eCHO News 62

?eCHO news is your bi-weekly wrap up of all things eBPF and Cilium . If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

13th August 2024

I can tell its summer holidays by the number of out of office replies to the newsletter. That hasn't slowed down the number of blog about Cilium and eBPF though. Even if more people are at the pool than reading the newsletter, I've actually met a few subscribers in person this month which puts a face to the inbox. Shout out to people at Geodata AS and DeliveryHero. I always love to hear that these digital bytes are something that real people enjoy reading.

If you want some "light" poolside reading, I would really recommend the a look inside the BPF verifier and CNI from scratch as they dive into the nuts and bolts behind some of the core technology behind eBPF and Cilium. I've got to go put the finishing touches on the schedule for Cilium + eBPF Day and eBPF Summit so so let’s ?? -gin.

The Technical

About Cilium native authentication feature - Understand how it works with SPIFFE and SPIRE and try it out

A look inside the BPF verifier - "So how does the verifier actually work, what are its limits, and how has it changed since the early days of BPF?"

Demystifying the CNI by Writing One From Scratch - Learn how the CNI creates virtual ethernet interfaces and manages network settings

Hello eBPF: A Packet Logger in Pure Java using TC and XDP Hooks (13) - all in 150 lines of code

eBPF Insights into Real-Time SSL/TLS Traffic - With 0.2μs latency and 0.1% CPU load

Re-implementing my Linux Rust scheduler in eBPF - "prototyping new schedulers in user-space using Rust and then re-implementing them in BPF can be an effective workflow for designing new specialized schedulers"

Writing a system call tracer using eBPF - with all the code on Github

Writing eBPF RawTracepoint Program with Rust Aya - including argument handling and sharing tips for writing eBPF programs

A deep dive into CVE-2023-2163: How we found and fixed an eBPF Linux Kernel Vulnerability - Found thanks to fuzzing

Challenges and Strategies in eBPF Uprobe Development - "When it comes to eBPF development, the hardest part is moving forward from the code examples and tutorials you find on the web and designing something on your own" ?? same

evanrolfe/trayce_agent - "eBPF to monitor network requests between Docker containers and external hosts"

listendev/argus-releases - eBPF "runtime security tool capable of not only monitoring, but also enforcing application behavior"

dorkamotorka/ebpf-map-metrics - "eBPF Map Prometheus Exporter" with an intro blog post and part 2

aquasecurity/traceeshark - "Deep Linux runtime visibility meets Wireshark" with launch blog post

tzussman/kmodleak - "Track memory leaks for Linux kernel modules using eBPF"

brown-ssl/beebox - "Hardening BPF against Transient Execution Attacks"

??

?

The Ecosystem

Case Study: Seznam.cz - "Using Cilium as our complete networking solution has made things easier for all our users. It works very well and has saved us a lot of money"

Case Study: Kakao - "As an engineer, Cilium has lowered our costs for performance and networking"

eBPF Security Observability: Top Tetragon Use Cases (Part 1) - #3 will really shock you

Achieving PCI-DSS Compliance With Isovalent, Cilium, and Zero Trust - Case study from Schuberg Philis

Bypassing eBPF to Protect Runtimes in Kubernetes Apps - Great to see that eBPF is the trend in security that you now need to go against

Could eBPF Save Us From CrowdStrike-Style Disasters? - "in terms of risk reduction, eBPF is by far superior"

Introduction To Writing eBPF Programs for Linux Security - Zero to packet filtering

eBPF Foundation Member Spotlight: Isovalent - Many things happening at the Foundation this year. Hear why Isovalent is excited!

eBPF for Cloud Computing - Quick intro article with Cilium mention

Upwind Extends its CNAPP with Agentless Cloud Scanners - Seems every security vendor now uses eBPF

CrowdStrike: A Wake-Up Call for eBPF-Based Endpoint Security - "Unlike traditional kernel modules, eBPF operates in a safer manner"

How Kubernetes Changed the Networking Model and What Developers Should Know about eBPF and Cilium - "we see more and more operators using Cilium to its full potential, removing the need to install and manage other tools like proxies, ingress, or service meshes"

??

?

The How To

Integrating Dapr with Cilium: A Sidecar-Less Service Mesh Approach combined with a powerful distributed application runtime - Combining Cilium Service Mesh with Dapr Shared

Enhancing OKE Security with Cilium Network Policy - Protecting Oracle with Cilium

Setting Up Cilium Networking on EKS Without Default Add-Ons - Bring your own CNI to EKS

Sveltos Templating: Cilium Cluster Mesh in One Run - in a couple of minutes with GitOps

Talos Kubernetes on Proxmox using OpenTofu - Installing with Cilium

Setting up cilium cni plugin on a 2-node cluster on x86 using kind - disable the default CNI and get Cilium instead!

??

?

The Video

Understanding eBPF Cisco's Approach to Networking and Security | Snack Minute - Quick intro to eBPF and why Cisco is using it for Hypershield

??

?

The Events

Simplify Kubernetes operations with Cilium Ingress: Hands-On Workshop for Platform Operators - Virtual Workshop on August 22

Containers Days - Hear about Tetragon, Gateway API, and network policy September 3-4 in Hamburg

eBPF Summit - September 11th! Schedule coming next week

eBPF Vienna - Kernel Insights - September 20th before LPC hear from Daniel and Anton

Tetragon: Cloud Native Security Workshop with Copebit & AWS in Zurich - In-person event on September 17

Cilium + eBPF Day - See you in Salt Lake!

???

The Tweet of the Week