The Technical
Apache SkyWalking Rover
"A collector based on eBPF technology, deployed in the target monitoring system to collect metrics, perf profiling, network optimization" = more eBPF based observability
Building a service map using eBPF
Even more observability being built on eBPF. "We implemented eBPF-based container tracing which is a part of our open source Prometheus exporter node-agent"
eBPF โ kProbes failure on AWS Amazon Linux 2 image
Find out how a Linux Kernel version overflow can break your eBPF
Kernel Image Lockdown and eBPF Flexibility!
eBPF being used to increase security "eBPF is a great technology. In this particular case, it allows loadable LSM programs that can be pinned or removed at any time."
Block Linux Fileless Payload "Malware" Execution with BPF LSM
And in even more security use cases "with eBPF we are able to develop new network and security usecases. Also thanks to the ebpf kernel maintainers that are doing an amazing work by listening and incorporating developers resquests." ๐
Check ARGC0 LSM BPF
Simple LSM BPF program to prevent program executions with argc == 0
ViperProbe: Rethinking Microservice Observability with eBPF
"While the adoption of frameworks like Istio and Kubernetes ease the management and organization of such systems, they do not themselves provide strong observability." Who would have thought?
Production ready eBPF, or how we fixed the BSD socket API
It allowed us to leave behind limitations of the BSD socket API. However, its most powerful feature is that the addresses a service is available on can be changed on the fly
eBPF for Tracing How Firefox Uses Page Faults to Load Libraries
"Few people seem to understand how memory-mapped IO works", but now you can with eBPF
Detecting Monero miners with bpftrace
eBPF coming to the rescue to save us from the scourge of crypto(miners). It's defensive in depth plus looking for changes in floating point operations
Handling the Challenge of Deploying eBPF into the Wild
A quick overview of how libbpf+CO-RE can help you reliably deploy eBPF programs
Merbridge - Accelerate your mesh with eBPF
"Replacing iptables rules with eBPF allows shortening the datapath between sidecars and services." Glad to see other people jumping on the bandwagon
Introducing Ballast: An Adaptive Load Test Framework
"An adaptive load test framework that leverages traffic capture using BPF and replays the traffic using a PID Controller mechanism" cool to see some new use cases!
๐
The Ecosystem
Every Boring Problem Found in eBPF
Dive deep down the rabbit hole of making eBPF work. "There are two main problems with BPF: 1) it's now being used in ways it was never designed for" said every technology ever ๐คฃ
eBPF Bits at DevConf.cz
Overview of new features in eBPF including calling kernel functions from eBPF programs, timers support, BTF_KIND_TAG support, and others
The current state of eBPF portability
"eBPF allows us to insert small pieces of code almost anywhere in the kernel" Learn about the difference between using kprobe and tracepoints
Siphoning through the Acronyms with Liz Rice
The (in)famous Corey Quinn breaks down the who, what, when, where, and why of the eBPF ecosystem with Liz Rice on his podcast
๐
The How To
Kubernetes Security โ Control pod to pod communications with Cilium network policies
Learn how deploy Cilium with network policies and fix pods communication errors with Hubble
Cilium Kubernetes CNI Provider Deep Dive: Part 2
This video dives into โendpointsโ, endpoint โidentityโ, and examines how Cilium can apply L3, L4, and L7 network policies to Kubernetes workloads
Networking, security & observability with Cilium - Civo Online Meetup
Online meetup on March 30th with Isovalent and Civo giving an overview of Cilium and a Cilium network policy security tutorial. Register today!
The Dirty Pipe vulnerability: Overview, detection, and remediation
eBPF coming to the rescue again to detect attacks with the latest Linux CVE, the Dirty Pipe Vulnerability
๐
