EndpointSlice CRD

When managing pods in Kubernetes, Cilium will create a Custom Resource Definition (CRD) of Kind CiliumEndpoint (CEP) for each pod managed by Cilium. If enable-cilium-endpoint-slice is enabled, then Cilium will also create a CRD of Kind CiliumEndpointSlice (CES) that groups a set of slim CEP objects with the same security identity together into a single CES object and broadcast CES objects to communicate identities to other agents instead of doing so via broadcasting CEP. In most cases, this reduces load on the control plane and can sustain larger-scaled cluster using the same master resource.

For example:

  1. $ kubectl get ciliumendpointslices --all-namespaces
  2. NAME                  AGE
  3. ces-548bnpgsf-56q9f   171m
  4. ces-dy4d8x6j2-qgc2z   171m
  5. ces-f6qfylrxh-84vxm   171m
  6. ces-k29rv92f5-qb4sw   171m
  7. ces-m9gs68csm-w2qg8   171m