using a key-value store. Secure access to and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services under multi-queue NICs compared to traditional approaches such as HTB (Hierarchy Token Bucket) or TBF (Token Bucket Filter) as used in the bandwidth CNI plugin, for example. Monitoring and Troubleshooting Event monitoring with metadata: When a packet is dropped, the tool doesn’t just report the source and destination IP of the packet, the tool provides the full label information of both the sender and receiver

using a key-value store. Secure access to and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services Event monitoring with metadata: When a packet is dropped, the tool doesn’t just report the source and destination IP of the packet, the tool provides the full label information of both the sender and receiver the creation of a dedicated S3 bucket in order to store the state and representation of the cluster. You will need to change the bucket name and provide your unique bucket name (for example a reverse of

using a key-value store. Secure access to and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services under multi-queue NICs compared to traditional approaches such as HTB (Hierarchy Token Bucket) or TBF (Token Bucket Filter) as used in the bandwidth CNI plugin, for example. Monitoring and Troubleshooting Event monitoring with metadata: When a packet is dropped, the tool doesn’t just report the source and destination IP of the packet, the tool provides the full label information of both the sender and receiver

using a key-value store. Secure access to and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services under multi-queue NICs compared to traditional approaches such as HTB (Hierarchy Token Bucket) or TBF (Token Bucket Filter) as used in the bandwidth CNI plugin, for example. Monitoring and Troubleshooting Event monitoring with metadata: When a packet is dropped, the tool doesn’t just report the source and destination IP of the packet, the tool provides the full label information of both the sender and receiver

using a key-value store. Secure access to and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services Event monitoring with metadata: When a packet is dropped, the tool doesn’t just report the source and des�na�on IP of the packet, the tool provides the full label informa�on of both the sender and receiver the crea�on of a dedicated S3 bucket in order to store the state and representa�on of the cluster. You will need to change the bucket name and provide your unique bucket name (for example a reverse of

using a key-value store. Secure access to and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services Event monitoring with metadata: When a packet is dropped, the tool doesn’t just report the source and destination IP of the packet, the tool provides the full label information of both the sender and receiver the creation of a dedicated S3 bucket in order to store the state and representation of the cluster. You will need to change the bucket name and provide your unique bucket name (for example a reverse of

using a key-value store. Secure access to and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services Event monitoring with metadata: When a packet is dropped, the tool doesn’t just report the source and destination IP of the packet, the tool provides the full label information of both the sender and receiver the creation of a dedicated S3 bucket in order to store the state and representation of the cluster. You will need to change the bucket name and provide your unique bucket name (for example a reverse of

https://blog.cloudflare.com/its-crowded-in-here/ ● Proof-of-concept tool for configuring BPF socket dispatch https://github.com/majek/inet-tool/ ● “Programmable socket lookup with BPF” presentation at Linux

+ ContainerOS was not very performant Attempt #1 - The Postmortem Iteration is key ● Built a tool to automatically reload falco on rule changes ● Rules: monitor well known IPs, binary names,

multi-kernel VM tests (qemu) ● Resource usage (CPU cycles, memlock) monitored across the fleet by bpf_tax tool → ● Alerts on program load and attach failures [0] https://github.com/libbpf/libbpf