View in browser
echo-newsletter-20 (1)

eCHO news in your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

29th November 2022

 

With Thanksgiving over for the Americans, we are now into the final part of the year where people like to use holiday parties (and hangovers) to avoid work. In the spirit of asking what you want for the holidays, I have three requests for anyone reading this newsletter.
 
First, if you haven't already please fill out the Cilium User Survey. It will help us guide the project to meet the needs of the community. It will be closing Friday!
 
Second, the main news source I use for this newsletter is currently Twitter. Obviously the platform is currently undergoing massive turmoil and could change significantly. If you see (or write) something that should be in the newsletter please feel send it to me to include. I'm happy to include any community content!
 
Third, 2022 has been an amazing year for Cilium and I would like to wrap it up with an annual report. I'll be including details from the user survey (so go fill it out as requested above!) and many more highlights from the community. If there is something you think should be included, but I might not know about just hit the reply button and let me know!

 

Let's 🐝 gin!

The Technical

How we diagnosed and resolved Redis latency spikes with BPF and other tools

A very deep dive into how to use tools like BCC and bpftrace to resolve performance issues

 

ebpf-networking/tc-nodeport

"POC of K8s Nodeport service using BPF"

 

angelopoerio/tinyfw

"A toy containers aware firewall built in Rust leveraging eBPF"

 

fbac/sklookup-go

"eBPF sk_lookup program as a golang library"

 

r-caamano/ebpf-tproxy-splicer

"An ebpf program that uses ebpf tc to redirect ingress ipv4 udp/tcp flows toward specific dynamically created sockets used by openziti edge-router"

 

kindlingproject/kindling

"eBPF-based Cloud Native Monitoring Tool"

 

eBPF β€” From Scripts To Production

"Don’t expect your eBPF code to work just because it worked many times before"

🐝

 

The Ecosystem

BPF for HID drivers

"Device manufacturers, of course, show no sign of running out of ideas for new ways to make broken hardware" but eBPF can come to the rescue now. In German

 

Introducing the Cilium Enterprise integration in Grafana Cloud for Kubernetes network monitoring

Learn how to monitor Cilium in Grafana and what dashboards are available

 

Why Public Cloud Vendors Must Get Serious About eBPF – Now

"The longer it takes cloud vendors to get on board with the eBPF revolution, the greater the risk that they'll be left behind by customers"

 

How eBPF Will Revolutionize Container Monitoring

Because containers aren't real

 

IETF-Hackathon/ietf115-project-presentations

Even IETF wants to get in on the buzz! Check out their hackathon presentations

 

Harnessing the Power of eBPF

Yet Another eBPF Company :D using it for packet decapsulation, service chaining, debugging, and observability

 

Aqua Security Combats Rising Zero-Day Attacks with eBPF Lightning Enforcer

Another runtime security tool based on eBPF

 

Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer

and the product pitch blog post. Not surprised by "internal testing has demonstrated a 65% reduction in load as compared to a non-eBPF agent" though

🐝

 

The How To

Transparent encryption of node to node traffic on Amazon EKS using WireGuard and Cilium

A nice hands on walk through of exactly what the title says

 

Using eBPF-TC to securely mangle packets in the kernel, and pass them to my secure networking application

"I leveraged eBPF-TC to build a Plugin TPROXY IFW to steer traffic to my target application"

🐝

 

The Events

Cilium Hands-On Workshop & Deep Dive - The Netherlands

Workshop December 1st in Utrecht

 

Kubernetes Networking, Security, and Observability with Cilium and more

Meetup December 6th in Bergen

 

Cilium Hands-On Workshop & Deep Dive Oslo

Workshop December 7th in Oslo

 

Kubernetes Networking, Security, and Observability with Cilium

Meetup December 7th in Oslo

 

KubeDay Japan

Liz Rice will be keynoting December 7th in Yokohama about eBPF and the end of sidecars

 

Platform Operators: How to supercharge OpenShift with Cilium

Join the webinar on December 13th

🐝

The Videos

eCHO Episode 69: Cluster API and Cilium - Evaluating Cluster API Distros

eCHO Episode 69: Cluster API and Cilium - Evaluating Cluster API Distros

  

eCHO Episode 70:

Azure CNI Powered by Cilium

 

Episode #70: Azure CNI Powered by Cilium

Upcoming Stream

eCHO Episode 71: eBPF in Japanese Community

Add to your calendar

The Tweet of the Week

the Berkeley Packet Filter (BPF) is a subsystem of many Unix operating systems wherein all packets are sent to a server in Berkeley, California, which has the firewall rules on it.

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

 

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

 

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan. Any feedback is welcome!

Bill Mulligan

I work at Isovalent which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium

isovalent
LinkedIn
Twitter

Isovalent, 20830 Stevens Creek Blvd. #1047, Cupertino, CA 95014, United States

Unsubscribe Manage preferences