Cloud Native Computing Foundation / Cloud Native eBPF Day NA 2022

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Securing CI/CD Systems Through eBPF - Alex Ilgayev, Cycode

The challenging nature of securing CI/CD pipelines, mainly because of inadequate security tooling and low observability of the underlying system, would make using the eBPF technology inevitable. This technical talk aims to demonstrate how eBPF can be used to secure CI/CD pipelines, whether they run on bare-metal, virtual machines, or ephemeral environments. By combining dedicated research, an innovative approach, and proper tooling, we can inject an eBPF-based implant into every build environment quickly and easily, to inspect, identify, and protect against malicious activity. We will demonstrate the following use-cases: - Visibility over the entire build process - created processes, contacted IP addresses/domains, modified files, traffic inspection, etc. - Ensure code and artifact integrity. - Denying build process tampering. - Maintain a tight network policy to prevent processes from exfiltrating sensitive secrets, such as tokens and environment variables. We will demonstrate how we can stop the deadliest software supply chain attacks while supporting all major CI/CD platforms, such as Github Actions, Jenkins, GitlabCI, and CircleCI.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Welcome + Opening Remarks - Liz Rice, Isovalent & Sarah Novotny, Microsoft

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: eBPF - Everything You Need to Know in 5 Minutes - Thomas Graf, CTO, Isovalent

eBPF has become the key technology for infrastructure software. This session tells you everything you need to know about eBPF in 5 minutes. Why eBPF matters and why it exists. What it can do. What it can’t do. Who uses it for what. And finally, what the future holds.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Tracing SSL/TLS Encrypted Microservices with eBPF - Dom Del Nano , Twitter

SSL/TLS adoption in the Cloud Native environments is growing rapidly. While great for security, the encryption in such environments pose a unique challenge for observability tools. Many traffic sniffing tools can only collect the encrypted data, which is of limited value to the application developer. Important attributes like the operation, the endpoint and the payload are undecipherable. To truly help in the troubleshooting process, application developers need to be able to see these messages and their contents. In this talk, we present how eBPF can be used to tracing SSL/TLS connections. The method we present is used by tools like BCC’s sslsniff and Pixie’s protocol tracer. Specifically, we cover how eBPF uprobes can be attached to popular SSL/TLS libraries, including OpenSSL, BoringSSL and goTLS. We show how eBPF enables us to collect clear text data directly from the TLS library, while discussing the challenges of tracing dynamically vs statically linked TLS libraries. Finally, we also present how this feature could help with improving application observability at some of the largest engineering organizations without disrupting their production environment.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Debug Your Clusters with eBPF-Powered Tools - Mauricio Vásquez Bernal, Microsoft

The intrinsic distributed architecture of applications running in Kubernetes makes them difficult to debug. When there is a problem, it is not clear where to start looking at or even which tools to use. Many of the traditional troubleshooting tools are designed to be used at the host and process level, i.e., they have to run on the same host where the application is running, and they usually only allow to filter by things like process PID or UID. In this presentation, we will introduce Inspektor Gadget. We’ll explain why this project was created and its goals. We’ll show the architecture and then we’ll make some demonstrations of how we can use it to debug issues with networking, storage and configuration of Kubernetes resources and applications.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Exposing the Revolution: GRPC Observability with eBPF on K8s - Ori Shussman, Groundcover

eBPF is becoming the go-to technology for K8s observability, pushed forward by projects like Pixie and Cilium, and expected to shed light on a lot of data left unseen today. gRPC, the most widely-used protocol to transfer data between containers, is difficult to monitor, when compared to more modern methods using eBPF. Join a journey through an eBPF solution that monitors the gRPC library used in python, C++, C#, PHP, & more. Gain understanding of why gRPC and other compressed or encrypted protocols are harder to monitor, and see how eBPF’s strengths can be utilized to trace these hard-to-reach cases. Talk is cheap - that’s why you’ll get the tools to try it out yourself — Experience a demo of this research and technology, which are now part of the Pixie CNCF project that recently started supporting these advanced monitoring methods. These methods will become important stepping stones on the way to reaching the ultimate goal of the monitoring world: full, yet effortless observability.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Extending Cilium with eBPF for Exposing HTTP/1 Golden Metrics - Aidan Carson, Solo.io

Metrics are table stakes for any modern service mesh, and because of the placement of proxies in a traditional sidecar-based topology, fairly straightforward to retrieve. However, as use cases evolve and the space matures, we have seen an evolution beyond that of traditional sidecar-based implementations. In this talk, Aidan will technically deep dive into the mechanisms through which we may retrieve the most valuable metrics — request count, response code, and latency (the so-called "golden metrics") — in a sidecarless environment with the help of eBPF. Aidan will discuss the hardships of implementing such a solution, and a few tips when operating at a higher protocol layer. All of these metrics will be exportable in Prometheus so that you may integrate a solution like this with toolchains in your existing infrastructure.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

OpenTelemetry or eBPF? That is the Question - Omid Azizi, New Relic (Pixie)

In the observability space, OpenTelemetry and eBPF are two technologies that have been rapidly changing the landscape. So which should you use? The OpenTelemetry project provides a rich set of tools with which teams can instrument their applications, enabling deep visibility into the application behavior. eBPF, on the other hand, has been powering instrumentation-less observability through other projects like the CNCF Pixie and Hubble projects. In this environment, users often wonder which approach they should turn to. In this session, we'll cover the strengths and weaknesses of both approaches, and show how both approaches have a role to play. We'll demonstrate how eBPF observability tools can be configured to export to OpenTelemetry collectors as automatic data sources. We'll then focus on the problem of tracing, and how request tracing works with eBPF and OpenTelemetry. In this process, we'll show how eBPF has the power to avoid some manual instrumentation; in contrast, we'll show how instrumentation is still required for true distributed tracing today. The session will wrap up with a perspective into the future of the two technologies, and what is on the horizon.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Opening the Black Box: Understanding and Troubleshooting Calico’s eBPF Data Plane - Tomas Hruby, Tigera

Troubleshooting Kubernetes issues is hard enough in a standard Linux environment using well-proven tools. It’s even harder with the novel and ever more popular eBPF data planes. Some of the standard tools like iptables-save or conntrack no longer help, as they were built for the legacy environment based on Linux network stack and iptables. However, eBPF bypasses large parts of the node’s host network namespace for better performance and scalability. In this session, Tomas will show how to inspect and troubleshoot the eBPF mode of Calico Open Source, one of the most widely adopted container networking and security solutions, to help users better understand the eBPF mode. This will give users the skills to dive in and diagnose issues in their Kubernetes deployments. It will also help the community to contribute code to the Calico Open Source project.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Panel Disucssion: Is There Actually a Byte Behind All the Buzz? eBPF in Production! - Frederic Lardinois, TechCrunch; Andrew Sauber, The New York Times; Daniel Bernier, Bell; Purvi Desai, Google & James McShane, SuperOrbital

eBPF is a revolutionary and very hyped technology which has led some people to ask if there actually is a byte behind all the buzz. This panel brings together end users of eBPF that are actually putting it into production to find out whether it is a painful sting or sweet honey for their infrastructure. The audience won’t learn about futuristic buzzwords. Instead, they will understand how eBPF is changing networking, observability, and security in production today.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Simplifying and Making the Network Programmable with Kubernetes and SRv6 - Daniel Bernier, Bell Canada & Louis De Los Santos, Isovalent

SRv6 is being rapidly deployed by some of the largest names in the networking industry because it has the potential to simplify existing enterprise, telco, and provider networks while also introducing the idea of “programming the network as a computer.” Networking teams are now looking for ways to bridge the gap between SRv6 and Kubernetes to treat containers as ordinary clients on their networks. This talk will discuss how Cilium and its eBPF data plane was extended to support telco networking requirements in a cloud native way by integrating SRv6 and Kubernetes. It will start with an overview of the SRv6 use cases and network architecture at Bell Canada. We will then demo how Cilum’s SRv6 integration can be utilized with BGP to build a multi-cluster L3VPN topology over native IPv6.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io​. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Who Needs an API Server to Debug a Kubernetes Cluster? - Jose Blanquicet, Microsoft

How would you debug your Kubernetes cluster if the API server goes down but you still have access to the nodes? You are probably thinking of using commands like ss/netstat, tcpdump or any of the BCC tools directly on the node, right? Well, the problem with all those options is that they do not have knowledge of Kubernetes, so you still have to map the PIDs to containers and then to pods. It could sound easy, but it is pretty tricky. So, if you want to focus on the actual issue and skip all this low-level stuff, this talk is for you!
In this talk, Jose will demonstrate how you can trace the container's events like the creation of new processes, access to files, network and disk activity, if you still have access to the node. To do that, he will use Local-Gadget, an eBPF-powered open-source project that provides a global view of all the containers running in a host and gives the possibility of running essential eBPF tools, or "gadgets", to debug your standalone container or your Kubernetes application without using the API Server. In addition, Jose will show how to take advantage of the framework already created by Local-Gadget from 3rd-party applications.