应用：微服务架构、多语言、多协议 挑战1：微服务、多语言、多协议环境下，端到端观测 复杂度上升，埋点成本居高不下 Kubernetes 容器 网络、操作系统、硬件 基础设施层复杂度日益增加 如何关联? 挑战3：数据散落，工具多， 缺少上下文，排查效率低下 业务应用 应用框架 容器虚拟化 系统调用 内核 应用性能监控（APM） Kubernetes监控 Kubernetes组件异常： Scheduler 新版控制台体验升级 • 提供多语言的无侵入的应用CPU热点查看 • 监控网络异常，如TCP Drop、TCP 重传 • 监控应用异常事件，如OOM 黄金三指标 调用链查询与分析 拓扑/上下游 网络大盘 容器监控 智能告警 持续剖析 接口监控 数据来源 Thank You, Every Gopher

Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain com/cilium/cilium/issues/15769]). If you experience Kubernetes service load-balancing issues, then set [https://minikube.sigs.k8s.io/docs/commands/config/] any other driver from the supported list [https://minikube --namespace $CILIUM_NAMESPACE \ --reuse-values \ --set hubble.listenAddress=":4244" \ --set hubble.relay.enabled=true \ --set hubble.ui.enabled=true On Cilium 1.9.1 and older, the Cilium

Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain kube-system \ --set global.nodeinit.enabled=true \ --set global.kubeProxyReplacement=partial \ --set global.hostServices.enabled=false \ --set global.externalIPs.enabled=true \ --set global.nodePort nodePort.enabled=true \ --set global.hostPort.enabled=true \ --set config.bpfMasquerade=false \ --set global.pullPolicy=IfNotPresent \ --set config.ipam=kubernetes Validate the Installation

Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain \ --set nodeinit.enabled=true \ --set nodeinit.reconfigureKubelet=true \ --set nodeinit.removeCbrBridge=true \ --set cni.binPath=/home/kubernetes/bin \ --set gke.enabled=true \ --set ipam.mode=kubernetes mode=kubernetes \ --set nativeRoutingCIDR=$NATIVE_CIDR The NodeInit DaemonSet is required to prepare the GKE nodes as nodes are added to the cluster. The NodeInit DaemonSet will perform the following

Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain implications. Install Cilium: Install Cilium into the AKS cluster: cilium install --version 1.11.20 --set azure.resourceGroup="${AZURE_RESOURC AKS (Azure IPAM) To install Cilium on Azure Kubernetes Service clusters. Install Cilium: Install Cilium into the AKS cluster: cilium install |CHART_VERSION| --set azure.resourceGroup="${AZURE_RESOURCE_GROUP}" EKS To install Cilium on Amazon Elastic Kubernetes

Automatically run unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain template hubble \ --namespace $CILIUM_NAMESPACE \ --set metrics.enabled="{dns,drop,tcp,flow,port- distribution,icmp,http}" \ --set ui.enabled=true \ > hubble.yaml Deploy Hubble: kubectl apply template hubble \ --namespace $CILIUM_NAMESPACE \ --set metrics.enabled="{dns,drop,tcp,flow,port- distribution,icmp,http}" \ --set ui.enabled=true \ > hubble.yaml Deploy Hubble: kubectl apply

or for environments which want to leverage the clustermesh functionality, a kvstore set up is required which can be set up using an Installation with external etcd or using the Installation with managed Running 0 75s Installation with managed etcd The standard Quick Installation guide will set up Cilium to use Kubernetes CRDs to store and propagate state between agents. Use of CRDs can impose etcd optimizes the propagation of state between agents. This guide explains the steps required to set up Cilium with a managed etcd where etcd is managed by an operator which maintains an etcd cluster

kubeadm/#pod-network]. Standard Installation This guides takes you through the steps required to set up Cilium on Kubernetes using the cilium-etcd-operator. The cilium-etcd-operator replaces the requirement more details. Installation with external etcd This guide walks you through the steps required to set up Cilium on Kubernetes using an external etcd. Use of an external etcd provides be�er performance with eksctl see the eksctl Documenta�on [h�ps://github.com/weaveworks/eksctl] for details on how to set creden�als, change region, VPC, cluster size, etc. eksctl create cluster You should see something

kernel or user applications. eBPF is a strictly-typed assembly language with a stable instruction set. eBPF programs can be loaded and upgraded in real time without the need to restart the kernel. System compilation step translates the generic bytecode of the program into the machine-specific instruction set to optimize execution speed. This makes eBPF programs run as efficiently as natively compiled kernel retrieve configuration options, and store state through eBPF maps to save and retrieve data in a wide set of data structures. These maps can be accessed from eBPF programs as well as from applications in

and don’t want to pay for it ● TCP and UDP is enough Solution: ● Make task use specified IP by a set of BPF_PROG_TYPE_CGROUP_SOCK_ADDR and BPF_CGROUP_SOCK_OPS programs Move TCP/UDP servers to task port, protocol, TCP flags ● Integrated with service discovery: can filter by service name (dynamic set of IP:port endpoints) Container firewall (twfw) Network faults injection: ● Same per-packet firewall