Cilium kube-proxy replacement

[vosdev]

Summary

Cilium has the ability to fully replace kube-proxy, offering major benefits for performance, observability, and simplicity.

https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/

Canonical Kubernetes is already embracing Cilium as the CNI, LoadBalancer, and Ingress — it would be great if kube-proxy replacement was also supported out of the box to fully benefit from Cilium’s capabilities.

Why is this important?

• Removes dependency on kube-proxy and iptables, enabling use of modern tools like nftables for your hosts.

• All traffic is handled via eBPF, improving efficiency and reducing latency.

• Better observability with Hubble and eBPF flow tracing.

• No SNAT: enables client source IP preservation.

• Stronger security with advanced internal traffic policy.

• More reliable and consistent load balancing.

• Improved routing and topology awareness.

• Efficient return traffic handling with DSR.

Are you interested in contributing to this feature?

Unfortunately no :(