eCHO news in your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

20th September 2022

In case you missed the news, Istio has come out with a new service mesh alternative that is between sidecar and sidecarless, let's call it sidecar'ish. Instead of a proxy per pod or a proxy per node, it is now a proxy per namespace. They say this best straddles the middle for ease of use, resource consumption, and security. A lot of the service mesh fight recently has been around what architecture provides the best combination of the three. The classic argument between security and usability.

I would argue this is a less important debate than people are making it out to be. Most hacks come from social engineering rather than technical engineering, just ask Uber. Making systems less usable also probably makes them more vulnerable to a social engineering attack too. My guess is that more simple systems, like Cilium Service Mesh, will win out, but only time will tell. The best part for Cilium is that even if that guess is wrong, it will still work with sidecar and sidecar'ish meshes. Hard to lose when every horse in the race is a winner for you. Let's 🐝 gin!

The Technical

Porting an eBPF-based application to arm64: our experience with Inspektor Gadget

Learn what it took the Kinvolk team to bring Inspektor Gadget to Arm. "We will also keep an eye on RISC-V development as we may port Inspektor Gadget to that architecture in the future" can't wait!

Introduction to eBPF - Part 1

A nice 201 introduction to eBPF for people slightly familiar with it or that have a coding background

An exciting journey of adding Cilium support to Deckhouse

"Cilium has a rather high entry threshold, but it is a powerful and handy tool that adds many useful features to cluster management. All this makes Cilium a fascinating project that is worth paying attention to"

🐝

The Ecosystem

The Rise of Kubernetes and the End of Networking & Security as You Know It. What’s Next?

"Isovalent Raises $40M to bring Networking & Security into the Cloud Native Era" I guess I will have a job for a bit longer :D great overview of the vision for Cilium too

This new connectivity layer will define the next decade of cloud infrastructure

"eBPF and Cilium are critical technologies in a new infrastructure layer that is emerging"

Why You Should Pay Attention to eBPF

Even the analysts are in on the ploy now, glad to see it getting some love

Utmost User Story

Utmost uses Cilium for SOC 2 Type II attestation, ISO 27001 certification, and zero trust networking to handle over 4,000 flows per second

Linux kernel's eBPF feature put to unexpected new uses

Wrap up of Linux Plumbers Conference in Dublin covering new use cases like ghOSt for scheduling and Human Interface Devices-BPF

Kubernetes Day 2 challenges — Isovalent brings secure connectivity, nabs funding

"eBPF allows us to teach Linux to identify and properly connect, load-balance, firewall, and monitor these containerized workloads in a way that would never be scalable or performant using the legacy Linux networking"

Community Roundup: Kubernetes, Operators, Cilium

Quick blog on how to get started in the Cilium community, thanks Austin!

Groundcover secures $20 million Series A to expose code crashes

More money for eBPF and APM 💸💸💸'

Every Call You Make: Why Watching Traffic (and eBPF) Is the Future of Developer Tools

"This person and I both agree that “99% developers” need easier solutions to observability. Where we disagree: I believe eBPF is the way to get there."

Goodbye Sidecars: Could eBPF Steal Istio Service Meshes' Thunder?

"But we expect that sidecar containers will look increasingly dated over the coming years. Those who prioritize speed and efficiency will turn to eBPF."

🐝

The How To

Raspberry Pi Kubernetes Cluster with Cilium CNI

"I am really impressed that Cilium works on small / edge networks" Find out how to do it here

A Deep Dive into eBPF: Writing an Efficient DNS Monitoring.

Dive into the process of creating an actual application from monitoring requests, responses, and process in DNS, gradually enriching the functionality and accompanying all this with explanations, comments, and links to the source code

🐝

The Events

eBPF Summit

is only one week away! Go register if you haven't already :) 32 talks across eBPF in the Real World, for Networking, for Security, and Programming and Internals!

eBPF Summit Watch Parties

Check out the ones in Berlin, Lausanne, Tel Aviv, and Zurich if you are in town

eBPF or sidecars? @ KubeHuddle

Catch Liz Rice in Edinburgh

Bee Tracks: Introduction to Cilium and eBPF

Join Bee Tracks to learn about the Cilium stack in instructor led hands on labs

Following The ‘Superpower’ Promise Of EBPF @ P99 Conf

Liz Rice will uses eBPF code and demos to explore the basics of high performance networking with Cilium

🐝

The Videos

eCHO Episode 61:

Tanzu Community Edition with Cilium and Kube-VIP

eCHO Episode 62:

Linux Plumbers Conference BPF Track Recap