eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

13th August 2024

I can tell its summer holidays by the number of out of office replies to the newsletter. That hasn't slowed down the number of blog about Cilium and eBPF though. Even if more people are at the pool than reading the newsletter, I've actually met a few subscribers in person this month which puts a face to the inbox. Shout out to people at Geodata AS and DeliveryHero. I always love to hear that these digital bytes are something that real people enjoy reading.

If you want some "light" poolside reading, I would really recommend the a look inside the BPF verifier and CNI from scratch as they dive into the nuts and bolts behind some of the core technology behind eBPF and Cilium. I've got to go put the finishing touches on the schedule for Cilium + eBPF Day and eBPF Summit so so let’s 🐝 -gin.

The Technical

About Cilium native authentication feature

Understand how it works with SPIFFE and SPIRE and try it out

A look inside the BPF verifier

"So how does the verifier actually work, what are its limits, and how has it changed since the early days of BPF?"

Demystifying the CNI by Writing One From Scratch

Learn how the CNI creates virtual ethernet interfaces and manages network settings

Hello eBPF: A Packet Logger in Pure Java using TC and XDP Hooks (13)

all in 150 lines of code

eBPF Insights into Real-Time SSL/TLS Traffic

With 0.2µs latency and 0.1% CPU load

Re-implementing my Linux Rust scheduler in eBPF

"prototyping new schedulers in user-space using Rust and then re-implementing them in BPF can be an effective workflow for designing new specialized schedulers"

Writing a system call tracer using eBPF

with all the code on Github

Writing eBPF RawTracepoint Program with Rust Aya

including argument handling and sharing tips for writing eBPF programs

A deep dive into CVE-2023-2163: How we found and fixed an eBPF Linux Kernel Vulnerability

Found thanks to fuzzing

Challenges and Strategies in eBPF Uprobe Development

"When it comes to eBPF development, the hardest part is moving forward from the code examples and tutorials you find on the web and designing something on your own" 🤣 same

evanrolfe/trayce_agent

"eBPF to monitor network requests between Docker containers and external hosts"

listendev/argus-releases

eBPF "runtime security tool capable of not only monitoring, but also enforcing application behavior"

dorkamotorka/ebpf-map-metrics

"eBPF Map Prometheus Exporter" with an intro blog post and part 2

aquasecurity/traceeshark

"Deep Linux runtime visibility meets Wireshark" with launch blog post

tzussman/kmodleak

"Track memory leaks for Linux kernel modules using eBPF"

brown-ssl/beebox

"Hardening BPF against Transient Execution Attacks"

🐝

The Ecosystem

Case Study: Seznam.cz

"Using Cilium as our complete networking solution has made things easier for all our users. It works very well and has saved us a lot of money"

Case Study: Kakao

"As an engineer, Cilium has lowered our costs for performance and networking"

eBPF Security Observability: Top Tetragon Use Cases (Part 1)

#3 will really shock you

Achieving PCI-DSS Compliance With Isovalent, Cilium, and Zero Trust

Case study from Schuberg Philis

Bypassing eBPF to Protect Runtimes in Kubernetes Apps

Great to see that eBPF is the trend in security that you now need to go against

Could eBPF Save Us From CrowdStrike-Style Disasters?

"in terms of risk reduction, eBPF is by far superior"

Introduction To Writing eBPF Programs for Linux Security

Zero to packet filtering

eBPF Foundation Member Spotlight: Isovalent

Many things happening at the Foundation this year. Hear why Isovalent is excited!

eBPF for Cloud Computing

Quick intro article with Cilium mention

Upwind Extends its CNAPP with Agentless Cloud Scanners

Seems every security vendor now uses eBPF

CrowdStrike: A Wake-Up Call for eBPF-Based Endpoint Security

"Unlike traditional kernel modules, eBPF operates in a safer manner"

How Kubernetes Changed the Networking Model and What Developers Should Know about eBPF and Cilium

"we see more and more operators using Cilium to its full potential, removing the need to install and manage other tools like proxies, ingress, or service meshes"

🐝

The How To

Integrating Dapr with Cilium: A Sidecar-Less Service Mesh Approach combined with a powerful distributed application runtime

Combining Cilium Service Mesh with Dapr Shared

Enhancing OKE Security with Cilium Network Policy

Protecting Oracle with Cilium

Setting Up Cilium Networking on EKS Without Default Add-Ons

Bring your own CNI to EKS

Sveltos Templating: Cilium Cluster Mesh in One Run

in a couple of minutes with GitOps

Talos Kubernetes on Proxmox using OpenTofu

Installing with Cilium

Setting up cilium cni plugin on a 2-node cluster on x86 using kind

disable the default CNI and get Cilium instead!

🐝

The Video

Understanding eBPF Cisco's Approach to Networking and Security | Snack Minute

Quick intro to eBPF and why Cisco is using it for Hypershield

🐝

The Events

Simplify Kubernetes operations with Cilium Ingress: Hands-On Workshop for Platform Operators

Virtual Workshop on August 22

Containers Days

Hear about Tetragon, Gateway API, and network policy September 3-4 in Hamburg

eBPF Summit

September 11th! Schedule coming next week

eBPF Vienna - Kernel Insights

September 20th before LPC hear from Daniel and Anton

Tetragon: Cloud Native Security Workshop with Copebit & AWS in Zurich

In-person event on September 17

Cilium + eBPF Day

See you in Salt Lake!

🐝 

The Livestreams

eCHO Episode 147: Cilium 1.16 Release (EU episode)

eCHO Episode 148: Exploring Cilium With Geneve and DSR