30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Beginner's Guide to eBPF Programming for Networking - Liz Rice, Isovalent
eBPF has been described as “Superpowers for Linux,” and recently we’ve seen an explosion of tools that use it to power networking, observability and security in the Cloud Native world. It's an exciting technology that enables running bespoke programs directly in the kernel. In this talk Liz uses live-coding examples to explore how eBPF programs are loaded and run in the kernel, and attached to a variety of networking-related events. You might have seen Liz give a similar talk before, with examples hooking into system calls. This updated version focuses networking examples, giving insight into how eBPF programs can inspect and manipulate packets to form the basis of sophisticated and high-performance networking tools.
A Beginner's Guide to eBPF Programming for Networking - Liz Rice, Isovalent
eBPF has been described as “Superpowers for Linux,” and recently we’ve seen an explosion of tools that use it to power networking, observability and security in the Cloud Native world. It's an exciting technology that enables running bespoke programs directly in the kernel. In this talk Liz uses live-coding examples to explore how eBPF programs are loaded and run in the kernel, and attached to a variety of networking-related events. You might have seen Liz give a similar talk before, with examples hooking into system calls. This updated version focuses networking examples, giving insight into how eBPF programs can inspect and manipulate packets to form the basis of sophisticated and high-performance networking tools.
- 1 participant
- 30 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Your Own Kubectl Trace on Steroids Using BPF Libraries in Go, Rust, Python and C - Kyle Quest, DockerSlim
You know the BPF fundamentals, you've tried "bpftrace" and you've used "kubectl trace" with your Kubernetes cluster. Now you want to build something more useful that goes beyond making "printf" calls and the basic data processing capabilities in "bpftrace". You are ready to build your tracing engine, but you are stuck. There are a lot of different libraries to choose from and you don't know what to use. This is a journey exploring different BPF libraries in Go, Rust, Python and C and exploring their capabilities.
You'll learn about the library ecosystem, how the libraries are different and which ones can be used to build system tracing applications using BFP tracepoints and other BPF program types useful for tracing and profiling. You'll also learn about the different options available in BFP and why you'd want to choose tracepoints instead of kprobes and vice versa.
We'll explore these languages and libraries:
Go - iovisor/gobpf, cilium/ebpf, dropbox/goebpf, libbpfgo
Python - bcc, pyebpf
Rust - libbpf-rs, redbpf, aya
C - libbpf, bcc
We'll also briefly explore what's available in other languages (lua, node.js and ruby).
The code samples will be available in Github, so you'll be able to experiment with the tracer app code in different languages and there'll be a "kubectl-tracex" that provides an alternative to "kubectl-trace" powered by a custom tracer engine from this talk.
Building Your Own Kubectl Trace on Steroids Using BPF Libraries in Go, Rust, Python and C - Kyle Quest, DockerSlim
You know the BPF fundamentals, you've tried "bpftrace" and you've used "kubectl trace" with your Kubernetes cluster. Now you want to build something more useful that goes beyond making "printf" calls and the basic data processing capabilities in "bpftrace". You are ready to build your tracing engine, but you are stuck. There are a lot of different libraries to choose from and you don't know what to use. This is a journey exploring different BPF libraries in Go, Rust, Python and C and exploring their capabilities.
You'll learn about the library ecosystem, how the libraries are different and which ones can be used to build system tracing applications using BFP tracepoints and other BPF program types useful for tracing and profiling. You'll also learn about the different options available in BFP and why you'd want to choose tracepoints instead of kprobes and vice versa.
We'll explore these languages and libraries:
Go - iovisor/gobpf, cilium/ebpf, dropbox/goebpf, libbpfgo
Python - bcc, pyebpf
Rust - libbpf-rs, redbpf, aya
C - libbpf, bcc
We'll also briefly explore what's available in other languages (lua, node.js and ruby).
The code samples will be available in Github, so you'll be able to experiment with the tracer app code in different languages and there'll be a "kubectl-tracex" that provides an alternative to "kubectl-trace" powered by a custom tracer engine from this talk.
- 1 participant
- 31 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNeBPF Day | Closing Perspectives - Duffie Cooley, Isovalent, Sarah Novotny & Andrew Randall, Microsoft
CNeBPF Day | Closing Perspectives - Duffie Cooley, Isovalent, Sarah Novotny & Andrew Randall, Microsoft
- 3 participants
- 20 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Debuggers and eBPF: Bringing Debugging to Production - Derek Parker, Red Hat
Your program isn't working... now what?! When it comes to diagnosing misbehaving software a debugger is an essential tool in your developer toolbox. A good debugger is a valuable resource in your development environment, but what about in production? Often times inspecting a program running in your production environment with a debugger is a nonstarter. The overhead incurred when spying on your program can be too much to make this a viable path towards fixing your software. The big question is, does it have to be this way? Can we do better? I think the answer is yes, and that is the focus of this talk. I will explain how to get the best of both worlds: a solid source-level debugger and low-overhead debugging and tracing. This hybrid approach opens up new possibilities for resolving problems in production environments and increasing telemetry and insight in your software while incurring negligible performance overhead. Attendees will walk away with not only a deeper understanding of debuggers and eBPF but also practical information that they can bring back to their development workflow. This talk will be approachable to newcomers while also providing deep technical insights geared towards more advanced engineers.
Debuggers and eBPF: Bringing Debugging to Production - Derek Parker, Red Hat
Your program isn't working... now what?! When it comes to diagnosing misbehaving software a debugger is an essential tool in your developer toolbox. A good debugger is a valuable resource in your development environment, but what about in production? Often times inspecting a program running in your production environment with a debugger is a nonstarter. The overhead incurred when spying on your program can be too much to make this a viable path towards fixing your software. The big question is, does it have to be this way? Can we do better? I think the answer is yes, and that is the focus of this talk. I will explain how to get the best of both worlds: a solid source-level debugger and low-overhead debugging and tracing. This hybrid approach opens up new possibilities for resolving problems in production environments and increasing telemetry and insight in your software while incurring negligible performance overhead. Attendees will walk away with not only a deeper understanding of debuggers and eBPF but also practical information that they can bring back to their development workflow. This talk will be approachable to newcomers while also providing deep technical insights geared towards more advanced engineers.
- 4 participants
- 24 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Extending systemd Security Features with eBPF - Mauricio Vásquez Bernal, Microsoft
systemd uses eBPF to implement certain functionality like IP filtering and accounting. These features have been traditionally implemented by writing the eBPF code directly in eBPF-assembly. It’s an efficient solution but makes their development and maintainability very difficult. Systemd recently got support for libbpf, which opens the door to adding new features much more easily. In this talk Mauricio will explain how two new security features were implemented in systemd using this new integration: RestrictFileSystems and RestrictNetworkInterfaces. RestrictFileSystems allows limiting the filesystem types that processes in a systemd service have access to and RestrictNetworkInterfaces allows limiting the network interfaces that processes in a systemd can use.
Extending systemd Security Features with eBPF - Mauricio Vásquez Bernal, Microsoft
systemd uses eBPF to implement certain functionality like IP filtering and accounting. These features have been traditionally implemented by writing the eBPF code directly in eBPF-assembly. It’s an efficient solution but makes their development and maintainability very difficult. Systemd recently got support for libbpf, which opens the door to adding new features much more easily. In this talk Mauricio will explain how two new security features were implemented in systemd using this new integration: RestrictFileSystems and RestrictNetworkInterfaces. RestrictFileSystems allows limiting the filesystem types that processes in a systemd service have access to and RestrictNetworkInterfaces allows limiting the network interfaces that processes in a systemd can use.
- 1 participant
- 21 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Generating seccomp policies with eBPF - Marga Manterola, Microsoft
Seccomp is one of the security mechanisms that can be used in Kubernetes to restrict the system calls that a process running inside a container can execute. In order to use it, the user must define a seccomp profile with the list of allowed system calls. In many cases it’s not very easy to understand what the system calls a process could require are, especially if the user deploying the application is not its developer.
In this lightning talk Marga will present the Seccomp Policy Advisor, an eBPF-based tool that captures all the syscalls that a pod executes to suggest a seccomp profile. Marga will present a demonstration of this tool and will cover its implementation briefly and shows how it integrates with the Kubernetes Security Profiles Operator.
Generating seccomp policies with eBPF - Marga Manterola, Microsoft
Seccomp is one of the security mechanisms that can be used in Kubernetes to restrict the system calls that a process running inside a container can execute. In order to use it, the user must define a seccomp profile with the list of allowed system calls. In many cases it’s not very easy to understand what the system calls a process could require are, especially if the user deploying the application is not its developer.
In this lightning talk Marga will present the Seccomp Policy Advisor, an eBPF-based tool that captures all the syscalls that a pod executes to suggest a seccomp profile. Marga will present a demonstration of this tool and will cover its implementation briefly and shows how it integrates with the Kubernetes Security Profiles Operator.
- 2 participants
- 10 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
LSM BPF Change Everything - Leonardo Di Donato, Elastic & KP Singh, Google
Much is being said on security recently. Almost as much was said about tracing the syscalls happening in the Linux Kernel with BPF. Aside from all the buzz, we need to appraise some gaps in the current narrative. We need to fill in the gaps in the actual syscall execution flow to avoid attackers using them. Here enters the game the general security hooks for Linux, namely LSMs, and their integration with BPF. LSMs via BPF will change everything. They're still relatively unexplored, so this talk aims at giving a pragmatic overview of LSMs via BPF. Join me to discover why I believe their integration with BPF is paramount in the security context and how to effectively use them.
LSM BPF Change Everything - Leonardo Di Donato, Elastic & KP Singh, Google
Much is being said on security recently. Almost as much was said about tracing the syscalls happening in the Linux Kernel with BPF. Aside from all the buzz, we need to appraise some gaps in the current narrative. We need to fill in the gaps in the actual syscall execution flow to avoid attackers using them. Here enters the game the general security hooks for Linux, namely LSMs, and their integration with BPF. LSMs via BPF will change everything. They're still relatively unexplored, so this talk aims at giving a pragmatic overview of LSMs via BPF. Join me to discover why I believe their integration with BPF is paramount in the security context and how to effectively use them.
- 2 participants
- 27 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Portable BPF with CO:RE - Grant Seltzer Richman, Aqua Security
eBPF is the future of Linux, and CO:RE is the future of eBPF. There are as many features of eBPF as there are challenges to using it, and one such challenge is distribution of your eBPF project. With so many different kernel versions out in the wild it seems like an impossible task to compile your eBPF program against all of them to ensure compatibility. By using CO:RE, a feature of libbpf, this gets quite a bit easier. In this presentation Grant will talk about one of the biggest challenges in eBPF development, portability and distribution. Grant will talk about how these challenges have prompted my team, which develops Tracee, to come up with creative solutions for cross-compilation. Grant will then show how CO:RE changes everything and talk about how you can get involved to drive the future of it!
Portable BPF with CO:RE - Grant Seltzer Richman, Aqua Security
eBPF is the future of Linux, and CO:RE is the future of eBPF. There are as many features of eBPF as there are challenges to using it, and one such challenge is distribution of your eBPF project. With so many different kernel versions out in the wild it seems like an impossible task to compile your eBPF program against all of them to ensure compatibility. By using CO:RE, a feature of libbpf, this gets quite a bit easier. In this presentation Grant will talk about one of the biggest challenges in eBPF development, portability and distribution. Grant will talk about how these challenges have prompted my team, which develops Tracee, to come up with creative solutions for cross-compilation. Grant will then show how CO:RE changes everything and talk about how you can get involved to drive the future of it!
- 1 participant
- 21 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Cross-Platform Future of eBPF- Dave Thaler, Microsoft
In this session, Dave Thaler, partner software architect at Microsoft and lead of the effort to bring eBPF support to Windows, discusses the opportunities and challenges in taking eBPF from a Linux-based technology to an industry-wide, cross-platform initiative.
The Cross-Platform Future of eBPF- Dave Thaler, Microsoft
In this session, Dave Thaler, partner software architect at Microsoft and lead of the effort to bring eBPF support to Windows, discusses the opportunities and challenges in taking eBPF from a Linux-based technology to an industry-wide, cross-platform initiative.
- 2 participants
- 27 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Think eBPF for Kernel Security Monitoring- Falco at Apple- Eric Sage & Melissa Kilby, Apple
In this talk, Apple infrastructure engineers talk about why they’re excited about eBPF, and how Apple is using eBPF to supercharge its security monitoring. Eric will highlight options for better eBPF introspection and benchmarking tools and Melissa invites you to the world of cyber security featuring a hands-on Falco capability demonstration for runtime security insights & detections. Join us to learn what possibilities exist to evolve eBPF and Falco.
Think eBPF for Kernel Security Monitoring- Falco at Apple- Eric Sage & Melissa Kilby, Apple
In this talk, Apple infrastructure engineers talk about why they’re excited about eBPF, and how Apple is using eBPF to supercharge its security monitoring. Eric will highlight options for better eBPF introspection and benchmarking tools and Melissa invites you to the world of cyber security featuring a hands-on Falco capability demonstration for runtime security insights & detections. Join us to learn what possibilities exist to evolve eBPF and Falco.
- 2 participants
- 20 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Using BPF Iterators to Gain Insight into Kubernetes - Alban Crequy, Microsoft
To gain insight into a Kubernetes cluster, one might inspect processes, sockets and network configurations. A lot of this information is available through the /proc filesystem; however, since Linux 5.8, a new BPF feature enables us to obtain it in a more efficient way: BPF iterators can iterate over processes, sockets and other objects and return the data without numerous round trips between the kernel and userspace. In this talk, Alban will demo how Inspektor Gadget displays processes running inside Kubernetes pods. He will give a basic explanation of how BPF iterators can be integrated with Kubernetes.
Using BPF Iterators to Gain Insight into Kubernetes - Alban Crequy, Microsoft
To gain insight into a Kubernetes cluster, one might inspect processes, sockets and network configurations. A lot of this information is available through the /proc filesystem; however, since Linux 5.8, a new BPF feature enables us to obtain it in a more efficient way: BPF iterators can iterate over processes, sockets and other objects and return the data without numerous round trips between the kernel and userspace. In this talk, Alban will demo how Inspektor Gadget displays processes running inside Kubernetes pods. He will give a basic explanation of how BPF iterators can be integrated with Kubernetes.
- 1 participant
- 19 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Welcome + Opening: Why Everyone is Excited about eBPF in Cloud Native in 2021 - Moderated By: Dan Papandrea, Sysdig; Loris Degioanni, Sysdig, Thomas Graf & Liz Rice, Isovalent; Sarah Novotny & Andrew Randall, Microsoft
Welcome + Opening: Why Everyone is Excited about eBPF in Cloud Native in 2021 - Moderated By: Dan Papandrea, Sysdig; Loris Degioanni, Sysdig, Thomas Graf & Liz Rice, Isovalent; Sarah Novotny & Andrew Randall, Microsoft
- 8 participants
- 25 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
eBPF & Cillium at Sky - Sebastian Duff & Anthony Comtois, Sky
eBPF & Cillium at Sky - Sebastian Duff & Anthony Comtois, Sky
- 2 participants
- 18 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
eBPF in Microservices Observability- Jaana Dogan, AWS
eBPF in Microservices Observability- Jaana Dogan, AWS
- 1 participant
- 17 minutes