eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

21st April 2026

I've been tracking eBPF projects on Github for over 4 years and it is kind of wild the explosion I've seen recently. Some of it is due to AI, but most of those projects don't make it into this newsletter. What is more interesting to me is the range of use cases people are apply eBPF to.

Look at just this edition alone, eBPF is being written in Haskell, used to prevent circular dependencies in deployment, replacing runtime security sensors, and resurrecting IPX after it was removed from the Linux kernel in 2018.

At this point, the better question might be, What can't eBPF do? It can't ride my bike and it's finally sunny outside so let’s 🐝 -gin.

The Technical

The Death of externalIPs: Migrating to Cilium Node IPAM

K8s 1.36 deprecates service.spec.externalIPs, adopt Cilium’s LB IPAM now

How We Deployed a Kubernetes MCP Server on Production to Give Engineers AI-Powered Debugging Across 20+ Clusters

How Brevo built a Kubernetes MCP server with Cilium Ingress & more

Building Runtime Enforcement for Kubernetes with eBPF

Juliet Security replaced Falco with an embedded eBPF sensor

Cilium, Istio, and a 2-Node k8s Cluster: How I Productionised a 6-Agent RAG System on Bare Metal

What nobody tells you about running Cilium on bare metal

The 1-in-256 Kubernetes, Cilium, Tailscale bug and the trivial fix

Sometimes the fix is changing a single label

A Bug Hunt in Our Kubernetes Cluster

Lovable found a WireGuard concurrency bug in GKE's Cilium implementation 

Kinann01/hbpf

A Haskell eDSL for writing eBPF programs with compile-time safety guarantees

pjs7678/kpod-metrics

eBPF-based pod-level kernel metrics collector for Kubernetes

fiwippi/erez

eBPF-based per-packet multipath routing

reinauer/SNIpR

eBPF SNI-based TLS router

swananan/ghostscope

DWARF-aware eBPF tracer for source-level userspace tracing

boratanrikulu/bpfvet

BPF portability analyzer for compiled eBPF object files

honeybee-studio/honeybeepf-llm

Monitors token usage, latency, and sensitive file access without code changes

boratanrikulu/gecit

DPI bypass tool - eBPF on Linux

h0x0er/ebpf-skill

An eBPF skill for coding agents

kumarkshiv/yaksha-ebpf-analyzer

eBPF bytecode analyzer for understanding third-party network function behavior

twisted-pear/ipx_wrap

A joke IPX implementation for Linux using eBPF

obdev/littlesnitch-linux

Open Source components of Little Snitch for Linux

false-systems/syva

7 LSM hooks watch every open, exec, kill, ptrace, and cgroup move

🐝

The Ecosystem

Cilium’s Next Act Is About Securing and Connecting AI-Ready Kubernetes Infrastructure

AI workloads, sovereign cloud requirements, and multi-tenant GPU environments raise the cost of getting networking layers wrong

Strengthening eBPF Security: Progress on Audit and Runtime Hardening

surfacing real, validated findings in security-critical parts of the eBPF stack

Observability in Go: Where to start and what matters most

eBPF and observing the “dark side” of systems

Telefónica’s acens and Cisco: Driving the next generation of cloud-native services with Isovalent

Advanced monitoring, datapath efficiency, and multi-tenant policy enforcement with Cilium & eBPF

🐝

The How To

The Video

Cilium Project Update KubeCon EU 2026

A little Star Wars themed update for you ;)

CiliumCon Europe 2026

Catch up on all the sessions from last month in Amsterdam 🌷

An Immersive and Visual Journey Into Kubernetes Networking

Follow the fish as it swims from pod to pod

Monta tu laboratorio de Cilium en Kubernetes desde cero (kind + eBPF)

Abrir el capó de Cilium

🐝

The Events

ACM SOSP'26 Workshop on eBPF and Kernel Extensions

September 29th in Prague, CfP open

Linux Plumbers Conference

October 5-7th in Prague, CfP open

🐝 

The Livestreams

eCHO Episode 206: KubeCon Europe 2026 Recap

Upcoming April 24: eCHO Episode 207: Exploring eBPF Summit Hackathon Winner xgotop

The Post of the Week

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan and Katie Meinders. Any feedback is welcome!