logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Liz Rice
2023-04-21

tldr - powered by Generative AI

The presentation discusses how Cilium and its ClusterMesh feature can simplify connectivity across multiple clusters in a cloud-agnostic way, enabling connectivity between services spread across clouds, load balancing requests across backends in multiple clusters, connectivity between Kubernetes and legacy workloads, mutually-authenticated, encrypted connections between services, and multi-cluster network policies. The presentation also addresses challenges related to IP address management, scale, and observability of multi-cluster networks, and how Cilium can help.
  • Cilium and its ClusterMesh feature can simplify connectivity across multiple clusters in a cloud-agnostic way
  • Connectivity between services spread across clouds
  • Load balancing requests across backends in multiple clusters
  • Connectivity between Kubernetes and legacy workloads
  • Mutually-authenticated, encrypted connections between services
  • Multi-cluster network policies
  • Challenges related to IP address management, scale, and observability of multi-cluster networks, and how Cilium can help
Authors: Raymond de Jong, Anna Kapuścińska
2023-04-21

tldr - powered by Generative AI

The presentation discusses the challenges of observability and security in distributed systems and how psyllium and Hubble can address these challenges.
  • Psyllium and Hubble can provide observability and security in distributed systems
  • Existing mechanisms such as traditional monitoring devices and VPC logs fall short in providing context and scalability
  • Psyllium uses identity-based observability and security based on labels to secure and monitor traffic
  • Hubble provides a surface mesh solution for monitoring workflows and exporting flows to other platforms
  • Ready-to-use dashboards are available in Grafana marketplace for monitoring cluster and application performance
Authors: Natalie Serrino, Frederic Branczyk
2023-04-19

tldr - powered by Generative AI

The presentation discusses the use of BPF (Berkeley Packet Filter) in cybersecurity and DevOps, highlighting its benefits and future potential.
  • BPF is a powerful tool for network analysis, security, and observability in production environments.
  • BPF allows for zero-instrumentation profiling of entire production clusters.
  • BPF has some limitations, including performance issues and difficulty in interpreting raw data.
  • Future developments in BPF may address these limitations, including increased support for programming languages and improved interpretability through machine learning.
Authors: Liz Rice, Richard Hartmann, Andy Allred
2023-04-19

tldr - powered by Generative AI

Cilium is a high-performance networking and security solution for Kubernetes that uses eBPF and is becoming the CNI of choice in the industry. The presentation covers updates, news, roadmap, and real-world use cases of Cilium.
  • Cilium is a popular networking and security solution for Kubernetes that uses eBPF and is becoming the CNI of choice in the industry.
  • Cilium provides high-performance load balancing, network policy, transparent encryption, and the ability to integrate multiple Kubernetes clusters and external workloads.
  • Hubble is the observability platform that gives visibility into individual network flows, aggregated metrics, service maps, and the ability to export all this metric information to various destinations.
  • Tetragon is the security observability subproject in Cilium that uses eBPF to instrument the kernel and give insight into security-relevant events.
  • Cilium is being adopted by all major cloud providers, including AWS, Azure, and Google Cloud.
  • The presentation includes real-world use cases of Cilium from Isovalent, Grafana Labs, and Eficode.
  • Grafana Labs has developed a new Grafana app that allows users to get all the power of Hubble directly from within Grafana.
Authors: Raymond de Jong
2023-04-19

tldr - powered by Generative AI

The presentation discusses how to achieve network security and observability using Celium and eBPF features.
  • Use Celium and eBPF features to achieve network security and observability
  • Prioritize on the number of servers exposed through Ingress or Gateway API
  • Focus on services reachable within the cluster across namespaces and services with access to external resources such as egress
  • Start with an initial namespace policy and use global policies across the platform or even across clusters using cluster-wide network policies to define the guardrails
  • Transition from per-namespace security with global policies as guardrails to more fine-grained policies
  • Use CI/CD pipeline tools like Argo Flux and Github pipelines to manage network policies at scale
  • Automatically check for CIDR blocks which are not approved to be allowed to access using a policy
  • Unlock features in networking security and observability using eBPF
Authors: Duffie Cooley, Tracy P Holmes
2023-04-19

tldr - powered by Generative AI

Tetragon is a security observability tool that can be used to detect and prevent malicious behavior in a Kubernetes cluster.
  • Tetragon is a daemon set that can run on virtual machines or other external entities directly
  • It instruments the Linux kernel on every node in a cluster to detect events such as process executions, file access, TCP patterns, namespace escapes, and privileged escalations
  • Tetragon can also expose metrics for HTTP, DNS, and TLS, making it easy to audit compliance controls
  • Context is king in security observability, and Tetragon provides a lot of context by giving detailed information about the events it detects
Authors: Daniel Borkmann, Nikolay Aleksandrov
2022-10-27

tldr - powered by Generative AI

The talk is about the possibility of IPv6-only clusters addressing scale and performance requirements in data center networks.
  • Psyllium experiment started in 2016 with IPv6-only container networking using EBPF and XDP
  • IPv6 adoption has progressed in Kubernetes and hyperscale environments
  • IPv6 offers more IPAM flexibility and larger cluster scale
  • IPv6-only clusters unlock new Linux kernel innovations in networking and EBPF for data intensive workloads
  • Cilium's networking data plane enables a low-latency architecture suitable for BIG TCP-based workloads requiring IPv6 for 100Gbit/s transfers and beyond for a single socket
  • Cilium developed a new veth driver replacement for the kernel to achieve host networking performance characteristics for Pods
  • With the resulting EBPF forwarding architecture, most unneeded parts of the stack are bypassed, drastically improving networking
Authors: Liz Rice, Purvi Desai, Thomas Graf, Bill Mulligan, Chandan Aggarwal
2022-10-26

Welcome to Cilium! In this session you'll get an update on how the Cilium project has been progressing on the road towards graduation (we have raised a PR!). You'll hear about the latest developments and future roadmap, including news about some of the largest and most interesting deployments of Cilium. And don't miss this session if you're interested in contributing to the project, as there will be guides on how to get involved and where your help is needed.In this session you'll hear from Cilium contributors from Isovalent, Google, Microsoft and Grafana Labs
Authors: Christian Weichel, Simon Emms
2022-10-26

tldr - powered by Generative AI

The presentation discusses the similarities between honeybees and distributed systems, particularly Kubernetes, and how beekeeping practices can provide insights for managing and operating these systems.
  • The presentation uses honeybees as a metaphor for distributed systems, particularly Kubernetes, to illustrate similarities in behavior and organization.
  • Beekeeping practices, such as using signals and observability, can provide insights for managing and operating distributed systems.
  • The role of the beekeeper in managing a hive is similar to that of an operator in managing a Kubernetes cluster.
  • Beekeeping practices can benefit from automation and better observability, similar to how these practices are emphasized in managing distributed systems.
Authors: Tracy P Holmes, Raymond de Jong
2022-10-25

tldr - powered by Generative AI

The presentation discusses how to enforce network policies using Psyllium and Kubernetes to ensure least privilege security between microservices.
  • Psyllium and Kubernetes can be used to enforce network policies for microservices
  • Least privilege security can be achieved by filtering HTTP requests and restricting API access
  • L7 security policies can restrict access to required API resources
  • Psyllium website provides resources and a helpful Slack community for beginners and contributors