DevOps

Connecting the World: Your Hands-On Guide To Cilium Cl... Arthur Outhenin-Chalandre & Quentin Swiech

CNCF (Cloud Native Computing Foundation)
CNCF (Cloud Native Computing Foundation)Apr 13, 2026

Why It Matters

Enterprises can now run truly global, secure Kubernetes workloads without custom gateways, accelerating multi‑region service delivery and reducing operational overhead.

Key Takeaways

  • Cilium Cluster Mesh unifies networking across multiple Kubernetes clusters
  • Supports up to 511 clusters with flexible, non‑full‑mesh topologies
  • Two service models: Global Service annotations and MCS API exports/imports
  • Cilium 1.19 streamlines mesh installation and hardens network‑policy handling
  • Roadmap adds global namespaces, cluster‑property grouping, and control‑plane scaling

Summary

The presentation introduced Cilium Cluster Mesh, a multicluster networking solution that extends Cilium’s single‑cluster capabilities—such as pod‑to‑pod encryption and network policies—to dozens or hundreds of clusters. By creating a flat IP space and a shared control plane, the mesh eliminates the need for complex gateway configurations, allowing services in one cluster to address pods in another as if they were local.

Key technical insights included the distinction between two service‑exposure models. Global Services rely on a simple annotation (cilium.io/global) that merges back‑ends across clusters, while the newer Multicluster Service (MCS) API uses ServiceExport and ServiceImport custom resources to automate service discovery and conflict resolution. The speaker highlighted that MCS offers better UI/UX and clearer traffic segregation between local and remote endpoints.

A live demo showed two GCP clusters linked via Cilium Cluster Mesh, with Flux CD managing deployments. The demo illustrated load‑balancing across clusters using the MCS API and enforcing security through mesh‑wide network policies. Recent Cilium 1.19 enhancements—auto‑configuration of Cilium operator, integrated Helm charts, and explicit multi‑cluster network‑policy targeting—reduce operational friction and improve security posture.

Looking ahead, the roadmap promises global namespace support, cluster‑property integration for group‑based policies, and further control‑plane optimizations. These advances aim to simplify large‑scale, multi‑region Kubernetes deployments, making cross‑cluster service meshes more performant and easier to manage.

Original Description

Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io
Connecting the World: Your Hands-on Guide To Cilium ClusterMesh and MCS-API - Arthur Outhenin-Chalandre, Ledger & Quentin Swiech, S3NS
Like Amsterdam’s canals connecting every neighborhood, Cilium ClusterMesh links Kubernetes clusters into one cohesive, global network. Navigating towards a single-cluster experience across multi-AZ or multi-region environments without sinking in operational overhead requires charting the right course through murky connections.
In this session, S3NS, the French trusted cloud from Thales and Google Cloud, shares how they built a secure, multi-cluster platform using Cilium ClusterMesh and Multi-Cluster Service API. You’ll learn how to:
- Enforce network policies across clusters
- Enable transparent service load balancing and DNS integration using MCS-API and service annotations
- Seamlessly integrate with Cilium Ingress and the Gateway API, and other controllers with EndpointSliceSync
- Scale up to hundreds of clusters across the world
Attendees will leave with a GitOps-ready blueprint for deploying and managing Cilium ClusterMesh, your bridge between clusters, clouds, and continents.

Comments

Want to join the conversation?

Loading comments...