## The Tale of Smokey and the Crypto Bandits How Okteto uses Falco to keep users happy and our platform healthy eBPF Summit Ramiro Berrelleza ## Hey everyone! • Co-founder of Okteto ● Former architect com> Hi Ramiro, Open Source to the rescue! ## X Falco Attempt #1 - We were young and naive • Installed Falco in the clusters - Configured it with the default rules plus our own jpg) ## Attempt #1 - The Postmortem - The default falco rules are not well suited for a dev platform • The processing overhead is non-trivial - Falco's eBPF module + ContainerOS was not very performant

所有的例外情况（包括拒绝）均由 TOC 来处理。目前该阶段的项目有 Argo、Buildpacks、CloudEvents、CNI、Contour、Cortex、CRI-O、Dragonfly、Falco、gRPC、KubeEdge、Linkerd、NATS、Notary、Open Policy Agent、OpenTracing、Operator Framework、SPIFFE、SPIRE、Thanos 9|316|3041|236|489|549| |22|projectcontour/contour|Go|833.89|182|3608|437|684|2113| |23|falcosecurity/falco|C++|744.34|253|4132|229|276|425| |24|spiffe/spire|Go|568.48|73|1139|222|450|1697| |25|fluent/fluentd|Ruby|535

better level of control than traditional solutions. Projects using eBPF for security purposes include Falco, Tetragon, or Tracee. Alas! During the fight a thruster was damaged. Once at the space garage, Captain

## A Unified Proposal for Composable Hashing Document number: N3980 Howard E. Hinnant Vinnie Falco John Bytheway 2014-05-24 ## Types Don't Know # N. Josuttis: P0814R2: hash_combine() Again

type to use as the value for the Content-Type header on responses (default ‘application/json’). The falco module provides a number of constants for common media types, such as falcon.MEDIA_MSGPACK, falcon

type to use as the value for the Content-Type header on responses (default ‘application/json’). The falco module provides a number of constants for common media types, such as falcon.MEDIA_MSGPACK, falcon

type to use as the value for the Content-Type header on responses (default ‘application/json’). The falco module provides a number of constants for common media types, such as falcon.MEDIA_MSGPACK, falcon

type to use as the value for the Content-Type header on responses (default ‘application/json’). The falco module provides a number of constants for common media types, such as falcon.MEDIA_MSGPACK, falcon

在网络编排领域，表现尤为亮眼，逐步代替 iptables 等产品，大有一统江山的趋势。而在监控、观测等领域也有很多产品。尤其是运行时安全（Runtime Security）领域，Datadog、Falco、Google 等公司也都推出了相应的产品。感兴趣的同学，可以参考相关产品源码分析（Cilium eBPF 实现机制源码分析、Datadog 的 eBPF 安全检测机制分析）的分享。 我们回顾一下 的开发者也写了一篇文章，讲解不同场景的处理方案 bpF-core-reference-guide。 ## 大型项目 在国外，云原生领域产品发展较快，涌现出一批批基于 eBPF 的产品，包括 Cilium、Datadog、Falco、Katran 等，应用在网络编排、网络防火墙、跟踪定位、运行时安全等各个领域，可以借鉴这些大型项目的研发经验，来加快产品建设，包括多系统兼容、框架设计、项目质量、监控体系建设等。本篇以检测防御为