Podcasts about cilium

  • 60PODCASTS
  • 106EPISODES
  • 43mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • May 29, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about cilium

Latest podcast episodes about cilium

Getup Kubicast
#170 - Desafios do Kubernetes Geodistribuído - Com Guilherme Oki

Getup Kubicast

Play Episode Listen Later May 29, 2025 50:33


Hoje a conversa foi com o Guilherme Oki, um verdadeiro veterano do SRE e Cloud, que já navegou por ambientes de infraestrutura em fintechs, jogos e agora está numa startup stealth (sim, aquele mistério que te deixa curioso até o final). Falamos de Kubernetes em large scale, desafios de rede, geodistribuição e aquele eterno dilema do multi-cloud: usar ou fugir?Exploramos desde o que realmente significa trabalhar em "grande escala" (não, seu EKS com 10 nodes não conta), até questões mais cabeludas como Federation, eBPF, Cilium, e como lidar com as dores reais da escalabilidade em ambientes críticos.Tudo isso com uma pegada técnica, sem perder o bom humor. Cola com a gente nesse episódio que está simplesmente imperdível para quem vive ou quer viver no mundo de Kubernetes e infraestrutura moderna.Capítulos principais do episódio:00:00 - Abertura03:00 - O que é grande escala07:30 - Geodistribuição11:00 - Multi-cloud vale a pena?14:40 - Desafios de rede19:30 - Federation de clusters24:10 - Cilium e eBPF30:00 - Infra para jogos34:20 - Padronização em escala38:10 - Limites do Kubernetes42:00 - Controle com Cilium46:30 - Bugs e UDP50:40 - Gerenciado vs autonomiaLinks Importantes:- Guilherme Oki - https://www.linkedin.com/in/guilherme-oki-1a649b115/- João Brito - https://www.linkedin.com/in/juniorjbnParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Cloud Security Podcast
How Confluent Migrated Kubernetes Networking Across AWS, Azure & GCP

Cloud Security Podcast

Play Episode Listen Later Apr 2, 2025 15:32


Ever tried solving DNS security across a multi-cloud, multi-cluster Kubernetes setup? In this episode recorded live at KubeCon, Ashish chats with Nimisha Mehta and Alvaro Aleman from Confluent's Kubernetes Platform Team.Together, they break down the complex journey of migrating to Cilium from default CNI plugins across Azure AKS, AWS EKS, and Google GKE. You'll hear:How Confluent manages Kubernetes clusters across cloud providers.Real-world issues encountered during DNS security migration.Deep dives into cloud-specific quirks with Azure's overlay mode, GKE's Cilium integration, and AWS's IP routing limitations.Race conditions, IP tables, reverse path filters, and practical workarounds.Lessons they'd share for any platform team planning a similar move.Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Alvaro's Linkedin + Nimisha's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:55) A bit about Alvaro(02:41) A bit about Nimisha(03:11) About their Kubecon NA talk(03:51) The Cilium use case(05:16) Using Kubernetes Native tools in all 3 cloud providers(011:41) Lessons learnt from the projectResources spoken about during the interviewConfluent's Multi-Cloud Journey to Cilium: Pitfalls and Lessons Lea... Nimisha Mehta & Alvaro Aleman

Paul's Security Weekly
Learning EBPF - Liz Rice - ASW Vault

Paul's Security Weekly

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

Paul's Security Weekly TV
Learning EBPF - Liz Rice - ASW Vault

Paul's Security Weekly TV

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

Application Security Weekly (Audio)
Learning EBPF - Liz Rice - ASW Vault

Application Security Weekly (Audio)

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

Application Security Weekly (Video)
Learning EBPF - Liz Rice - ASW Vault

Application Security Weekly (Video)

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

The IaC Podcast
Cloud-Native Security and Networking with Liz Rice

The IaC Podcast

Play Episode Listen Later May 30, 2024 26:00


How are modern cloud-native environments changing the way we handle security? Liz Rice, Chief Open Source Officer at Isovalent, explains why traditional IP-based network policies are becoming outdated and how game-changers like Cilium and eBPF, which leverage Kubernetes identities, offer more effective and readable policies. We also discuss the role of community-driven projects under the CNCF, and she shares tips for creating strong, future-proof solutions. What challenges should we expect next? Tune in to find out!Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She is the author of Container Security, and Learning eBPF, both published by O'Reilly, and she sits on the CNCF Governing Board, and on the Board of OpenUK. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.

DevOps Paradox
DOP 265: The Impact of Kubernetes and GitOps on the Tech Landscape

DevOps Paradox

Play Episode Listen Later May 29, 2024 50:47


#265: The worlds of Kubernetes and GitOps are constantly evolving, each iteration bringing us closer to a more streamlined, efficient, and powerful way of managing and deploying our software architectures. Kubernetes has become the cornerstone of container orchestration, offering an unmatched level of flexibility and scalability. Meanwhile, GitOps practices are revolutionizing how we view and implement CI/CD pipelines, emphasizing a declarative way to manage infrastructure and applications. As the Kubernetes landscape matures, clear winners in each category, such as Cilium for CNI and CertManager for certificate management, are emerging, streamlining the selection process for Kubernetes tooling. This maturation leads to a consolidation of best practices and tools, analogous to the evolution observed in Linux distributions. While diversity in tools offers flexibility, a certain level of standardization is necessary for broader adoption and ease of use. In this episode, we talk with John Dietz, CEO and Cofounder of Kubefirst, about a potential future where Kubernetes becomes an unseen yet omnipresent force in software development.   John's contact information: X (Formerly Twitter): https://twitter.com/vitamindietz LinkedIn: https://www.linkedin.com/in/jd-k8s/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/`

Cables2Clouds
Kubernetes Networking for Network Engineers - C2C034

Cables2Clouds

Play Episode Listen Later May 29, 2024 53:02 Transcription Available


What if the future of cloud-native networking could revolutionize everything you thought you knew about Kubernetes? Join us on this episode of Cables 2 Clouds as we continue our "Cloud Demystified" series with a deep dive into Kubernetes networking. We're thrilled to have Nicolas Vibert, a seasoned pro from Isovalent with nearly two decades of experience at Cisco, VMware, and HashiCorp. Together, we explore the essentials of Kubernetes networking through the innovative lens of Cilium, a CNI specifically designed for cloud-native environments. Nico shares his unique journey of learning Kubernetes from a network engineer's perspective, emphasizing the critical role of hands-on experience and mentorship. We also discuss the creation of hands-on labs and educational materials tailored for network engineers. This segment is loaded with analogies to help traditional network professionals grasp key Kubernetes concepts with ease.Ever wondered how Kubernetes orchestrates its complex networking operations? We break down the intricacies of the Kubernetes control plane, likening it to traditional network engineering concepts for clarity. Discover the limitations of Kubernetes' default networking tool, kube-proxy, and why modern CNIs like Cilium offer a more efficient solution for large-scale deployments. Nico explains how Cilium leverages eBPF maps for effective traffic routing and load balancing within Kubernetes clusters. Tune in for invaluable insights into the evolving landscape of cloud-native networking solutions.Check out the Fortnightly Cloud Networking NewsVisit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatjArt of Network Engineering (AONE): https://artofnetworkengineering.com

Cloud Security Podcast
How is Kubernetes Network Security Evolving?

Cloud Security Podcast

Play Episode Listen Later Apr 30, 2024 20:19


How is eBPF impacting Kubernetes Network Security? In this episode, recorded LIVE at Kubecon EU Paris 2024, Liz Rice, Chief Open Source Officer at Isovalent took us through the technical nuances of eBPF and its role in enabling dynamic, efficient network policies that go beyond traditional security measures. She also discusses Tetragon, the new subproject under Cilium, designed to enhance runtime security with deeper forensic capabilities. A great conversation for anyone involved in Kubernetes workload management, offering a peek into the future of cloud-native technologies and the evolving landscape of network security. Guest Socials: ⁠Liz's Linkedin⁠ Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (01:46) A bit about Liz Rice (02:11) What is eBPF and Cilium? (03:24) SC Linux vs eBPF (04:11) Business use case for Cilium (06:37) Cilium vs Cloud Managed Services (08:51) Why was there a need for Tetragon? (11:20) Business use case for Tetragon (11:32) Projects related to Multi-Cluster Deployment (12:45) Where can you learn more about eBPF and Tetragon (13:50) Hot Topics from Kubecon EU 2024 (15:07) The Fun Section (15:35) How has Kubecon changed over the years? Resources spoken about during the interview: Cilium Tetragon eBPF

Getup Kubicast
#145 - Kubernetes DOCs

Getup Kubicast

Play Episode Listen Later Apr 26, 2024 43:09


A Importância da Documentação em Ambientes Cloud Native e DevOpsNo mais recente episódio do KubiCast, João Brito conduz uma entrevista esclarecedora com Edson Ferreira sobre o papel vital da documentação em ambientes cloud native e DevOps. Edson compartilha insights valiosos sobre a importância da localização na tradução da documentação, destacando que vai além da simples tradução literal. Ele enfatiza a necessidade de considerar as nuances culturais e linguísticas para tornar a documentação mais acessível e relevante para o público-alvo.Além disso, Edson discute a importância de estabelecer uma terminologia consistente e de tratar a documentação como uma característica essencial dos projetos. Ele aponta o Projeto Glossário como um exemplo, que simplifica termos técnicos para torná-los compreensíveis para todos os públicos, tanto técnicos quanto não técnicos.Outro ponto abordado por Edson é a necessidade de colaboração em equipe na documentação. Ele destaca a importância de contribuir para projetos de código aberto, como o Kubernetes, onde a documentação é fundamental para garantir a clareza e o sucesso do projeto. Contribuir para a documentação não apenas ajuda a comunidade, mas também oferece valiosas oportunidades de aprendizado e crescimento profissional.Este episódio do KubiCast oferece insights importantes sobre como a documentação desempenha um papel crucial no sucesso de projetos em ambientes, cloud native e DevOps. Ao priorizar a localização, estabelecer terminologia consistente e colaborar ativamente na documentação, as equipes podem melhorar a compreensão, a acessibilidade e a eficácia de seus projetos. Não perca este episódio esclarecedor do KubiCast!O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão em getup.io/kubicast, nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Open at Intel
Better Than the Sum of Our Parts

Open at Intel

Play Episode Listen Later Apr 24, 2024 28:11 Transcription Available


Stephen Augustus, Head of Open Source at Cisco, and Liz Rice, Chief Open Source Officer at Isovalent, discuss Cisco's acquisition of Isovalent, which has closed since recording, bringing together two teams with long-standing expertise in open source cloud native technologies, observability, and security. The two share their excitement about working together, emphasizing the alignment of Isovalent with Cisco's security division and the potential enhancements this acquisition brings to open source projects like Cilium and eBPF. They explore the implications for the open source community, and the continuous investment and development in these projects under Cisco's umbrella. We discuss the ways this merger could innovate security practices, enhance infrastructure observability, and leverage AI for more intelligent networking solutions. 00:00 Welcome and Introduction 00:22 Cisco's Acquisition of Isovalent 00:53 The Excitement and Potential of the Acquisition 02:14 Strategic Alignment and Future Vision 04:03 Open Source Commitment and Community Impact 06:53 The Road Ahead: Integration and Innovation 19:49 Exploring AI and Future Technologies at Cisco 26:03 Reflections and Closing Thoughts Resources: Cilium, eBPF and Beyond | Open at Intel (podbean.com) The Art of Open Source: A Conversation with Stephen Augustus | Open at Intel (podbean.com) Guests: Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine. Stephen Augustus is a Black engineering director and leader in open source communities. He is the Head of Open Source at Cisco, working within the Strategy, Incubation, & Applications (SIA) organization. For Kubernetes, he has co-founded transformational elements of the project, including the KEP (Kubernetes Enhancements Proposal) process, the Release Engineering subproject, and Working Group Naming. Stephen has also previously served as a chair for both SIG PM and SIG Azure. He continues his work in Kubernetes as a Steering Committee member and a Chair for SIG Release. Across the wider LF (Linux Foundation) ecosystem, Stephen has the pleasure of serving as a member of the OpenSSF Governing Board and the OpenAPI Initiative Business Governing Board. Previously, he was a TODO Group Steering Committee member, a CNCF (Cloud Native Computing Foundation) TAG Contributor Strategy Chair, and one of the Program Chairs for KubeCon / CloudNativeCon, the cloud native community's flagship conference. He is a maintainer for the Scorecard and Dex projects, and a prolific contributor to CNCF projects, amongst the top 40 (as of writing) code/content committers, all-time. In 2020, Stephen co-founded the Inclusive Naming Initiative, a cross-industry group dedicated to helping projects and companies make consistent, responsible choices to remove harmful language across codebases, standards, and documentation. He has previously held positions at VMware (via Heptio), Red Hat, and CoreOS. Stephen is based in New York City.  

Getup Kubicast
Maratona Kubecon Paris 2024 - Case da Sicredi

Getup Kubicast

Play Episode Listen Later Apr 1, 2024 19:03


Tivemos a oportunidade de entrevistar o Matheus Morais que compartilhou o case incrível da Sicredi usando Kubernetes e Cilium para garantir disponibilidade, estabilidade e escala em um cenário de multicluster envolvendo on-premisses.Matheus que tem mais de 20 anos de administração de sistemas e pôde compartilhar conosco um pouco da jornada e dos desafios que ele e o time enfrentaram para criar e manter esse ambiente.Um papo bem técnico que traz experiências práticas no mundo real, e quem sabe a primeira vez nesse podcast que temos um case de multicluster de verdade!Você pode ainda assistir a talk do Matheus na Kubecon Paris 2024 aqui: https://kccnceu2024.sched.com/event/1YeRTO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão em getup.io/kubicast, nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Getup Kubicast
#144 - DevOps e Startups c/c Sibelius

Getup Kubicast

Play Episode Listen Later Apr 1, 2024 47:35


Neste episódio recebemos Caio e Sibelius da WOOVI, e discutimos a história e o desenvolvimento da WOOVI e Open Pix, a importância de mentoria, compreensão e documentação no desenvolvimento. Eles também destacam o impacto do Kubernetes, ferramentas de observabilidade, feedback do cliente e DevOps no sucesso e crescimento de startups.Alguns tópicos abordados nesse episódio incrível:A Evolução dos Métodos de Pagamento e o Crescimento de uma Startup;O DevOps desempenha um papel crucial no sucesso da startup, fornecendo mobilidade e flexibilidade para tomada de decisões rápidas;O Kubernetes permite escalar facilmente e experimentar rapidamente para startups;Desafios da Mentoria e Crescimento de Carreira no Desenvolvimento de Software;Impacto da mentoria nos resultados da carreira e da empresa;A Importância da Confiança, do Trabalho Duro e dos Desafios do Crescimento do Produto."A melhor maneira de crescer na carreira é por meio de tentativa e erro e aprendendo com a experiência disponível."Equilibrando Produto e Serviço: DevOps e Feedback do Cliente.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão em getup.io/kubicast, nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Kubernetes Podcast from Google
Cilium and eBPF, with Bill Mulligan

Kubernetes Podcast from Google

Play Episode Listen Later Jan 23, 2024 55:02


Guest is Bill Mulligan. Bill is Community Pollinator at Isovalent working on Cilium and eBPF. We learned how to properly pronounce Isovalent and what it actually means. We also spoke in depth about eBPF, Cilium, network function in Kubernetes and more.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week The Kubernetes legacy Linux package repositories are going away in January 2024 Kubernetes 1.29 is now available on GKE in the Rapid Channel The Vmware Tanzu Application Catalog is fully compliant with the SLSA Level 3 AWS extended support for Kubernetes minor versions pricing update The Kubernetes Contributor Summit Paris CFP is Open, closes Feb 4th KubeCon and CloudNativeCon EU 2024 co-located events agenda is live The Cloud Native Glossary is now available in French Blixt a new experimental LoadBalancer based on the Gateway API and eBPF Links from the interview Bill Mulligan: LinkedIn Twitter/X Covalent bonds on Wikipedia Isovalent Hybridization on Wikipedia Isovalent company site BPF - Berkeley Packet Filtering eBPF project site Fast by Friday: Why eBPF is Essential - Brendan Gregg GKE Dataplane V2 Cilium project site Hubble documentation Cilium Service Mesh Cilium annual report Cilium Certified Associate (CCA) CCA Study Guide from Isovalent on GitHub Istio Certified Associate (ICA) Certified Kubernetes Administrator (CKA) Certified Kubernetes Application Developer (CKAD) Kubernetes and Cloud Native Associate (KCNA) Resources to prepare for the CCA certification Isovalent library The World of Cilium Cisco acquired Isovalent Developing eBPF Apps in Java BGP in eBPF

Cables2Clouds
C2C Fortnightly News: Cisco is in love with K8s! - NC2C001

Cables2Clouds

Play Episode Listen Later Jan 17, 2024 28:00 Transcription Available


Get ready to have your mind blown as we navigate the tectonic shifts within the cloud and networking realm, stirring up the landscape with Cisco's latest power move. The acquisition of Isovalent, the wizards behind EBPF and Cilium, isn't just a headline—it's a signpost towards a future where Cisco could become the Gandalf of the cloud ecosystem. We're peeling back the layers of this strategic play, and we're not shying away from the hard questions: What does this mean for the container network interfaces and the open-source community? Will Cisco's embrace of Cilium lead to a magical blend of innovation and tradition? There's no crystal ball, but we've got the next best thing—insights, predictions, and a bit of laughter at the absurdity of network gear that might just ask for printer toner.Then, we pivot to another industry shockwave as we scrutinize Hewlett-Packard Enterprises' bold acquisition of Juniper Networks. It's not just a plot twist; it's a full-blown narrative reshuffle that has us pondering HPE's hunger for Juniper's network prowess and AI treasure trove. Does this signal a new dawn for HPE in the arena of AI-driven networking? How will Aruba Networks and Mist Systems fit into this newly-drawn map? And just when you thought we might take a breather, we're diving into the implications of VMware's reimagined partner program, forecasting what the future holds for VMware Certified Professionals and the swirling eddy of industry changes. Stay tuned, as we tackle these industry-shaking developments with our trademark mix of depth and wit—because who says tech talk can't have a few laughs along the way?Check out the Fortnightly Cloud Networking NewsVisit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatjArt of Network Engineering (AONE): https://artofnetworkengineering.com

Open at Intel
Cilium, eBPF and Beyond

Open at Intel

Play Episode Listen Later Dec 7, 2023 22:58


In this podcast, Isovalent's Liz Rice discusses her involvement with several open source projects, such as the Cilium project and the eBPF platform. With the graduation of Cilium in the CNCF, Liz explains its networking and security capabilities and how it benefits the cloud-native ecosystem. She also dives into eBPF and discusses the implications of AI. The talk concludes with an exploration about open source communities, recommendations regarding emerging trends in the open source world, and Liz's anticipation for the future of Cilium and the impact of eBPF. 00:00 Introduction and Guest Background 01:10 Understanding Cilium and its Role in Networking 02:15 Exploring the Origins and Impact of eBPF 04:21 Insights into the eBPF Summit and Community Events 08:00 The Role of Open Source in Technology Development 12:40 The Intersection of AI and Open Source 18:21 Future Developments in Cilium and Open Source 21:02 Conclusion and Final Thoughts Guest: Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.  

Cloud Security Podcast
eBPF - Kubernetes Network Security without the Blind Sides!

Cloud Security Podcast

Play Episode Listen Later Nov 30, 2023 23:23


eBPF is recent graduate in the CNCF family and this means that the world of Cloud and Kubernetes, networking looks very different with more security capabilities. Cilium the project from Isovalent has been gaining traction for network security for kubernetes as blindsides have been called out in the managed kubernetes deployments. This episode was recorded at KubeCon NA with Thomas Graf from Isovalent to share what the blindsides are and why eBPF provides better network security capability for kubernetes deployments of any scale. Guest Socials: Thomas's Linkedin ⁠(⁠@ThomasGraf⁠⁠)⁠ Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠ Questions asked: (00:00) Introduction (03:42) A bit about Thomas (04:11) Traditional Networking in Kubernetes (06:52) What is Cilium? (07:52) What is eBPF? (08:46) What do people use Cilium for? (11:31) Starting with network security in Kubernetes (13:02) Complexities with Scale (16:02) How do projects graduate? (17:02) The eBPF documentary (17:27) Opensource to Company (18:52) Practitioner to Founder (19:57) Building an open source project (21:13) The Fun Questions! You can check out the The eBPF Documentary here

Getup Kubicast
Kubicast #137 - Maratona KubeCon NA - 2023 - Dia 3

Getup Kubicast

Play Episode Listen Later Nov 9, 2023 30:43


Passando pelo terceiro dia da Kubecon, os convidados do Kubicast deram dicas de como contribuir para o Kubernetes sem entrar em burnout; também falaram das dificuldades de profissionais não-americanos e não-europeus participarem de projetos Open Source e do quanto dá orgulho de ver latinos, representando a gente em palestras na Kubecon.No mais, o pessoal destacou as talks sobre o Capture the flag, jogo para explorar um cluster Kubernetes com desafios, casos de uso para o bpfd  e otimização de rede para o Cilium.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão em getup.io/kubicast, nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

DevOps and Docker Talk
Istio Ambient Mesh and Solo.io

DevOps and Docker Talk

Play Episode Listen Later Aug 25, 2023 62:42


Bret and Nirmal welcome Idit Levine, Founder/CEO Solo.io. Idit focuses on Service Mesh, API-GW and Multi-Cloud networking, and security.Idit has been involved in the Containers/DevOps community for 10+ years, building products from Docker to Envoy to Kubernetes, and now Istio and Cilium. We talk about Istio, Ambient Mesh, Envoy, Zero-Trust Security, Cilium, eBPF, Multi-Cloud and more.This is not the first time we've talked about Solo or Service Mesh. Ambient Mesh is Solo's new product that simplifies the install and infrastructure costs of essentially running Istio. I'm really hopeful that this is going to help a lot more people implement Istio because traditionally, it does have a lot of parts and a lot of costs with the sidecar approach, but this new approach reduces the number of essentially proxies and parts that you're running on each node of your Kubernetes cluster. Live recording of the complete show from June 29, 2023 is on YouTube (Ep. #223).★Topics★Solo.ioIstio Ambient MeshSolo Academy (free courses)Istio Ambient Mesh ebookGloo FabricSupport this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★Get on the waitlist for my next live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Nirmal Mehta - Host Idit Levine - Guest (00:00) - Intro (03:59) - How did Solo.io start? (21:03) - The difference between service mesh and API gateway (30:55) - Where is service mesh going? (41:53) - Is Ambient Mesh as secure as the sidecar model? (48:11) - Opportunities after adopting Ambient Mesh (53:41) - Phipps compliance (55:46) - Unikernel vs WebAssembly

Open Source Underdogs
Episode 63: EBPF Networking Isovalent with Liz Rice – Chief Open Source Officer

Open Source Underdogs

Play Episode Listen Later Aug 13, 2023 24:45


Intro Mike: Hello and welcome to Open Source Underdogs! I’m your host, Mike Schwartz, and this is episode 63, with Liz Rice, Chief Open Source Officer at Isovalent, the software startup behind Cilium, an eBPF-based Networking, Security and Observability project.  This episode was recorded in early February at the inaugural State of Open Source Conference or SoCon,... The post Episode 63: EBPF Networking Isovalent with Liz Rice – Chief Open Source Officer first appeared on Open Source Underdogs.

linkmeup. Подкаст про IT и про людей

В 121-м эпизоде telecom мы сделали первый нырок в сеть в кубернетисе - и нам понравилось. Поэтому вооружаемся аквалнагом и идём глубже - сегодня говорим про реализацию одного из CNI в Kubernetes - Cilium - примечательный тем, что использует не только сетевой стек ядра Linux, но и eBPF вместе с XDP. Про что: Введение в eBPF и Cilium: Краткое объяснение технологии eBPF и ее роли в будущем сетевой безопасности и сетевых технологий. Почему мы переключились на Cilium: объяснение причин перехода. Особенности Cilium и использование с Kubernetes: Обзор ключевых возможностей и преимуществ Cilium, включая XDP Load Balancing, замену Kube-proxy и требования к версии ядра. Обсуждение Hubble Observability и его роли в мониторинге и отладке сети. Как работать с Cilium без kube-proxy и минимальными требованиями к ядру. Первые шаги с Cilium: Настройка Network Policy, включая белые списки и фильтрацию исходящего трафика. Понимание Cilium Entities и их роли в сетевой безопасности. Рассмотрение Local Redirect Policy и изменения, связанные с использованием node-local-dns traffic. Особенности маршрутизации и балансировки в Cilium: Обсуждение различных параметров и опций, доступных для маршрутизации и балансировки. Конфигурация Cilium hostFirewall: Приведение особенностей настройки и использования hostFirewall в Cilium. Отладка в Cilium: Обсуждение инструментов и стратегий для отладки, включая аудит сетевой политики и использование debug ключей. Рассмотрение использования sidecar с cilium monitor для централизованного сбора логов. Обзор найденных и исправленных багов в Cilium: Обсуждение конкретных проблем и багов, с которыми мы столкнулись и как их решали. Особенности работы с Cilium: Обсуждение специфических сценариев работы и совместимости с Kubernetes. Анализ потенциальных проблем и багов, которые могут возникнуть при использовании Cilium. Неочевидные возможности Cilium: Обзор функций и возможностей Cilium, которые мы еще не успели изучить. Заключение и обсуждение планов на будущее использование Cilium и eBPF. Сообщение telecom №125. K8s Cilium появились сначала на linkmeup.

Kubernetes Podcast from Google
Docker && WASM, with Justin Cormack

Kubernetes Podcast from Google

Play Episode Listen Later Jun 19, 2023 49:24


This week we speak to Justin Cormack the CTO of Docker. We talked about WASM (or WebAssembly Modules), Docker support for running WASM apps and the future of the technology.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week WASMCon 2023: CFP Event Kyverno Project 1.10 Intro to Cilium course Microsoft Azure Linux is GA CNCF Glossary German edition is live Google C3 Machine family is available for GKE ChainGuard move from Github Registry to self-hosted Amazon Pull through cache on AWS container registry   Links from the interview Justin Cormack: Twitter LinkedIn Docker WebAssembly Docker+WASM asm.js asmjs.org V8 Javascript engine Google Sandboxing WebGPU ByteCode Alliance Containerd Mesos WASM Edge  

Screaming in the Cloud
Learning eBPF with Liz Rice

Screaming in the Cloud

Play Episode Listen Later May 2, 2023 33:59


Liz Rice, Chief Open Source Officer at Isovalent, joins Corey on Screaming in the Cloud to discuss the release of her newest book, Learning eBPF, and the exciting possibilities that come with eBPF technology. Liz explains what got her so excited about eBPF technology, and what it was like to write a book while also holding a full-time job. Corey and Liz also explore the learning curve that comes with kernel programming, and Liz illustrates why it's so important to be able to explain complex technologies in simple terminology. About LizLiz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She sits on the CNCF Governing Board, and on the Board of OpenUK. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, and Learning eBPF, both published by O'Reilly.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.Links Referenced: Isovalent: https://isovalent.com/ Learning eBPF: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Container Security: https://www.amazon.com/Container-Security-Fundamental-Containerized-Applications/dp/1492056707/ GitHub for Learning eBPF: https://github.com/lizRice/learning-eBPF TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Our returning guest today is Liz Rice, who remains the Chief Open Source Officer with Isovalent. But Liz, thank you for returning, suspiciously closely timed to when you have a book coming out. Welcome back.Liz: [laugh]. Thanks so much for having me. Yeah, I've just—I've only had the physical copy of the book in my hands for less than a week. It's called Learning eBPF. I mean, obviously, I'm very excited.Corey: It's an O'Reilly book; it has some form of honeybee on the front of it as best I can tell.Liz: Yeah, I was really pleased about that. Because eBPF has a bee as its logo, so getting a [early 00:01:17] honeybee as the O'Reilly animal on the front cover of the book was pretty pleasing, yeah.Corey: Now, this is your second O'Reilly book, is it not?Liz: It's my second full book. So, I'd previously written a book on Container Security. And I've done a few short reports for them as well. But this is the second, you know, full-on, you can buy it on Amazon kind of book, yeah.Corey: My business partner wrote Practical Monitoring for O'Reilly and that was such an experience that he got entirely out of observability as a field and ran running to AWS bills as a result. So, my question for you is, why would anyone do that more than once?Liz: [laugh]. I really like explaining things. And I had a really good reaction to the Container Security book. I think already, by the time I was writing that book, I was kind of interested in eBPF. And we should probably talk about what that is, but I'll come to that in a moment.Yeah, so I've been really interested in eBPF, for quite a while and I wanted to be able to do the same thing in terms of explaining it to people. A book gives you a lot more opportunity to go into more detail and show people examples and get them kind of hands-on than you can do in their, you know, 40-minute conference talk. So, I wanted to do that. I will say I have written myself a note to never do a full-size book while I have a full-time job because it's a lot [laugh].Corey: You do have a full-time job and then some. As we mentioned, you're the Chief Open Source Officer over at Isovalent, you are on the CNCF governing board, you're on the board of OpenUK, and you've done a lot of other stuff in the open-source community as well. So, I have to ask, taking all of that together, are you just allergic to things that make money? I mean, writing the book as well on top of that. I'm told you never do it for the money piece; it's always about the love of it. But it seems like, on some level, you're taking it to an almost ludicrous level.Liz: Yeah, I mean, I do get paid for my day job. So, there is that [laugh]. But so, yeah—Corey: I feel like that's the only way to really write a book is, in turn, to wind up only to just do it for—what someone else is paying you to for doing it, viewing it as a marketing exercise. It pays dividends, but those dividends don't, in my experience from what I've heard from everyone say, pay off as of royalties on book payments.Liz: Yeah, I mean, it's certainly, you know, not a bad thing to have that income stream, but it certainly wouldn't make you—you know, I'm not going to retire tomorrow on the royalty stream unless this podcast has loads and loads of people to buy the book [laugh].Corey: Exactly. And I'm always a fan of having such [unintelligible 00:03:58]. I will order it while we're on the call right now having this conversation because I believe in supporting the things that we want to see more of in the world. So, explain to me a little bit about what it is. Whatever you talking about learning X in a title, I find that that's often going to be much more approachable than arcane nonsense deep-dive things.One of the O'Reilly books that changed my understanding was Linux Kernel Internals, or Understanding the Linux Kernel. Understanding was kind of a heavy lift at that point because it got very deep very quickly, but I absolutely came away understanding what was going on a lot more effectively, even though I was so slow I needed a tow rope on some of it. When you have a book that started with learning, though, I imagined it assumes starting at zero with, “What's eBPF?” Is that directionally correct, or does it assume that you know a lot of things you don't?Liz: Yeah, that's absolutely right. I mean, I think eBPF is one of these technologies that is starting to be, particularly in the cloud-native world, you know, it comes up; it's quite a hot technology. What it actually is, so it's an acronym, right? EBPF. That acronym is almost meaningless now.So, it stands for extended Berkeley Packet Filter. But I feel like it does so much more than filtering, we might as well forget that altogether. And it's just become a term, a name in its own right if you like. And what it really does is it lets you run custom programs in the kernel so you can change the way that the kernel behaves, dynamically. And that is… it's a superpower. It's enabled all sorts of really cool things that we can do with that superpower.Corey: I just pre-ordered it as a paperback on Amazon and it shows me that it is now number one new release in Linux Networking and Systems Administration, so you're welcome. I'm sure it was me that put it over the top.Liz: Wonderful. Thank you very much. Yeah [laugh].Corey: Of course, of course. Writing a book is one of those things that I've always wanted to do, but never had the patience to sit there and do it or I thought I wasn't prolific enough, but over the holidays, this past year, my wife and business partner and a few friends all chipped in to have all of the tweets that I'd sent bound into a series of leather volumes. Apparently, I've tweeted over a million words. And… yeah, oh, so I have to write a book 280 characters at a time, mostly from my phone. I should tweet less was really the takeaway that I took from a lot of that.But that wasn't edited, that wasn't with an overall theme or a narrative flow the way that an actual book is. It just feels like a term paper on steroids. And I hated term papers. Love reading; not one to write it.Liz: I don't know whether this should make it into the podcast, but it reminded me of something that happened to my brother-in-law, who's an artist. And he put a piece of video on YouTube. And for unknowable reasons if you mistyped YouTube, and you spelt it, U-T-U-B-E, the page that you would end up at from Google search was a YouTube video and it was in fact, my brother-in-law's video. And people weren't expecting to see this kind of art movie about matches burning. And he just had the worst comment—like, people were so mean in the comments. And he had millions of views because people were hitting this page by accident, and he ended up—Corey: And he made the cardinal sin of never read the comments. Never break that rule. As soon as you do that, it doesn't go well. I do read the comments on various podcast platforms on this show because I always tell people to insulted all they want, just make sure you leave a five-star review.Liz: Well, he ended up publishing a book with these comments, like, one comment per page, and most of them are not safe for public consumption comments, and he just called it Feedback. It was quite something [laugh].Corey: On some level, it feels like O'Reilly books are a little insulated from the general population when it comes to terrible nonsense comments, just because they tend to be a little bit more expensive than the typical novel you'll see in an airport bookstore, and again, even though it is approachable, Learning eBPF isn't exactly the sort of title that gets people to think that, “Ooh, this is going to be a heck of a thriller slash page-turner with a plot.” “Well, I found the protagonist unrelatable,” is not sort of the thing you're going to wind up seeing in the comments because people thought it was going to be something different.Liz: I know. One day, I'm going to have to write a technical book that is also a murder mystery. I think that would be, you know, quite an achievement. But yeah, I mean, it's definitely aimed at people who have already come across the term, want to know more, and particularly if you're the kind of person who doesn't want to just have a hand-wavy explanation that involves boxes and diagrams, but if, like me, you kind of want to feel the code, and you want to see how things work and you want to work through examples, then that's the kind of person who might—I hope—enjoy working through the book and end up with a possible mental model of how eBPF works, even though it's essentially kernel programming.Corey: So, I keep seeing eBPF in an increasing number of areas, a bunch of observability tools, a bunch of security tools all tend to tie into it. And I've seen people do interesting things as far as cost analysis with it. The problem that I run into is that I'm not able to wind up deploying it universally, just because when I'm going into a client engagement, I am there in a purely advisory sense, given that I'm biasing these days for both SaaS companies and large banks, that latter category is likely going to have some problems if I say, “Oh, just take this thing and go ahead and deploy it to your entire fleet.” If they don't have a problem with that, I have a problem with their entire business security posture. So, I don't get to be particularly prescriptive as far as what to do with it.But if I were running my own environment, it is pretty clear by now that I would have explored this in some significant depth. Do you find that it tends to be something that is used primarily in microservices environments? Does it effectively require Kubernetes to become useful on day one? What is the onboard path where people would sit back and say, “Ah, this problem I'm having, eBPF sounds like the solution.”Liz: So, when we write tools that are typically going to be some sort of infrastructure, observability, security, networking tools, if we're writing them using eBPF, we're instrumenting the kernel. And the kernel gets involved every time our application wants to do anything interesting because whenever it wants to read or write to a file, or send receive network messages, or write something to the screen, or allocate memory, or all of these things, the kernel has to be involved. And we can use eBPF to instrument those events and do interesting things. And the kernel doesn't care whether those processes are running in containers, under Kubernetes, just running directly on the host; all of those things are visible to eBPF.So, in one sense, doesn't matter. But one of the reasons why I think we're seeing eBPF-based tools really take off in cloud-native is that you can, by applying some programming, you can link events that happened in the kernel to specific containers in specific pods in whatever namespace and, you know, get the relationship between an event and the Kubernetes objects that are involved in that event. And then that enables a whole lot of really interesting observability or security tools and it enables us to understand how network packets are flowing between different Kubernetes objects and so on. So, it's really having this vantage point in the kernel where we can see everything and we didn't have to change those applications in any way to be able to use eBPF to instrument them.Corey: When I see the stories about eBPF, it seems like it's focused primarily on networking and flow control. That's where I'm seeing it from a security standpoint, that's where I'm seeing it from cost allocation aspect. Because, frankly, out of the box, from a cloud provider's perspective, Kubernetes looks like a single-tenant application with a really weird behavioral pattern, and some of that crosstalk gets very expensive. Is there a better way than either using eBPF and/or VPC flow logs to figure out what's talking to what in the Kubernetes ecosystem, or is BPF really your first port of call?Liz: So, I'm coming from a position of perspective of working for the company that created the Cilium networking project. And one of the reasons why I think Cilium is really powerful is because it has this visibility—it's got a component called Hubble—that allows you to see exactly how packets are flowing between these different Kubernetes identities. So, in a Kubernetes environment, there's not a lot of point having network flows that talk about IP addresses and ports when what you really want to know is, what's the Kubernetes namespace, what's the application? Defining things in terms of IP addresses makes no sense when they're just being refreshed and renewed every time you change pods. So yeah, Kubernetes changes the requirements on networking visibility and on firewalling as well, on network policy, and that, I think, is you don't have to use eBPF to create those tools, but eBPF is a really powerful and efficient platform for implementing those tools, as we see in Cilium.Corey: The only competitor I found to it that gives a reasonable explanation of why random things are transferring multiple petabytes between each other in the middle of the night has been oral tradition, where I'm talking to people who've been around there for a while. It's, “So, I'm seeing this weird traffic pattern at these times a day. Any idea what that might be?” And someone will usually perk up and say, “Oh, is it—” whatever job that they're doing. Great. That gives me a direction to go in.But especially in this era of layoffs and as environments exist for longer and longer, you have to turn into a bit of a data center archaeologist. That remains insufficient, on some level. And some level, I'm annoyed with trying to understand or needing to use tooling like this that is honestly this powerful and this customizable, and yes, on some level, this complex in order to get access to that information in a meaningful sense. But on the other, I'm glad that that option is at least there for a lot of workloads.Liz: Yeah. I think, you know, that speaks to the power of this new generation of tooling. And the same kind of applies to security forensics, as well, where you might have an enormous stream of events, but unless you can tie those events back to specific Kubernetes identities, which you can use eBPF-based tooling to do, then how do you—the forensics job of tying back where did that event come from, what was the container that was compromised, it becomes really, really difficult. And eBPF tools—like Cilium has a sub-project called Tetragon that is really good at this kind of tying events back to the Kubernetes pod or whether we want to know what node it was running on what namespace or whatever. That's really useful forensic information.Corey: Talk to me a little bit about how broadly applicable it is. Because from my understanding from our last conversation, when you were on the show a year or so ago, if memory serves, one of the powerful aspects of it was very similar to what I've seen some of Brendan Gregg's nonsense doing in his kind of various talks where you can effectively write custom programming on the fly and it'll tell you exactly what it is that you need. Is this something that can be instrument once and then effectively use it for basically anything, [OTEL 00:16:11]-style, or instead, does it need to be effectively custom configured every time you want to get a different aspect of information out of it?Liz: It can be both of those things.Corey: “It depends.” My least favorite but probably the most accurate answer to hear.Liz: [laugh]. But I think Brendan did a really great—he's done many talks talking about how powerful BPF is and built lots of specific tools, but then he's also been involved with Bpftrace, which is kind of like a language for—a high-level language for saying what it is that you want BPF to trace out for you. So, a little bit like, I don't know, awk but for events, you know? It's a scripting language. So, you can have this flexibility.And with something like Bpftrace, you don't have to get into the weeds yourself and do kernel programming, you know, in eBPF programs. But also there's gainful employment to be had for people who are interested in that eBPF kernel programming because, you know, I think there's just going to be a whole range of more tools to come, you know>? I think we're, you know, we're seeing some really powerful tools with Cilium and Pixie and [Parker 00:17:27] and Kepler and many other tools and projects that are using eBPF. But I think there's also a whole load of more to come as people think about different ways they can apply eBPF and instrument different parts of an overall system.Corey: We're doing this over audio only, but behind me on my wall is one of my least favorite gifts ever to have been received by anyone. Mike, my business partner, got me a thousand-piece puzzle of the Kubernetes container landscape where—Liz: [laugh].Corey: This diagram is psychotic and awful and it looks like a joke, except it's not. And building that puzzle was maddening—obviously—but beyond that, it was a real primer in just how vast the entire container slash Kubernetes slash CNCF landscape really is. So, looking at this, I found that the only reaction that was appropriate was a sense of overwhelmed awe slash frustration, I guess. It's one of those areas where I spend a lot of time focusing on drinking from the AWS firehose because they have a lot of products and services because their product strategy is apparently, “Yes,” and they're updating these things in a pretty consistent cadence. Mostly. And even that feels like it's multiple full-time jobs shoved into one.There are hundreds of companies behind these things and all of them are in areas that are incredibly complex and difficult to go diving into. EBPF is incredibly powerful, I would say ridiculously so, but it's also fiendishly complex, at least shoulder-surfing behind people who know what they're doing with it has been breathtaking, on some level. How do people find themselves in a situation where doing a BPF deep dive make sense for them?Liz: Oh, that's a great question. So, first of all, I'm thinking is there an AWS Jigsaw as well, like the CNCF landscape Jigsaw? There should be. And how many pieces would it have? [It would be very cool 00:19:28].Corey: No, because I think the CNCF at one point hired a graphic designer and it's unclear that AWS has done such a thing because their icons for services are, to be generous here, not great. People have flashcards that they've built for is what services does logo represent? Haven't a clue, in almost every case because I don't care in almost every case. But yeah, I've toyed with the idea of doing it. It's just not something that I'd ever want to have my name attached to it, unfortunately. But yeah, I want someone to do it and someone else to build it.Liz: Yes. Yeah, it would need to refresh every, like, five minutes, though, as they roll out a new service.Corey: Right. Because given that it appears from the outside to be impenetrable, it's similar to learning VI in some cases, where oh, yeah, it's easy to get started with to do this trivial thing. Now, step two, draw the rest of the freaking owl. Same problem there. It feels off-putting just from a perspective of you must be at least this smart to proceed. How do you find people coming to it?Liz: Yeah, there is some truth in that, in that beyond kind of Hello World, you quite quickly start having to do things with kernel data structures. And as soon as you're looking at kernel data structures, you have to sort of understand, you know, more about the kernel. And if you change things, you need to understand the implications of those changes. So, yeah, you can rapidly say that eBPF programming is kernel programming, so why would anybody want to do it? The reason why I do it myself is not because I'm a kernel programmer; it's because I wanted to really understand how this is working and build up a mental model of what's happening when I attach a program to an event. And what kinds of things can I do with that program?And that's the sort of exploration that I think I'm trying to encourage people to do with the book. But yes, there is going to be at some point, a pretty steep learning curve that's kernel-related but you don't necessarily need to know everything in order to really have a decent understanding of what eBPF is, and how you might, for example—you might be interested to see what BPF programs are running on your existing system and learn why and what they might be doing and where they're attached and what use could that be.Corey: Falling down that, looking at the process table once upon a time was a heck of an education, one week when I didn't have a lot to do and I didn't like my job in those days, where, “Oh, what is this Avahi daemon that constantly running? MDNS forwarding? Who would need that?” And sure enough, that tickled something in the back of my mind when I wound up building out my networking box here on top of BSD, and oh, yeah, I want to make sure that I can still have discovery work from the IoT subnet over to whatever it is that my normal devices live. Ah, that's what that thing always running for. Great for that one use case. Almost never needed in other cases, but awesome. Like, you fire up a Raspberry Pi. It's, “Why are all these things running when I'm just want to have an embedded device that does exactly one thing well?” Ugh. Computers have gotten complicated.Liz: I know. It's like when you get those pop-ups on—well certainly on Mac, and you get pop-ups occasionally, let's say there's such and such a daemon wants extra permissions, and you think I'm not hitting that yes button until I understand what that daemon is. And it turns out, it's related, something completely innocuous that you've actually paid for, but just under a different name. Very annoying. So, if you have some kind of instrumentation like tracing or logging or security tooling that you want to apply to all of your containers, one of the things you can use is a sidecar container approach. And in Kubernetes, that means you inject the sidecar into every single pod. And—Corey: Yes. Of course, the answer to any Kubernetes problem appears to be have you tried running additional containers?Liz: Well, right. And there are challenges that can come from that. And one of the reasons why you have to do that is because if you want a tool that has visibility over that container that's inside the pod, well, your instrumentation has to also be inside the pod so that it has visibility because your pod is, by design, isolated from the host it's running on. But with eBPF, well eBPF is in the kernel and there's only one kernel, however many containers were running. So, there is no kind of isolation between the host and the containers at the kernel level.So, that means if we can instrument the kernel, we don't have to have a separate instance in every single pod. And that's really great for all sorts of resource usage, it means you don't have to worry about how you get those sidecars into those pods in the first place, you know that every pod is going to be instrumented if it's instrumented in the kernel. And then for service mesh, service mesh usually uses a sidecar as a Layer 7 Proxy injected into every pod. And that actually makes for a pretty convoluted networking path for a packet to sort of go from the application, through the proxy, out to the host, back into another pod, through another proxy, into the application.What we can do with eBPF, we still need a proxy running in userspace, but we don't need to have one in every single pod because we can connect the networking namespaces much more efficiently. So, that was essentially the basis for sidecarless service mesh, which we did in Cilium, Istio, and now we're using a similar sort of approach with Ambient Mesh. So that, again, you know, avoiding having the overhead of a sidecar in every pod. So that, you know, seems to be the way forward for service mesh as well as other types of instrumentation: avoiding sidecars.Corey: On some level, avoiding things that are Kubernetes staples seems to be a best practice in a bunch of different directions. It feels like it's an area where you start to get aligned with the idea of service meesh—yes, that's how I pluralize the term service mesh and if people have a problem with that, please, it's imperative you've not send me letters about it—but this idea of discovering where things are in a variety of ways within a cluster, where things can talk to each other, when nothing is deterministically placed, it feels like it is screaming out for something like this.Liz: And when you think about it, Kubernetes does sort of already have that at the level of a service, you know? Services are discoverable through native Kubernetes. There's a bunch of other capabilities that we tend to associate with service mesh like observability or encrypted traffic or retries, that kind of thing. But one of the things that we're doing with Cilium, in general, is to say, but a lot of this is just a feature of the networking, the underlying networking capability. So, for example, we've got next generation mutual authentication approach, which is using SPIFFE IDs between an application pod and another application pod. So, it's like the equivalent of mTLS.But the certificates are actually being passed into the kernel and the encryption is happening at the kernel level. And it's a really neat way of saying we don't need… we don't need to have a sidecar proxy in every pod in order to terminate those TLS connections on behalf of the application. We can have the kernel do it for us and that's really cool.Corey: Yeah, at some level, I find that it still feels weird—because I'm old—to have this idea of one shared kernel running a bunch of different containers. I got past that just by not requiring that [unintelligible 00:27:32] workloads need to run isolated having containers run on the same physical host. I found that, for example, running some stuff, even in my home environment for IoT stuff, things that I don't particularly trust run inside of KVM on top of something as opposed to just running it as a container on a cluster. Almost certainly stupendous overkill for what I'm dealing with, but it's a good practice to be in to start thinking about this. To my understanding, this is part of what AWS's Firecracker project starts to address a bit more effectively: fast provisioning, but still being able to use different primitives as far as isolation boundaries go. But, on some level, it's nice to not have to think about this stuff, but that's dangerous.Liz: [laugh]. Yeah, exactly. Firecracker is really nice way of saying, “Actually, we're going to spin up a whole VM,” but we don't ne—when I say ‘whole VM,' we don't need all of the things that you normally get in a VM. We can get rid of a ton of things and just have the essentials for running that Lambda or container service, and it becomes a really nice lightweight solution. But yes, that will have its own kernel, so unlike, you know, running multiple kernels on the same VM where—sorry, running multiple containers on the same virtual machine where they would all be sharing one kernel, with Firecracker you'll get a kernel per instance of Firecracker.Corey: The last question I have for you before we wind up wrapping up this episode harkens back to something you said a little bit earlier. This stuff is incredibly technically nuanced and deep. You clearly have a thorough understanding of it, but you also have what I think many people do not realize is an orthogonal skill of being able to articulate and explain those complex concepts simply an approachably, in ways that make people understand what it is you're talking about, but also don't feel like they're being spoken to in a way that's highly condescending, which is another failure mode. I think it is not particularly well understood, particularly in the engineering community, that there are—these are different skill sets that do not necessarily align congruently. Is this something you've always known or is this something you've figured out as you've evolved your career that, oh I have a certain flair for this?Liz: Yeah, I definitely didn't always know it. And I started to realize it based on feedback that people have given me about talks and articles I'd written. I think I've always felt that when people use jargon or they use complicated language or they, kind of, make assumptions about how things are, it quite often speaks to them not having a full understanding of what's happening. If I want to explain something to myself, I'm going to use straightforward language to explain it to myself [laugh] so I can hold it in my head. And I think people appreciate that.And you can get really—you know, you can get quite in-depth into something if you just start, step by step, build it up, explain everything as you go along the way. And yeah, I think people do appreciate that. And I think people, if they get lost in jargon, it doesn't help anybody. And yeah, I very much appreciate it when people say that, you know, they saw a talk or they read something I wrote and it meant that they finally grokked whatever that concept was that that I was trying to explain. I will say at the weekend, I asked ChatGPT to explain DNS in the style of Liz Rice, and it started off, it was basically, “Hello there. I'm Liz Rice and I'm here to explain DNS in very simple terms.” I thought, “Okay.” [laugh].Corey: Every time I think I've understood DNS, there's another level to it.Liz: I'm pretty sure there is a lot about DNS that I don't understand, yeah. So, you know, there's always more to learn out there.Corey: There's certainly is. I really want to thank you for taking time to speak with me today about what you're up to. Where's the best place for people to find you to learn more? And of course, to buy the book.Liz: Yeah, so I am Liz Rice pretty much everywhere, all over the internet. There is a GitHub repo that accompanies the books that you can find that on GitHub: lizRice/learning-eBPF. So, that's a good place to find some of the example code, and it will obviously link to where you can download the book or buy it because you can pay for it; you can also download it from Isovalent for the price of your contact details. So, there are lots of options.Corey: Excellent. And we will, of course, put links to that in the [show notes 00:32:08]. Thank you so much for your time. It's always great to talk to you.Liz: It's always a pleasure, so thanks very much for having me, Corey.Corey: Liz Rice, Chief Open Source Officer at Isovalent. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment that you have somehow discovered this episode by googling for knitting projects.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Cloud Security Podcast
Network Security for Kubernetes

Cloud Security Podcast

Play Episode Listen Later Apr 16, 2023 40:11


Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the third episode in this series, we spoke to Liz Rice ( Liz's Linkedin⁠). Liz Rice from Isovalent speaks about how Network Security can be done in Kubernetes. Kubernetes network security with eBPF, Cilium can be raised to be better than selinux seccomp tcpdump - yes the linux networking security tools. Yes you read that right. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: ⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠ FREE CLOUD BOOTCAMPs on ⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠) Guest Socials: Andrew Martin (⁠⁠Andrew's Linkedin⁠⁠) Podcast Twitter - ⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠ ⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠ - ⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions (00:00) Introduction (00:15) A word from our sponsor snyk.io/csp (03:36) A bit about Liz Rice (04:36) Liz's path into Cloud Native (06:22) What is EBPF? (08:12) Use case for EBPF in on premise (10:37) SC Linux and EBPF (11:28) Why we are solving this now with Kubernetes? (13:22) EBPF in managed vs unmanaged Kubernetes? (15:37) Implementation of EBPF (17:38) Access Management and Network Security (21:02) Challenges with multi cluster Kubernetes deployment (24:03) Key management in multi cluster (25:11) Current gaps in Kubernetes security (27:41) Developer first in the cloud native space (32:47) The future of EBPF (34:36) Where can you learn more about EBPF (36:25) The fun questions See you at the next episode!

Paul's Security Weekly
ASW #235 - Liz Rice

Paul's Security Weekly

Play Episode Listen Later Apr 5, 2023 71:50


Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.   Segment Resources:  Download "Learning eBPF": https://isovalent.com/learning-ebpf   Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/   BingBang and Azure, Super FabriXss and Azure, reversing the 3CX trojan on macOS, highlights from Real World Crypto, fun GPT prompts, and a secure code game   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw235

Paul's Security Weekly TV
Learning eBPF - Liz Rice - ASW #235

Paul's Security Weekly TV

Play Episode Listen Later Apr 4, 2023 38:26


Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.   Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf  Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw235

Application Security Weekly (Audio)

Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.   Segment Resources:  Download "Learning eBPF": https://isovalent.com/learning-ebpf   Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/   BingBang and Azure, Super FabriXss and Azure, reversing the 3CX trojan on macOS, highlights from Real World Crypto, fun GPT prompts, and a secure code game   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw235

Packet Pushers - Full Podcast Feed
Kubernetes Unpacked 022: Kubernetes Networking And Abstraction With Cilium And eBPF

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Mar 30, 2023 30:52


In this episode, Michael catches up with Stephane Karagulmez, Senior Solution Architect at Isovalent (founded by the creators of Cilium). Michael spent a lot of time working with Cilium, which is open-source software that provides networking and observability capabilities for Kubernetes workloads. Cilium is based on another open-source project, eBFP. It's important to understand the details and performance changes when implementing eBPF and removing kube-proxy.

Packet Pushers - Full Podcast Feed
Kubernetes Unpacked 022: Kubernetes Networking And Abstraction With Cilium And eBPF

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Mar 30, 2023 30:52


In this episode, Michael catches up with Stephane Karagulmez, Senior Solution Architect at Isovalent (founded by the creators of Cilium). Michael spent a lot of time working with Cilium, which is open-source software that provides networking and observability capabilities for Kubernetes workloads. Cilium is based on another open-source project, eBFP. It's important to understand the details and performance changes when implementing eBPF and removing kube-proxy. The post Kubernetes Unpacked 022: Kubernetes Networking And Abstraction With Cilium And eBPF appeared first on Packet Pushers.

Packet Pushers - Fat Pipe
Kubernetes Unpacked 022: Kubernetes Networking And Abstraction With Cilium And eBPF

Packet Pushers - Fat Pipe

Play Episode Listen Later Mar 30, 2023 30:52


In this episode, Michael catches up with Stephane Karagulmez, Senior Solution Architect at Isovalent (founded by the creators of Cilium). Michael spent a lot of time working with Cilium, which is open-source software that provides networking and observability capabilities for Kubernetes workloads. Cilium is based on another open-source project, eBFP. It's important to understand the details and performance changes when implementing eBPF and removing kube-proxy.

Packet Pushers - Fat Pipe
Kubernetes Unpacked 022: Kubernetes Networking And Abstraction With Cilium And eBPF

Packet Pushers - Fat Pipe

Play Episode Listen Later Mar 30, 2023 30:52


In this episode, Michael catches up with Stephane Karagulmez, Senior Solution Architect at Isovalent (founded by the creators of Cilium). Michael spent a lot of time working with Cilium, which is open-source software that provides networking and observability capabilities for Kubernetes workloads. Cilium is based on another open-source project, eBFP. It's important to understand the details and performance changes when implementing eBPF and removing kube-proxy. The post Kubernetes Unpacked 022: Kubernetes Networking And Abstraction With Cilium And eBPF appeared first on Packet Pushers.

Kubernetes Unpacked
Kubernetes Unpacked 022: Kubernetes Networking And Abstraction With Cilium And eBPF

Kubernetes Unpacked

Play Episode Listen Later Mar 30, 2023 30:52


In this episode, Michael catches up with Stephane Karagulmez, Senior Solution Architect at Isovalent (founded by the creators of Cilium). Michael spent a lot of time working with Cilium, which is open-source software that provides networking and observability capabilities for Kubernetes workloads. Cilium is based on another open-source project, eBFP. It's important to understand the details and performance changes when implementing eBPF and removing kube-proxy.

linkmeup. Подкаст про IT и про людей

Вы когда-нибудь задумывались о том, как устроена сеть внутри куберах? Все вот эти поды, неймспейсы, ингрессы - они же какими-то виртуальными кабелями друг с другом провязаны? Calico, Cilium, kube-router - такие слова отталкивают мужчин. Главная задача этого подкаста - донести, что сети в кубере ничем не отличаются от любых других сетей. Всё, что настраивается в k8s и разных его компонентах так или иначе превращается в конфигурацию классического линуксового сетевого стека. Слушаем. Кто: Григорий Рочев, Главный инженер Rimsol Илья Шестопалов. Инженер Яндекс Про что: Архитектура Kuberntes; Как устроена сеть в kubernetes? Что такое CNI и kube-proxy? Обязательны ли они в Kubernetes? Разберём на примерах с Сalico, Сillim и Kube-router; Kuberntes NetworkPolicy vs вендорские NetworkPolicy; Что такое ingress-controller? Обязателен ли он в kuberntes? И особенности load balancing в Kuberntes; Как выбрать правильный размер подсети для вашего кластера Kubernetes? Задать ваш вопрос можно тут: https://forms.gle/viGrzLQX3SLGYfEJA Сообщение telecom №121. Сеть в k8s появились сначала на linkmeup.

DevOps and Docker Talk
Cilium and eBPF with Liz Rice

DevOps and Docker Talk

Play Episode Listen Later Oct 28, 2022 55:09


Bret is joined by Liz Rice, Chief Open Source Officer at Isovalent, the makers of Cilium, to discuss Cilium and eBPF. Liz Rice is back to give us more insight into eBPF and the Cilium project. Isovalent is the company that created and manages the Cilium Project, which does an increasing number of things for Kubernetes, including networking, CNI support, security, advanced networking stuff, and observability, as well as other things like load balancing. Liz is one of my go-to experts on how low-level Linux internals work. She's been speaking about container internals since the early days of Docker.Streamed live on YouTube on September 8, 2022.Unedited live recording of this show on YouTube (Ep #183)★Topics★Cilium websiteIsovalent websiteeBPFNetwork Policy Editor★Liz Rice★Liz Rice on TwitterLiz Rice's websiteBooks on Containers, eBPF, Kubernetes and Go★Join my Community★ Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com ★ Support this podcast on Patreon ★

Intelligent Design the Future
BEHE COUNTERS THE BEST OBJECTIONS TO IRREDUCIBLE COMPLEXITY AND ID, PT. 2

Intelligent Design the Future

Play Episode Listen Later Sep 21, 2022 27:18


Today's ID the Future continues A Mousetrap for Darwin author Michael Behe's conversation with philosopher Pat Flynn, focused on some of the more substantive objections to Behe's case for intelligent design in biology. In this segment the pair discuss the bacterial flagellum, the cilium, and the blood clotting cascade, and tackle critiques from Alvin Plantinga, Graham Oppy, Russell Doolittle, Kenneth Miller, and others. This interview is posted here by permission of Pat Flynn. Source

Packet Pushers - Full Podcast Feed
Day Two Cloud 160: Going Deep Into Cilium Service Mesh With eBPF

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Aug 24, 2022 51:04


Today on the Day Two Cloud podcast we go deep on the Cilium service mesh, including a packet walk that takes us from packet ingestion all the way through a Kubernetes cluster. We also talk about how Cilium eBPF differs from other sidecar proxies and the potential performance and observability gains. Strap on your propeller beanie as we try to keep up with guest is Thomas Graf, a co-creator of Cilium and CTO of Isovalent.

Packet Pushers - Full Podcast Feed
Day Two Cloud 160: Going Deep Into Cilium Service Mesh With eBPF

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Aug 24, 2022 51:04


Today on the Day Two Cloud podcast we go deep on the Cilium service mesh, including a packet walk that takes us from packet ingestion all the way through a Kubernetes cluster. We also talk about how Cilium eBPF differs from other sidecar proxies and the potential performance and observability gains. Strap on your propeller beanie as we try to keep up with guest is Thomas Graf, a co-creator of Cilium and CTO of Isovalent. The post Day Two Cloud 160: Going Deep Into Cilium Service Mesh With eBPF appeared first on Packet Pushers.

Packet Pushers - Fat Pipe
Day Two Cloud 160: Going Deep Into Cilium Service Mesh With eBPF

Packet Pushers - Fat Pipe

Play Episode Listen Later Aug 24, 2022 51:04


Today on the Day Two Cloud podcast we go deep on the Cilium service mesh, including a packet walk that takes us from packet ingestion all the way through a Kubernetes cluster. We also talk about how Cilium eBPF differs from other sidecar proxies and the potential performance and observability gains. Strap on your propeller beanie as we try to keep up with guest is Thomas Graf, a co-creator of Cilium and CTO of Isovalent.

Packet Pushers - Fat Pipe
Day Two Cloud 160: Going Deep Into Cilium Service Mesh With eBPF

Packet Pushers - Fat Pipe

Play Episode Listen Later Aug 24, 2022 51:04


Today on the Day Two Cloud podcast we go deep on the Cilium service mesh, including a packet walk that takes us from packet ingestion all the way through a Kubernetes cluster. We also talk about how Cilium eBPF differs from other sidecar proxies and the potential performance and observability gains. Strap on your propeller beanie as we try to keep up with guest is Thomas Graf, a co-creator of Cilium and CTO of Isovalent. The post Day Two Cloud 160: Going Deep Into Cilium Service Mesh With eBPF appeared first on Packet Pushers.

The Changelog
The power of eBPF

The Changelog

Play Episode Listen Later Aug 14, 2022 64:53 Transcription Available


eBPF is a revolutionary kernel technology that has lit the cloud native world on fire. If you're going to have one person explain the excitement, that person would be Liz Rice. Liz is the COSO at Isovalent, creators of the open source Cilium project and pioneers of eBPF tech. On this episode Liz tells Jerod all about the power of eBPF, where it came from, what kind of new applications its enabling, and who is building the next generation of networking, security, and observability tools with it.

The Kubelist Podcast
Ep. #30, Cilium and eBPF with Thomas Graf of Isovalent

The Kubelist Podcast

Play Episode Listen Later Aug 10, 2022 67:26


In episode 30 of The Kubelist Podcast, Marc Campbell and Benjie De Groot speak with Thomas Graf, Co-Founder and CTO of Isovalent. This conversation includes a deep dive on eBPF, the origins of Cilium and the lessons learned while creating it in the open, and insights on kernel development.

Cloud Native in 15 Minutes
Command lines and Kernels, Tanzu Application Platform 1.2

Cloud Native in 15 Minutes

Play Episode Listen Later Aug 1, 2022 42:40


Tanzu Talk is back! Your new hosts are Coté, Ed, and Ben. In this episode we cover recent news in the cloud native world, plus highlights from the recent Tanzu Application Release. Plus, light discussion of the political climate in Star Trek versus Star Wars as it represents programming philosophy. Watch the original live-streamed video if you're into that kind of thing.   People: @cote, @egrigson, and @benbravo73.   Links: Ed's Most Thrilling News from Last Week™ Azure Developer CLI (azd). Mirantis acquires amazee.io. Cilium 1.12 GA. Tanzu Application Platform 1.2 highlights, video overview, release notes. Supply chain integrations, like Snyk scanning (beta). Full IDE lifecycle - create, update, delete (video)

Packet Pushers - Full Podcast Feed
Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Jul 25, 2022 44:12


Take a Network Break! This week we cover new DLP capabilities from Cato Networks, updates to the open-source Cilium project for your eBPF and service mesh needs, why Cisco is streamlining how partners can offer Webex as a managed service, and more IT news coverage.

Packet Pushers - Full Podcast Feed
Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Jul 25, 2022 44:12


Take a Network Break! This week we cover new DLP capabilities from Cato Networks, updates to the open-source Cilium project for your eBPF and service mesh needs, why Cisco is streamlining how partners can offer Webex as a managed service, and more IT news coverage. The post Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products appeared first on Packet Pushers.

Packet Pushers - Network Break
Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products

Packet Pushers - Network Break

Play Episode Listen Later Jul 25, 2022 44:12


Take a Network Break! This week we cover new DLP capabilities from Cato Networks, updates to the open-source Cilium project for your eBPF and service mesh needs, why Cisco is streamlining how partners can offer Webex as a managed service, and more IT news coverage.

Packet Pushers - Network Break
Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products

Packet Pushers - Network Break

Play Episode Listen Later Jul 25, 2022 44:12


Take a Network Break! This week we cover new DLP capabilities from Cato Networks, updates to the open-source Cilium project for your eBPF and service mesh needs, why Cisco is streamlining how partners can offer Webex as a managed service, and more IT news coverage. The post Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products appeared first on Packet Pushers.

Packet Pushers - Fat Pipe
Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products

Packet Pushers - Fat Pipe

Play Episode Listen Later Jul 25, 2022 44:12


Take a Network Break! This week we cover new DLP capabilities from Cato Networks, updates to the open-source Cilium project for your eBPF and service mesh needs, why Cisco is streamlining how partners can offer Webex as a managed service, and more IT news coverage.

Packet Pushers - Fat Pipe
Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products

Packet Pushers - Fat Pipe

Play Episode Listen Later Jul 25, 2022 44:12


Take a Network Break! This week we cover new DLP capabilities from Cato Networks, updates to the open-source Cilium project for your eBPF and service mesh needs, why Cisco is streamlining how partners can offer Webex as a managed service, and more IT news coverage. The post Network Break 391: IT Spending To Rise; Rating Your Emotional Response To Vendor Products appeared first on Packet Pushers.

Packet Pushers - Full Podcast Feed
Full Stack Journey 061: Linux Networking And Observability With eBPF And Cilium

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Dec 14, 2021 46:01


eBPF has taken the Linux networking world by storm. But what is it, exactly? And how it is related to the open-source Cilium project? Duffie Cooley joins Scott Lowe on the Full Stack Journey podcast to discuss eBPF and Cilium. If you're into Linux, networking, or Kubernetes---or any combination of these---this episode is for you!