►
From YouTube: eCHO episode 1: Introduction to Cilium
Description
A new regular livestream covering all things related to eBPF and Cilium. For this first episode our main topic is an introduction to Cilium, presented by Isovalent's Thomas Graf & Liz Rice.
0:23 Welcome
6:45 What is Cilium
12:48 Installing Cilium with the Cilium CLI
20:00 Cilium network connectivity test
23:47 Installing Hubble with the Cilium CLI
Show notes: https://github.com/isovalent/eCHO/tree/main/episodes/001
Find more info at https://github.com/isovalent/eCHO
A
All
right,
I
think
we
are
live
so
welcome
everyone
to
this.
First
edition
of
the
evpf
and
psyllium
office
hours
live
stream
stream,
also
known
as
echo.
My
name
is
liz
rice.
I
recently
joined
eye
surveillance
and,
although
I've
been
a
fan
of
evpf
and
psyllium,
for
you
know
quite
a
while
now
I
have
a
ton
to
learn.
So
the
idea
of
this
live
stream
is
to
share
some
of
that
journey
with
you.
A
We're
hoping
it's
going
to
be
a
really
similar
vibe
to
that
that
it'll
be
interactive,
it'll
be
interesting,
hopefully
fun.
We
really
wanna.
You
know,
see
your
questions
answer
your
questions,
hear
your
thoughts
as
well,
so
do
get
involved
in
the
youtube
chat.
We
are
you
know
just
a
few
seconds
ahead
of
you.
There's
a
little
delay.
Bear
that
in
mind
when
you're
waiting
for
us
to
answer
a
question.
A
So
let
me
just
start
by
saying
hi
to
everyone
who's
already
joined.
I
see
a
few
people
grant
hi
michael
hi,
mourinho
hi,
there's
a
name
that
looks
like
it's
in
chinese.
So
I'm
very
sorry,
I
don't
read
chinese
and
I
don't
know
how
to
pronounce
your
name,
but
thanks
for
joining
us
today.
A
Yes,
so
really
great
to
have
you
all
here
and
let
us
know
you
know
what
we
can
help
you
with
as
we
go
along
below
this
video
in
the
description,
you
should
find
a
link
to
our
echo
repo
on
github
we're
going
to
keep
all
the
show
notes
in
that
repo
we'll
have
links
and
references
to
everything
we
talk
about
in
that
repo,
and
we
would
also
love
to
hear
your
ideas
for
future
episodes,
so
just
go
ahead
and
raise
an
issue
in
that
repo,
if
you'd
like
to,
if
you've,
got
an
idea
that
you'd
like
us
to
cover
all
right.
A
So
speaking
of
that
of
that
repo,
this
is
hopefully
you
can
see
my
screen,
and
you
can
see
that
repo
here
on
github.
So
if
you
go
there,
you'll
find
things
like
the
episode,
calendar
and
yeah.
This
is
where
we
want
you
to
raise
issues
and
tell
us
your
ideas
for
future
episodes
all
right,
so
we
thought
we
would
start
with
some
headlines
some
news
of
things
that
have
been
happening
in
the
world
of
ebpf
and
cilia.
A
So
the
first
news,
really
big
news
for
the
psyllium
project,
is
that
it's
now
been
proposed
to
the
cncf
as
an
incubation
project.
So
this
is
a
really
major
step
for
the
project.
The
application
is,
as
you
can
see,
in
the
form
of
a
pull
request
to
the
cncf
toc
and
check
out
that
pr.
If
you
want
to
read
more
about
the
background
to
why
we've
chosen
to
do
this,
and
why
we've
we
believe
that
cncf
is
the
best
foundation
for
for
psyllium.
A
Next
item
of
news
is
that
the
call
for
proposals
is
open
for
the
linux
plumbers
conference
in
2021.
If
you
come
down
here,
you
can
see
there
is
a
networking
and
bpf
specific
track.
A
So
if
you
have
ideas
for
a
talk,
you'd
like
to
give
at
that
conference
that
cfp
is
open,
it
doesn't
say
when
submissions
close.
So
I
guess
that's
gonna,
be
a
surprise
and
the
last
headline
that
we
wanted
to
share
with
you
is
I'm
guessing
that
a
lot
of
you
already
know
this,
but
kubernetes
121
has
been
released
last
week
and
in
particular
of
interest
to
networking.
Folks
is
the
dual
stack,
ib,
ipv4
and
ipv6
support,
which
is
now
it's
moved
to
beta,
and
it's
now
enabled
by
default.
A
We
also
thought
it
would
be
nice
to
mention
some
blog
posts
that
we've
seen
from
around
the
world
of
ebpf
and
and
zillion.
So
I've
got
a
couple
here
that
I
wanted
to
share.
It's
great.
That
grant
is
on
this
on
the
chat,
because
this
is
a
post
from
grant
seltzer.
This
is
a
pretty
good
post.
If
you're
relatively
new,
to
ebpf,
give
you
a
description
about
what
vm
linux
header
file
is
there
for,
and
one
for
perhaps
more
advanced
evpf
experts.
A
Here's
a
nice
post
by
paul
shenyon
about
the
performance
impact
of
tail
calls
in
bpf,
so
check
those
out.
The
links
for
those
posts
are
going
to
be
in
the
show
notes,
and
I
can
just
see
quentin
telling
us
that
the
cfp
for
the
linux
plumbers
conference
is
going
to
close
on
the
13th
of
august.
So
you've
got
plenty
of
time
to
get
your
ideas
in
just
having
a
look
at
the
chat
hi
to
a
few
more
people,
who've
joined
and
yes,
the
oracle
psyllium
thing
was
indeed
an
april
fool's
joke.
A
So
if
you
saw
that,
I
hope
it
gave
you
a
laugh,
it
was
definitely
came
from
our
imaginations.
It
was
not
a
real
thing
at
all
all
right.
So,
given
that
this
is
the
first
episode
of
echo
of
our
ebpf
and
psyllium
office
hours,
it
seemed
like
a
really
good
idea
for
us
to
talk
about
what
psyllium
is
so
an
introduction
to
psyllium,
and
I
can't
really
think
of
anyone
better
to
talk
about
that
than
my
friend
and
colleague,
thomas
gruff.
A
So,
thank
you
for
joining
us
on
our
first
ever
episode
of
echo
and
yeah
how
about
start
at
the
beginning?
What's
your
like
two
sentence,
description
of
what
psyllium
is.
B
Awesome
yeah,
first
of
all,
I'm
really
excited
about
this.
I
think
lots
of
people
have
been
asking
us.
Please
do
something
like
tgik
for
ebpf
and
sullivan
and
we've
finally
started
this.
I'm
super
excited
regarding
solium.
I
think
psyllium
is
simply
the
next
generation
networking
and
security
for
cloud
native
based
on
this
super
cool
foundation,
founding
technology
like
ebpf,
I
think,
if,
if
two
sentences
all
I
have,
this
is
what
I
would
describe
it
as.
B
Yeah,
I
think
the
the
the
real
excitement
it
was
coming
from
typical
cleaners,
kernel
developers.
So
my
background
is
loans,
criminal
development.
So
when
I
saw
evp
it
was
incredibly
exciting,
but
it
was
not
quite
obvious.
Why
not?
Everybody
else
was
seeing
the
excitement
as
well,
and
I
think
the
reason
for
that
is
because
the
struggle
around
linux
kernel
development
is
not
quite
obvious
to
everybody.
So
if
you
are
a
linux
kernel
developer
or
if
you
want
to
change
something
in
the
linux
kernel,
it's
it's
hard
and
it
takes
a
lot
of
time.
B
Like
first
of
all
proposing
the
change
itself
is
hard.
Then
you
need
to
fight
weeks
or
months
to
actually
get
that
change
in.
We
need
to
convince
a
lot
of
people,
and
then
it
takes
years
for
these
new
kernel
versions
to
actually
get
into
the
hands
of
users,
and
this
made
it
almost
impossible
to
innovate
in
the
kernel
space
because
you
had
to
almost
have
like
a
magic
ball
right
and
kind
of
predict.
B
The
future,
because,
whatever
you
would
write
at
one
given
point
in
time,
would
only
become
available
to
users
five
to
eight
years
later.
On-
and
this
made
it
kind
of
that
led
to
this
situation,
where
tooling,
around
kubernetes
containers
docker
all
used
kernel
technology
that
was
written
10
years
before
that
or
15
years
before.
That
and
ebp
have
changed
that
fundamentally,
with
ebpf
all
of
a
sudden,
we
can
dynamically
extend
the
kernel
in
a
safe
and
efficient
way
and
all
of
a
sudden,
the
linux
kernel.
B
What
I've
grown
up
with
is
the
central
place
for
innovation
again,
and
we
can
leverage
the
strategic
point
of
the
linux
kernel
where
we
can
see
everything
we
can
do
everything
we
can
take
control
over
thing.
We
can
do
everything
at
very
low
overhead,
but
we
can
still
innovate
and
we
can
kind
of
learn
and
take
care
of
cloud
native
or
emerging
cloud
native
use
cases.
For
example,
that's
what
that's
why
the
excitement
is
there.
A
I
think
one
of
the
things
that's
really
powerful
when
I
first
came
across
ebpf,
which
was
probably
your
talk
at
dockercon
several
years
ago,
when
you
see
there's
that
diagram
of
all
of
the
different
tools
that
had
already
been
written
using
ebpf
to
observe
all
these
different
events,
all
these
different
types
of
activity
that
happen
in
the
kernel-
and
you
know
realizing
that
you
can
use
ebpf
to
see
absolutely
everything-
that's
happening
across
the
system.
A
So
no
longer
are
you
sort
of
constrained
to
seeing
you
know
just
what's
inside
your
container,
you
have
this
incredible
ability
to
hook
into
literally
anything
and
that
that's
really
why
I
think
ebpf
is
so
such
an
exciting
place
to
kind
of
innovate
all
right.
So
there
was
a
question
from
mourinho
asking
if
there
are
real
world
examples
where
ebpf
is
used,
so
I
think
maybe
psyllium
would
be
a
great
example
to
talk
about.
B
Absolutely,
but
I
think,
even
even
you
are
probably
using
ebpf
on
a
daily
basis
and
you
may
not
even
notice
it,
for
example,
if
you're
using
an
android
phone
all
of
the
traffic
management
and
the
traffic
accounting,
so
how
much
traffic
a
certain
app
is
using
it's
done
using
ebpf
if
you're
using
facebook,
entire
network
layout
facebook,
including
the
ddos
protection,
firewall
and
load
balancing
done
with
ebpf,
look
at
what
google
is
doing
with
ebpf.
Several
talks
have
been
done
at
ebpf
summit
last
year.
B
You
can
see
wide
application
of
ebpf
across
the
industry,
but
it's
an
incredibly
low
level
technology,
which
means
that
you
typically
need
like
a
like
a
project
above
or
something
that
abstracts
it
away
to
actually
make
it
useful
and
consumable.
That's
why
you
typically
not
directly
interface
with
ebpf,
so
it's
not
always
visible,
but
you're,
probably
using
it
in
some
way
or
form
on
a
daily
basis.
B
Anything
yeah,
I
think,
that's
another
great
example.
This
is
referring
to
classic
bpf,
so
we
are
talking
about
ebpf.
Now
the
extended
version
tcp
dump
is
using
bpf
as
the
original
berkley
package
filter.
It's
kind
of
the
small
subset
of
what
edpf
has
become
today,
but
it's
essentially
the
same
the
same
route.
So
if
you
do
a
filtering
tcp
dump
that
gets
translated
into
into
bpf
and
it's
the
filter
that
defines
what
tcp,
tcp
dump
actually
displace.
A
All
right
so
michael's
saying:
can
we
increase
thomas's
microphone,
I'm
going
to
try
and
do.
A
Hopefully
tell
me
if
this
is:
if
this
is
improving
things,
michael,
okay,
right
enough
talk,
I
think
we
should
see
something
happening.
So
can
you
show
us
psyllium
in.
B
Yeah,
I
think
that
exactly
let's
do
that
because
I
think
will
find
many
talks
about
psyllium
online
already,
but
I
think,
what's
really
useful,
is
to
actually
get
a
bit
hands-on
to
see
where
ebpf
actually
gets
involved.
So
let
me
just
start
my
screen
and
we'll
actually
just
start
from
from
very
scratch.
So
I
have
a
very
basic
kubernetes
cluster
here.
You
see
it's
a
3-0
gke
cluster.
There
is
nothing
installed
on
this
right
now
and
we'll
just
simply
start
by
installing
solium.
B
This
is
kind
of
the
quick,
quick
way
of
getting
still
install.
This
is
a
cli
that
you
can
install
into
your
machine
and
then
you
can
simply
deploy
it
will
now
deploy
a
daemon
set.
It
will
deploy
an
operator,
so
this
will
run
an
agent.
The
silly
mentioned
on
all
of
your
nodes.
This
is
now
deployed
we're
now
waiting
for
the
agent
to
come
up.
You
can
see
that
a
couple
of
other
resources
have
been
created.
Like
the
cluster
role,
the
service
account
config
map.
B
We
created
a
couple
of
secrets
for
hubble,
we'll
get
into
hubble.
This
is
our
observability
layer.
You
also
see
that
it
detected
the
mode
of
kubernetes
here.
This
is
gken
s1
and
it
automatically
detected
the
the
best
data
path
and
ipam
mode
as
well.
We
also
detected
the
gk
native
route
insider
and
now
sodium
is
up.
So,
let's,
let's
see
if
that
is
really
the
case,
so
we
can
run
the
psyllium
status
command.
B
This
should
just
this
should
show
us
like
the
overall
status
of
the
entire
cluster.
We
can
see.
Yeah
psyllium
is
up.
We
can
see
that
we
have
three
cilium
agents
up
and
running
and
we
have
one
cilium
operator
deployment
they're
all
available
and
we
see
the
image
versions.
This
looks
neat
here.
If
something
was
off,
you
would
see
lots
of
lots
of
errors
here.
So
this
is
your
kind
of
first
point
to
to
to
check
how
how
selenium
is
doing.
B
This
is
very
new.
This
is
actually
brand
new
we're
releasing
this
for
the
first
time
in
cilium
1.10,
which
will
go
out
in
the
next
couple
of
weeks,
so
that's
kind
of
a
new
cli
that
will
help
you
manage
and
operate
psyllium,
and
it
gives
you
this
cluster
wide
or
in
a
multi-cluster
mode,
even
a
cross-cluster
view
on
control
over
over
everything.
In
the
end,
it's
just
interacting
with
the
the
kubernetes
api
server,
so
you
can
do
everything
using
cube
control
as
well
and.
A
B
B
So
I've
listed
the
the
the
parts
in
the
though
this
is
my
shortcut
for
cube
for
the
cube
system
name
space.
So
these
are
the
parts
and
cube
system.
You
have
a
couple
of
psyllium
parts
running
here
and
before
we
dive
one
step
further,
I'm
gonna
run
a
psyllium
connectivity
test,
because
this
will
deploy
a
couple
of
parts
into
my
cluster.
B
This
will
deploy
a
psyllium
test
namespace
and
it
will
deploy
a
couple
of
cops
and
a
couple
of
parts
and
then
actually
run
a
connectivity
test
if
you
deploy
psyllium
for
the
first
time,
it's
actually
great
to
run
this.
It's
almost
like
running
a
conformance
test,
so
you
will
see
immediately
whether
everything
is
operating
as
it
should.
This
is
looking
all
pretty
green.
So
that's
good
and
yeah.
B
We
have
nine
out
of
nine
tests
succeeding,
so
we
now
have
a
psyllium
test
namespace
and
in
there
we
should
see
a
couple
of
parts
running
great
right.
So
we
have
a
client
and
we
have
like
two
echo
parts
and
we
also
have
a
service.
B
B
You
didn't
see
anything
ebpf,
so
let's
dive
one
layer,
deep,
deeper
and
actually
look
at
where
that
evpf
stuff
gets
involved
because
so
far
you've
only
seen
cilia.
So
let
me
list
the
parts
again
and
then
we're
gonna
accept
and
run
a
bash
in
one
of
the
the
psyllium
parts
or
some
one
of
the.
So
yes,
one
of
the
certain
parts.
Let's
take
this
one
and
I'm
going
to
run
a
bash
in
here
all
right,
we're
now
on
the
ins
inside
of
the
cilium
pod
and
we
have
a
a
psyllium
cli
here
again.
B
B
If
you
look
at
this
silly
api,
there's
actually
a
bpf
command,
so
we
can
go
and
look
what
this
vpf
command
can
do.
So,
let's
explore
that
so
there's
a
couple
of
things
that
this
bpf
command
can
do.
It
can
do
like
the
bandwidth
manager.
You
can
look,
we
can
look
at
the
connection
tracking
table.
We
can
look
at
the
mpom
table.
So
maybe
let's
look
at
that
interesting.
So
this
is
now
showing
us
the
so-called
ebpf
map.
So
what
is
an
ebpf
map?
B
An
ebpf
map
is
a
data
structure
of
ebpf
where
we
can
store
data
or
state.
In
this
case
this
is
a
hash
table
and
it
contains
all
the
local
containers
running
on
this
machine.
So
these
are
the
containers
or
the
parts
that
are
running.
We
can
see
their
ip
address
and
we
see
a
couple
of
flags
and
and
and
and
other
things.
So
this
is
part
of
their
configuration.
B
How
the
how,
apart
in
the
cuban
space,
actually
maps
to
something
that
now
lives
in
the
linux
kernel
space
as
part
of
an
ebpf
map.
B
Other
things
we're
seeing
in
there.
Yes,
let's
look
at
that,
so
this
was
let's
look
that
again
and
see,
for
example,
this
ip
86.
B
B
The
echo
same
note,
this
is
this
part,
is
actually
in
the
end
right
running
on.
This
note
is,
in
the
end,
this
this
endpoint
with
this
endpoint
id.
B
So
psyllium
is
not
kubernetes
specific.
Obviously
most
of
you
will
use
sodium
in
a
kubernetes
setting,
but
selim
is
actually
written
in
a
general
purpose
way.
So
cilium
can
manage
other
things
as
end
points
as
well
like
the
most
typical
example
would
be
a
kubernetes
part,
but
it
could
also
be
an
entire
virtual
machine
or
it
could
also
be
a
linux
c
group
or
it
could
be
just
a
namespace
or
something
else.
So
indian
psyllium
can
manage
anything
that
can
be
represented
as
either
a
c
group
or
a
network
device.
B
A
B
Exactly
so,
we
can,
let's,
actually,
let's
run
it
again
and
look
at
the
actual
test
that
it
will
run
connectivity
test.
I
think
I
spelled
it
correctly
this
time,
so
it
will.
It
will
test
part
to
part.
It
will
test
part
two
part
across
nodes.
It
will
test
part
service
part.
It
will
test
pod,
note
port
pod.
It
will
test
with
policy
without
policy.
It
will
test.
You
can
see.
There
is
a
test
to
google.com
where
it
actually
tests
connectivity
to
outside
of
the
cluster,
so
it
will
test
masquerading.
B
It
will
test
node
to
part
part
to
node.
All
of
these
combinations
are
tested.
This
is
completely
new
as
well
with
1.10.
This
is
our
new
conformance
test.
We're
contin
continuously
extending
this
now,
and
it
basically
allows
you
to
run
this
conformance
test
anywhere
where
you
want
so
after
the
installation.
You
simply
run
this
test.
This
conformance
test
one
command,
and
you
know
immediately
whether
you
are
conformed
or
you're
conforming
and
whether
you
have
a
functioning
network.
B
You
can
obviously
also
just
run
this
any
times
or,
if
you
have
issues
of
some
sort
like
great
way
to
just
run
the
connectivity
test
and
see
if
something
is
wrong
with
cilia,
because
it
will
obviously
test
a
lot
of
the
functionality
of
psyllium.
This
is
also
what
we're
using
in
our
ci
internally
now
to
to
test
a
lot
of
validation
so
quite
similar
to
the
end-to-end
testing
kubernetes,
but
it
runs
a
lot
faster.
You
can
literally
run
this
in
a
couple
of
seconds.
Basically.
B
Yes,
absolutely
all
right.
The
next
thing
I
want
to
demonstrate
is
hubble,
which
is
the
observability
layer
that
actually
no,
let's,
let's
actually
look
at
the
service.
Now
I
think
that's
one
other,
I
think
very
neat
way
how
kubernetes
high
level
intent
maps
into
psyllium
and
then
ebpf.
B
So
obviously
I
think
here
we
saw
we
had
two
services,
so
let's
do
the
service
again
in
the
in
the
salem
test
name.
So
we
have
two
services
and
we
can
see
that
these
have
claustra
ips
and
there's
also
node
ports
assigned
on
the
psyllium
side.
We
can
do
psyllium
service
list,
and
this
gives
us
all
of
the
services
that
selim
implements
it's
more
than
two,
because
we
have,
for
example,
like
core
dns
or
cube
dns.
B
B
So
this
already
gives
you
a
system,
shows
you
how
you
can
map
cuban
edit
services
to
the
cilium
services,
and
now
we
can
go
one
level
deeper
and
actually
look
at
the
low
balancing
layer.
The
kernel
view
of
this-
and
this
is
now
what's
stored
in
the
kernel-
and
you
will
find
this
pattern
across
everything
that
selim
is
doing.
You
will
find
the
kubernetes
high
level
view.
B
Then
you
will
find
the
the
psyllium
insta
the
silly
memory
view
and
then
the
bpf
map
view,
so
you
can
always
validate
exactly
what
is
programmed
in
the
ebpf
data
path.
If
you
compare
this
to
something
like
ip
tables
or
other
implementations,
where
you're
looking
at
hundreds
or
even
thousands
or
ten
thousands
of
rules,
this
gives
you
a
very
neat
and
structured
way
to
validate
what
exactly
is
programmed
into
into
the
data
path.
A
B
Enabling
hubble
is
incredibly
easy
these
days,
so
we
can
use
the
new
cli
and
basically
just
run
psyllium
hubble
enable-
and
this
will
do
a
couple
of
things.
It
will
first
of
all
enable
the
hubble
feature
in
psyllium.
It
will
generate
certificates
for
relay
and
we'll
talk
about
relay
in
a
second,
and
then
it
will
deploy
relay
and
hubble
and
everything
so
yes,
this
is.
This
is
now
done.
Let's
see
and
wait
until
psyllium
comes
back
up
because
it
reconfigured
to
limit
how
to
restart
it.
B
So
cylinder
is
probably
still
restarting
yeah,
so
one
out
of
one
is
still
on
unavailable.
The
relay
pod
is
still
pending,
so
let's
see
it
should
be
coming
up
in
a
couple
of
seconds.
Let's
run
it
again
so
this
this
shows
you
how
you
can
use
the
sit-to-status
command
to
see
operational.
Almost
good
one
is
still
unavailable,
so
all
coming
out
back
up.
B
All
right
so
we're
good
to
go
so
now
we
have
you
see,
there's
a
hubble
okay
here
now
hubble
is
running
relay
is
deployed.
Everything
is
good
to
go,
so
we
can
look
at
the
psyllium
hubble
command
and
we
can
find
something
pretty
cool
here
like
there's
a
port
forward
command.
There
is
a
ui
command.
Let's
do
the
port
forward.
First
with
portfolio.
We
can
now
create
a
local
port
redirect
from
my
machine
here
to
the
relay
service
in
the
kubernetes
cluster,
and
this
relay
service
is
basically
a
distributed.
Tcp
dump.
B
So
it's
an
api
that
gives
you
flow,
trace
and
capability
for
the
entire
clusters.
Even
if
you
would
be
running
hundreds
of
thousands
of
nodes,
you
could.
We
can
now
query
this
entire
cluster
from
the
network
visibility
side.
So
I'll
switch
over
to
my
other
window
and
I'm
going
to
run
hubble
observe.
B
B
B
There
we
go
that's
easier.
I
hope
my
screen
is
still
visible.
Can
we
get
a
confirmation
if
this
is
cool,
so
you
we
basically
see
that
like?
We
can
now
see
everything
on
the
network
across
the
entire
cluster,
so
this
is
all
of
the
connectivity,
so
I
could
go
in
and
actually
let's
look.
I
only
want
to
see
connectivity
for
my
for
my
cube
dns
part.
B
So
this
is
the
connectivity
of
all
of
the
network
flows
from
this
kubernetes
dns
part
this
specific
part,
and
I
can
now
go
in
and
debug
everything
silly
and
hubble
gives
you
like
a
a
free
in-memory
store
covering
the
last
couple
of
minutes.
So
for
troubleshooting,
absolutely
awesome.
If
you
want
more
than
that,
you
can
bump
that
window
or
you
can
also
start
storing
these
flows
right,
you
can
see.
The
screen
is
visible.
That's
cool!
This
works
for
everything.
B
This
works
for
four
water
flows,
for
drop
flows
for
everything,
and
all
of
this
is
done
by
ebpf,
so
kind
of
a
tcp
down
to
2.0
almost
where
we
can
get
to
the
same
type
of
visibility,
but
like
cluster
wide
and
obviously
with
all
of
the
the
kubernetes
metadata
as
well.
B
A
Balancers-
and
I
think
maybe
it's
it's-
the
same
question
in
a
slightly
different
form,
so
mourinho
said:
does
psyllium
provide
the
type
load
balancer
service
in
kubernetes.
B
Great
question:
yes,
it
does.
We
can
do
a
low
balancer
and
in
1.10
we
actually
for
the
first
time,
feature
bgp
service
ip
announcement
as
well.
So
previously
we
could
provide
node
port,
natively
or
local
answer,
but
then
you
would
still
need
to
run
with
something
like
metal
lb
to
announce
the
kubernetes
service
ip
to
the
outside
world.
With
1.10.
We
have
it's
the
first
release
where
we
feature
the
pgp
service,
ip
announcement
natively.
B
If
you're
running
us
in
a
cloud
context,
let's
say
on
gk
on
eks
or
an
aks,
typically
celium
does
all
the
way
up
to
the
node
port
and
the
load.
Balancer
is
still
done
by
the
cloud
provider,
but
psyllium
has
all
of
the
functionality
to
do
the
load
balancer
as
well.
We
even
support
maglev,
which
is
a
highly
scalable
load,
balancing
mode
that
allows
load,
balancing
nodes
to
disappear
and
services
or
connections
to
to
take
a
different
route.
B
So
this
is
what
what
what's
being
used
behind
the
scenes
at
google
and
other
large-scale
infrastructure
companies.
We
give
you
that
same
capability
with
with
cilium
as
well.
We.
A
B
Yes,
so
if
1.10
you
can
replace
metal
b,
so
you
no
longer
need
to
run
llb
or
bird
yourself
and
yes,
you
can
replace
the
cloud
provider
lb.
All
you
have
to
do
is
somehow
get
the
network
packets
to
a
node
where
cylinder
is
running
so,
let's
say
you're
running
on
aws.
You
need
to
get
the
network
packets
to
an
ec2
instance.
B
A
B
Yeah,
all
of
this
is
available
for
all
the
releases
as
well,
so
like
the
psyllium
command
will
work
for
releases
going
back
as
well.
Also,
you
can
enable
hubble
this
way,
even
if
you're
running
one
eight
or
one
nine,
you
can
run
the
hubble
ui
this
way.
Absolutely
maybe
we
should
demonstrate
the
hubble
you.
You
are
real,
quick.
B
It's
pretty
pretty
neat
so
here
let
me
show
you
this
command
again,
so
we
had
an
enabler
disable
and
we
looked
at
the
port
forward.
So
let's
do
the
the
ui
and
I
will
have
to
switch
my
screen
share
because
it
will
actually
open
a
browser
server.
Oh
I
didn't.
I
didn't
enable
hubble
ui
yet
so
I
need
to
do
enable
dash
dash
ui.
B
B
It's
it's
not
that's
one
of
the
features,
that's
not
in
there
yet,
okay!
So
that's
why
I've
done
the
so
pull
requests.
Welcome.
We
can
check
whether
it's
not
in
there,
but
it
will
have
a
we'll
have
restarted
cilium
again
to
enable
the
ui.
So
it's
coming
back
up.
We
see
we
see
hubble
relay,
but
we
don't
we're
not
seeing
the
ui.
Yet
we
will
use
the
port
forward
feature
to
look
at
the
ui.
You
can
obviously
also
expose
the
ui
as
a
kubernetes
service
if
you
want
so,
let's.
B
Again,
all
right,
it's
doing
the
port
forward.
It's
now
for
port
for
forwarding
the
the
port
12000
to
the
cluster
and
I'm
gonna
change.
My
screen
share
to
the
hubble
ui.
B
So
you,
unfortunately
you
didn't
see
it,
but
basically
a
new
browser
window
popped
up
and
I'm
gonna
change
to
that.
B
Here
we
go
so
it
shows
me
this
ui
and
it
shows
me
the
list
of
namespaces
and
I'm
going
to
run
the
connectivity
test
again
in
the
background
and
I'm
going
to
go
into
the
psyllium
test
name
space.
B
So
it's
now
waiting
for
flows.
They
should
appear
in
a
couple
of
seconds
we
can
see.
There
is
three
nodes
connected
and
30
flows
per
second
are
going
through
and
it
has
now
picked
up
flows.
So
we
can
see
the
same
parts
that
we
saw
before
in
like
the
the
get
parts
output.
We
have
a
client
and
we
have
an
echo
order,
node
and
an
echo
same
node,
and
then
we
see
the
actual
flows
down
here.
We
can
click
on
one
and
actually
see
the
details
of
that.
B
So
we
see
like
the
labels
and
everything
we
see,
that
there
is
connectivity
from
client
to
the
outside
role.
So
this
is
the
the
test
to
google.com.
You
can
see
this.
These
are
the
packets
here
and
so
on.
So
it
gives
you
the
the
full
visibility
of
everything
we
could
go
up
here
and
actually,
for
example,
change.
I
only
want
to
see
dropped
stuff
and
there
is
nothing
dropped
right
now.
So
if
you
only
want
to
see
if
something
is
actually
not
forwarded,
let's
go
back
to
any
verdict.
So
this
is
pretty
cool.
B
It's
been
done
completely
transparently,
so
the
the
all
the
the
metadata
all
of
the
data
has
been
pulled
in
and
this
view
has
been
constructed
from
the
same
hubble
visibility
data,
as
we
have
seen
before,.
B
A
Yeah
really
cool
question
here
from
I
apologize.
If
I
pronounce
this
wrong,
abigail
is
the
psyllium
support
specific
to
the
kubernetes
version.
B
In
general
noah,
basically,
we
run
on
any
kubernetes
version.
In
general,
we
actually
list
a
series
of
kubernetes
versions
in
our
documentation.
That's
the
versions
of
kubernetes
that
we
actively
test
within
our
ci.
So
that's
where
we
actively
know
it's
really
really
working.
There
is
no
reason
why
it
would
not
work
for
some
of
the
older
versions.
Sometimes
we
use
functionality
that
is
not
available
in
really
really
really
old,
kubernetes
versions,
but
in
general
like
it
will
simply
work.
B
So
I
assume
that
it
works
and
if
it
doesn't
ping
us
on
ping
us
on
slack,
it's
usually
even
easy
to
run
with
a
two-year-old
kubernetes.
Not
that
now
that
I'm
recommending
that
you
do
this,
but
in
theory
it
would
be
possible.
I.
A
A
Has
posted
a
list
in
the
psyllium
docs
of
the
kubernetes
versions
that
we
do
know
we're
supporting
yep
amazing
all
right.
So
I
think
that's
been
a
really
good,
like
introduction
to
what
psyllium
does
and
a
nice
view
of
the
hubble
ui
anything
any
last
sort
of
beginner
pointers
that
you
would
share
with
the
audience
today.
B
Yeah,
I
think
my
advice
is
always
just
get
started.
It's
so
easy
just
to
get
a
in
deploying
going.
If
you,
if
you
go
to
the
cellium
cylinder
the
psyllium
io,
there
is
a
link
to
the
documentation,
they're
getting
started
guides
on
how
you
can
get
a
psyllium
environment
up
and
running
in
like
two
minutes.
If
mini
cube,
kind
micro
case,
whatever
you
want
or
a
managed
cloud
provider
or
managed
kubernetes
service,
I
think
getting
hands-on
quickly
will
give
you
the
best
experience
around
psyllium.
Try
out
the
ui.
Try
it
hubble.
B
We
have
lots
of
guides
around
how
to
do
network
policy,
how
to
try
out
layer,
7
enforcement,
cue
proxy
replacement,
how
to
configure
load
balancing
lots
of
ways.
I
think
that's
the
best
way
to
to
dig
around
and
learn
about
cinemas,
just
to
try
it
out
and
we're
trying
to
really
make
that
as
simple
as
possible.
B
A
Definitely
really
good
question
here,
actually
because
cilium
relies
on
ebpf
and
ebpf
was
added
to
the
kernel.
You
know
in
relatively
recent
versions.
So
are
there
any
known
popular
cloud
provided
machines
that
have
a
kernel
too
old
to
support
ebpf
and
possible.
B
Or
the
cloud
providers
I
mean
the
the
one
that
was
lagging
behind
the
most
was
was
raul
right,
rel
or
credit
enterprise
linux,
so
rather
enterprise
linux
7
still
has
an
incomplete.
That
has
the
ppf
supporter,
but
it's
it's
not
complete
enough
for
e4
for
for
psyllium
right
at
enterprise,
linux,
8
or
all,
of
course,
all
the
sent
to
us
and
so
on.
B
They
it's
it's
all
there,
but
all
of
the
cloud
provider
distributions
all
of
the
container
optimized
linux
linux
distributions
they
all
have
edpf
since
since
many
many
years,
evpf
is
kind
of
new,
but
at
the
same
time
the
the
kernel
version
that
you
need
to
run.
Celium
is
about
six
years
old
at
this
point.
So
it's
not
it's
not
bleeding
bleeding
etch
anymore.
At
this
point
here.
A
Great
all
right,
I
think
that
is
a
really
good
point
to
wrap
up
for
today.
I'm
going
to
say
thank
you
very
much
for
joining
us
we're
going
to
be
back
with
another
edition
of
echo
next
week.
Now
we're
going
to
be
alternating
the
time
zones,
because
this
slot
is
a
little
bit
early
for
folks
on
the
west
coast
of
the
u.s.
A
So
next
next
week
will
be
five
hours
later.
So
that's
7
p.m.
Uk
time,
which
I
believe
is
11
a.m,
pacific
and
then
we're
going
to
be
alternating
between
those
two
two
time
slots.
So
hopefully
that
allows
as
many
people
as
possible
to
join
us.
So
if
you
have
ideas
for
things,
you
want
us
to
cover,
as
I
say,
go
to
that
echo
repo,
the
links
will
be
in
the
show
notes.
A
If
you
have
questions
we
will
be
here
next
week
or
you
can
always
find
us
and
the
rest
of
the
psyllium
team
and
all
the
great
folks
from
I
surveillance
in
the
ebpf
and
psyllium
slack
channel
one
last
shout
out,
I
meant
to
shout
out
earlier
for
vadim
our
designer,
who
I
think
has
done
a
beautiful
job
with
the
the
logo
for
this
live
stream.
So
round
of
applause
for
him,
and
with
that,
I
think
we'll
say
goodbye.
Thank
you
so
much
for
joining
us.
It's
been
really
fun.