given it's one of many features.
Briefly looking at Google Trends I think that we would benefit from referring to DNS features by the acronym DNS rather than FQDN. FQDN (Fully Qualified Domain Name) is a more niche technical term, and though we use it heavily in the policy specification, it is not likely to have much meaning to readers of this primer.
The addition of FQDN is something I think worth highlighting as a key feature, probably in an ideal text I might add it in a sentence afterwards describing some of the policy capabilities within "Layer 3 to Layer 7" like matching on services, DNS, groups of IP addresses. The danger of putting it in the middle of this existing sentence is just that we complicate the reading experience for the target audience, which is already people who have less familiarity with the subject.
| @@ -130,10 +126,3 @@ to providing traditional Layer 3 and Layer 4 segmentation. | |||
|
|
|||
| The use of eBPF enables Cilium to achieve all of this in a way that is highly | |||
| scalable even for large-scale environments. | |||
|
|
|||
| Functionality Overview | |||
There was a problem hiding this comment.
I think I missed last time that this actually drops the only functionality overview we have from the docs website. Is there a plan to provide another summary of features to replace it or do we think that this role is now better served by cilium.io?
|
Since the README and docs are interlinked. It is probably better to iterate in a google doc for both then come back to Github for it. Closing this for now |
Follow up from #38993 as a rewrite of the section Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Follow up from #38993 as a rewrite of the section Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Follow up from #38993 as a rewrite of the section Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Follow up from #38993 as a rewrite of the section Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Follow up from #38993 as a rewrite of the section Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Follow up from cilium#38993 as a rewrite of the section Signed-off-by: Bill Mulligan <billmulligan516@gmail.com>
Just my opinion, also open to leaving it in and closing this PR.