eCHO News 61
eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle
30th July 2024
Like all tech newsletters right now, its time to add my commentary on the CrowdStrike incident that crashed IT systems around the world. Well actually you should probably just read the blog from Brendan and the BSC "No More Blue Fridays". While technical problems often have multifaceted causes, they argue that "In the future, computers will not crash due to bad software updates, even those updates that involve kernel code. In the future, these updates will push eBPF code."
While no software is immune to bugs, eBPF has a verifier that checks whether the program is safe to run. The verifier also isn't perfect, but there are many companies and even academic researchers trying to continuously improve the verifier through things like fuzzing and formal verification. If I had to choose between the tests a team had the time to write and a verifier with industry funding and academic research behind it, I know which one I would choose every time. So "If your company is paying for commercial software that includes kernel drivers or kernel modules, you can make eBPF a requirement because together we can make such global outages a lesson of the past."
I've got talks to review for Cilium + eBPF Day and eBPF Summit so let’s 🐝 -gin.
The Technical
Live Migrating Production Clusters From Calico to Cilium - "There are a number of features offered by Cilium that we wanted to explore"
Hello eBPF: Write your eBPF application in Pure Java (12) - "the new Java compiler plugin, that allows to you write in “pure” Java, using Java as a DSL for C"
Making damn vulnerable web application almost unhackable with Cilium and Tetragon - How to block some common vulnerabilities with Cilium and Tetragon
itsCheithanya/eBPF-XDP-ML-Firewall - "Leveraging XDP to incorporate ML models with floating-point weights into eBPF"
atomic77/nethadone - "uses eBPF to efficiently monitor and dynamically adjust traffic speeds to gently nudge users off of configured sites"
🐝
The Release
Cilium 1.16 – High-Performance Networking With Netkit, Gateway API Gamma Support, BGPV2 and More! - The theme of the release is “Faster, Stronger, Smarter” – faster for the blazing performances you will get with netkit, the new virtual network device, stronger for all the security and operational improvements, such as Network Policies Port Range support and smarter for all the new traffic engineering features such as Kubernetes Service Traffic Distribution, Local Redirect Policy and a 5x reduction in tail latency for DNS policies!
🐝
The Ecosystem
No More Blue Fridays - "If your company is paying for commercial software that includes kernel drivers or kernel modules, you can make eBPF a requirement"
Recent CrowdStrike Outage Emphasizes the Need for eBPF-Based Sensors - "safer, more flexible, and easier to deploy and manage than kernel-based sensors"
Can Cilium Be a Control Plane Beyond Kubernetes? - Hear how Cilium is taking over where NSX left off
Cilium for AI/ML Workload - Top 5 challenges and how Cilium comes to the rescue
Comparing eBPF and Kernel Modules for Application Vulnerability Detection and Attack Monitoring - Pros and cons for each, but they are still using eBPF in their product
Observability Cost-Savings and eBPF Goodness with Groundcover - Podcast from Bret Fisher
eBPF use cases - "eBPF is emerging as a key to many cloud native use cases"
How Open Source Project Tetragon Is Evolving Security via eBPF - an interview with Jeremy Colvin
Architecting Cloud-Native Platforms: The Role of Domain-Driven Design and Cell-Based Architecture - and the role that Cilium network policies play
🐝
Recommended by LinkedIn
The How To
Getting Started with Cilium Service Mesh on Amazon EKS - with deployment architecture and code samples
Enabling Enterprise features for Cilium in Elastic Kubernetes Service (EKS) - Covering everything from network policy to Tetragon
Cilium on EKS with Sveltos - Installing with a GitOps based approach
Installer Cilium sur WSL2 - "les étapes pour configurer un environnement WSL2 compatible avec Cilium"
EKS & Isovalent Enterprise for Cilium – Reducing Operational Complexity - Skip add-ons to get Isovalent Enterprise for Cilium
🐝
The Video
Using eBPF for Better Kubernetes Performance - Sharing experiences and pitfalls
Videos showing features from Cilium 1.16 including Local Redirect Policy, Egress Gateway Traffic Observability, Network Policy Validation Status, Hubble Node Labels Filter, Per-Pod Fixed MAC Address, and Service Traffic Distribution
Favorite Cilium Feature? Hart's (Not So) Hot Take - Spoiler: Hubble, like everyone else once they discover it
🐝
The Events
Getting Started with Networking Security - Virtual Workshop series
Simplify Kubernetes operations with Cilium Ingress: Hands-On Workshop for Platform Operators - Virtual Workshop on August 22
eBPF Summit - September 11th! We are reviewing the proposals now
Tetragon: Cloud Native Security Workshop with Copebit & AWS in Zurich - In-person event on September 17
Cilium + eBPF Day - See you in Salt Lake!
🐝
The Tweet of the Week
Community @ Isovalent working on Cilium and eBPF
5moContent from: Brendan Gregg Daniel Borkmann Joe Stringer KP Singh Dumlu Timuralp Bijith Nair Piotr Jablonski Praseeda Sathaye Amit Gupta Guy Kaplan Eleni Grosdouli Nicolas Vibert Moh Ahmed Cheithanya PR Alex Williams Stephane Karagulmez Ben Bornholm Jeremy C. C. Thomas (Tom) Smith, III Oshrat Nir Shahar Azulay Bret Fisher Donald Lutz Scott Moore ⚛ Alex Tomic Mahesh Babu Benoît Garçon Lakmal Warusawithana Yossef (Joseph) Levi Johannes Bechberger Dean L.