Glossary Introduction to Cilium What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. Why Cilium? The development of modern datacenter applications shifted to a service-oriented architecture often referred to as microservices, wherein a large application is split into small independent services that communicate with each other via APIs using lightweight

Glossary Introduction to Cilium What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. Why Cilium? The development of modern datacenter applications shifted to a service-oriented architecture often referred to as microservices, wherein a large application is split into small independent services that communicate with each other via APIs using lightweight

Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services

Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services

Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services

Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services

Presenta�ons Podcasts Community blog posts Glossary Introduction to Cilium What is Cilium? Cilium is open source so�ware for transparently securing the network connec�vity between applica�on services deployed 5/examples/kubernet wget https://raw.githubusercontent.com/cilium/cilium/v1.5/examples/kubernet Open cilium-external-etcd.yaml and find the cilium-config ConfigMap and edit the endpoints: to include $ cd contrib/terraform/aws $ cp contrib/terraform/aws/terraform.tfvars.example terraform.tfvars` Open the file and change any defaults par�cularly, the number of master, etcd, and worker nodes. You can

system. eBPF is an event-driven architecture that runs specific programs when the kernel or an application passes a certain hook point. For example, kernel probes (kprobe) or user probes (uprobe) can be having to export samples. Attaching eBPF programs to trace points as well as kernel and user application probe points gives powerful introspection abilities for the kernel and user space applications Once at the space garage, Captain Tux found spare pieces, But they lacked instructions, and the model had changed. How would the bees make them fit into the engines? And then what about the quantic guidance

Co-Founder/CEO Pixie (@pixie_run) & Adjunct Professor of CS @ Stanford DEVELOPER PROBLEM You’re an application developer, and your program is misbehaving. ● No problem. You have logs! Right? ● Uh-oh, not fact *= float64(i) res += 1 / fact } return res } Let’s look at test application Use Case GET /e?iters={iterations} // computeE computes the approximation of e by running a program, re-compile and re-deploy. ○ This can be simple log statements, or ○ More comprehensive like Open tracing. Option 2: Debugger ○ GDB ○ Delve Option 3: Linux tracing utility ○ strace/ftrace ○

users:(("nc",pid=1289,fd=3)) $ nc -4 127.0.0.1 7777 hello⏎ hello ^D Netcat + /bin/cat Test it! Check open ports on VM external IP vm $ ip -4 addr show eth0 2: eth0: mtu $ nmap -sT -p 1-1000 192.168.122.221 … Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds scan first 1000 ports 7, 77, 777 conntrack routing decision mangle PREROUTING nat PREROUTING socket lookup socket receive buffer Application Protocol Network Driver XDP TC ingress alloc_skb Ring Buffer forward Wikipedia - Packet