BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the applica�on code or container configura�on. Why Cilium? The development of modern datacenter individual containers ge�ng started or destroyed as the applica�on scales out / in to adapt to load changes and during rolling updates that are deployed as part of con�nuous delivery. This shi� toward highly As a precau�on, we will use Is�o’s service rou�ng feature to canary the v2 deployment to prevent breaking the end-to-end applica�on completely if it is faulty. Before deploying v2 , to prevent any traffic

BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. Why Cilium? The development of modern datacenter individual containers getting started or destroyed as the application scales out / in to adapt to load changes and during rolling updates that are deployed as part of continuous delivery. This shift toward highly a precaution, we will use Istio’s service routing feature to canary the v2 deployment to prevent breaking the end-to-end application completely if it is faulty. Before deploying v2, to prevent any traffic

Verifying Your Development Setup Requirements Vagrant Setup Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging tests Testing individual packages Running individual tests Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed

request merged Development Setup Requirements Vagrant Setup Local Development in Vagrant Box Making Changes Add/update a golang dependency Debugging Building Container Images Developer images Official release tests Testing individual packages Running individual tests Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. Why Cilium? The development of modern datacenter

Verifying Your Development Setup Requirements Vagrant Setup Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging tests Testing individual packages Running individual tests Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed

of Origin Development Setup Requirements Vagrant Setup Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging tests Testing individual packages Running individual tests Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed

of Origin Development Setup Requirements Vagrant Setup Local Development in Vagrant Box Making Changes Add/update a golang dependency Optional: Docker and IPv6 Debugging Building Container Images Developer tests Testing individual packages Running individual tests Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed

Attempt #1 - The Postmortem Iteration is key ● Built a tool to automatically reload falco on rule changes ● Rules: monitor well known IPs, binary names, forbidden k8s actions ● Action: Notify to slack

confinement mechanisms are difficult to use SELinux AppArmor TOMOYO ▶ Can we do any better? 2 / 7 eBPF Changes the Game eBPF enables: ▶ Fine-grained system introspection ▶ Integration of cross-layer state (kprobes