eCHO News 61

eCHO News 61

 eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

30th July 2024

Like all tech newsletters right now, its time to add my commentary on the CrowdStrike incident that crashed IT systems around the world. Well actually you should probably just read the blog from Brendan and the BSC "No More Blue Fridays". While technical problems often have multifaceted causes, they argue that "In the future, computers will not crash due to bad software updates, even those updates that involve kernel code. In the future, these updates will push eBPF code."

While no software is immune to bugs, eBPF has a verifier that checks whether the program is safe to run. The verifier also isn't perfect, but there are many companies and even academic researchers trying to continuously improve the verifier through things like fuzzing and formal verification. If I had to choose between the tests a team had the time to write and a verifier with industry funding and academic research behind it, I know which one I would choose every time. So "If your company is paying for commercial software that includes kernel drivers or kernel modules, you can make eBPF a requirement because together we can make such global outages a lesson of the past."

I've got talks to review for Cilium + eBPF Day and eBPF Summit so let’s 🐝 -gin.


The Technical

Live Migrating Production Clusters From Calico to Cilium - "There are a number of features offered by Cilium that we wanted to explore"

Hello eBPF: Write your eBPF application in Pure Java (12) - "the new Java compiler plugin, that allows to you write in “pure” Java, using Java as a DSL for C"

Making damn vulnerable web application almost unhackable with Cilium and Tetragon - How to block some common vulnerabilities with Cilium and Tetragon

itsCheithanya/eBPF-XDP-ML-Firewall - "Leveraging XDP to incorporate ML models with floating-point weights into eBPF"

atomic77/nethadone - "uses eBPF to efficiently monitor and dynamically adjust traffic speeds to gently nudge users off of configured sites"

🐝

 

The Release

Cilium 1.16 – High-Performance Networking With Netkit, Gateway API Gamma Support, BGPV2 and More! - The theme of the release is “Faster, Stronger, Smarter” – faster for the blazing performances you will get with netkit, the new virtual network device, stronger for all the security and operational improvements, such as Network Policies Port Range support and smarter for all the new traffic engineering features such as Kubernetes Service Traffic Distribution, Local Redirect Policy and a 5x reduction in tail latency for DNS policies!

🐝

 

The Ecosystem

No More Blue Fridays - "If your company is paying for commercial software that includes kernel drivers or kernel modules, you can make eBPF a requirement"

Recent CrowdStrike Outage Emphasizes the Need for eBPF-Based Sensors - "safer, more flexible, and easier to deploy and manage than kernel-based sensors"

Can Cilium Be a Control Plane Beyond Kubernetes? - Hear how Cilium is taking over where NSX left off

Cilium for AI/ML Workload - Top 5 challenges and how Cilium comes to the rescue

Comparing eBPF and Kernel Modules for Application Vulnerability Detection and Attack Monitoring - Pros and cons for each, but they are still using eBPF in their product

Observability Cost-Savings and eBPF Goodness with Groundcover - Podcast from Bret Fisher

eBPF use cases - "eBPF is emerging as a key to many cloud native use cases"

How Open Source Project Tetragon Is Evolving Security via eBPF - an interview with Jeremy Colvin

Architecting Cloud-Native Platforms: The Role of Domain-Driven Design and Cell-Based Architecture - and the role that Cilium network policies play

🐝

 

The How To

Getting Started with Cilium Service Mesh on Amazon EKS - with deployment architecture and code samples

Enabling Enterprise features for Cilium in Elastic Kubernetes Service (EKS) - Covering everything from network policy to Tetragon

Cilium on EKS with Sveltos - Installing with a GitOps based approach

Installer Cilium sur WSL2 - "les étapes pour configurer un environnement WSL2 compatible avec Cilium"

EKS & Isovalent Enterprise for Cilium – Reducing Operational Complexity - Skip add-ons to get Isovalent Enterprise for Cilium

🐝

 

The Video

Using eBPF for Better Kubernetes Performance - Sharing experiences and pitfalls

Videos showing features from Cilium 1.16 including Local Redirect Policy, Egress Gateway Traffic Observability, Network Policy Validation Status, Hubble Node Labels Filter, Per-Pod Fixed MAC Address, and Service Traffic Distribution

Favorite Cilium Feature? Hart's (Not So) Hot Take - Spoiler: Hubble, like everyone else once they discover it

🐝

 

The Events

Getting Started with Networking Security - Virtual Workshop series

Session 1: Intro to Networking Security & SecOps - July 30

Session 2: Networking Security: Zero Trust Visibility - August 6 

Simplify Kubernetes operations with Cilium Ingress: Hands-On Workshop for Platform Operators - Virtual Workshop on August 22

eBPF Summit - September 11th! We are reviewing the proposals now

Tetragon: Cloud Native Security Workshop with Copebit & AWS in Zurich - In-person event on September 17

Cilium + eBPF Day - See you in Salt Lake!

🐝


The Tweet of the Week



To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics