eCHO news in your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

When cloud native and Kubernetes began, the advice was that it was only for stateless workloads. For me, the technology really began to "cross the chasm" when it began to host stateful workloads and support more niche use cases, like IoT. I think we are beginning to see that with eBPF now with projects around both storage and IoT launching this week. While they are still in their infancy, they bode well for what is to come. We also just closed the CfP for eBPF Summit and there are a lot more exciting projects coming out, don't miss out!

On the Cilium side of the house, we are also seeing a lot of maturity with the release of 1.12 this week. All the press from the release can be found in a special section below. My favorite quote from the community was "Cilium 1.12 is a game changer. I think I will convert to Cilium as my default CNI no matter the size of the project. Ingress controller, service mesh, topology aware hints." Pretty soon it will be no one got fired for choosing Cilium. Let's 🐝 gin!

The Technical

xrp-project/XRP

"In-Kernel Storage Functions with eBPF" skipping the kernel storage stack to improve performance

Aya: your tRusty eBPF companion

"Aya is a library that makes it possible to write eBPF programs fully in Rust" check the post for the details and how Deepfence uses it

Exein-io/pulsar

"A highly modular and blazing fast runtime security framework for the IoT, powered by eBPF" you can read the open sourcing blog too

citronneur/blindssl

"Disable SSL certificate verification for all binaries that use libssl" but requires dynamic linking with libssl

quarkslab/peetch

"peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections"

rafaeldtinoco/drafts

"For anyone trying to find a very simple skeleton/draft to use for coding eBPF in golang. It generates a static binary you can distribute to any distro (and any kernel version)"

🐝

The Ecosystem

Cilium Service Mesh

To sidecar or not to sidecar, that is the question (with a choice of control plane). Read up to learn where Cilium Service Mesh is headed next 

Introduction to Parca - Part 1

"Parca is our open source, always-on eBPF-based continuous profiler" learn how it works and what it does in the article

What Is eBPF? A Guide To Improved Observability & Telemetry

Splunk is in on the eBPF game now too with Flowmill

Detecting and Capturing Kernel Modules with Tracee and eBPF

The blog post to follow their talk. Stop rootkits before they happen

Leveraging eBPF for Linux Runtime Security

"eBPF and AuditD do share some common capabilities. Nevertheless, AuditD falls far short of eBPF for system-level visibility into modern cloud environments"

eBPF and API Security with Traceable

"eBPF-based data collection has the ability to show deep API traffic data (request/response headers and bodies/payloads) for both North-South and East-West traffic" eBPF moving up the stack

🐝

The How To

Tracing a packet journey using Linux tracepoints, perf and eBPF

Learn how to trace a ping packet journey across network interfaces and namespaces

Kubernetes Networking with Cilium CNI and OKE on Oracle Cloud

"Why Cilium, you ask? For one, my team mate Sherwood Zern has been talking about it for quite a while. In fact, he hasn’t stopped talking about it." ❤️

Using eBPF with Fluent Bit and Tracee

"The goal is to focus on that “first mile” observability of getting the eBPF information into Fluent Bit to send to various integrations we support" seems eBPF is becoming table stakes for observability

My first impressions of Cilium

"It was smooth and everything worked the first time. It is an extraordinary and cutting-edge CNI" Love to hear it!

🐝

The Release

Cilium 1.12 – Ingress, Multi-Cluster, Service Mesh, External Workloads, and much more - Isovalent

Cilium 1.12 GA: Cilium Service Mesh and other major new features for enterprise Kubernetes - CNCF

Cilium Service Mesh: A new bridge back to the kernel for cloud-native infrastructure - TechRepublic

Cilium launches eBPF-powered Kubernetes service mesh - InfoWorld

Expert Interview: Isovalent on the Launch of Cilium Service Mesh - VMblog

Cilium speeds sidecar-optioned cloud-native networking - ComputerWeekly.com

Cilium Service Mesh Extends eBPF for Cloud Deployments - ITProToday

Open-Source Project of the Week: Cilium Service Mesh - ITOps Times

Containerisierung: Cilium 1.12 bietet Service-Mesh-Alternative zu Istio - Heise

오픈소스 네트워크 소프트웨어 실리움, 서비스 메시 기능 추가 - ITWorld

Cilium 1.12 Adds Cilium Service Mesh And Other New Features For Enterprise Kubernetes - TFIR

The Events

eBPF Summit

Back for the third year and we are putting together a great program (I know at least two eBPF maintainers will be speaking) CfP is now closes and it will be a very tough choice for us 😅

Isovalent Cilium Enterprise and Cilium 1.12: Features and Updates Webinar

Get hands on with the Cilium 1.12 Release with Cilium co-founder Thomas Graf August 4th

Cilium and eBPF @ Open Source Summit

A broad variety of talks from a Cilium workshops and talk on service mesh to eBPF for beginners and privilege escalation September 13-16th in Dublin

eBPF @ Black Hat USA

eBPF hitting the stage at BlackHat August 6-11th covering Kernel Exploits, Rootkits, and securing Windows

🐝

The Videos

eCHO Episode 53:

Life of a Packet in Cilium Continued

eCHO Episode 54:

Tetragon