Tweet
Tweet

Slide 1

Slide 1 text

Securing Networks with eBPF Magic Donia Chaiehloudj | @doniacld Senior Software Engineer, Isovalent GDG Sophia-Antipolis organiser | Women Techmaker Ambassador | Co-author of the book “Learn Go with Pocket-Sized Projects”

Slide 2

Slide 2 text

● What is eBPF? ● How eBPF works ● Use cases for eBPF ● Introducing Cilium ● Securing networks with Cilium and eBPF ● Cilium demo ● Additional Cilium capabilities ● Summary Agenda

Slide 3

Slide 3 text

What is ? @doniacld

Slide 4

Slide 4 text

What is ? extended Berkley Packet Filter @doniacld

Slide 5

Slide 5 text

What is ? extended Berkley Packet Filter @doniacld https://www.youtube.com/watch?v=Wb_vD3XZYOA

Slide 6

Slide 6 text

What is ? Makes the Linux kernel programmable @doniacld

Slide 7

Slide 7 text

Without @doniacld

Slide 8

Slide 8 text

With @doniacld

Slide 9

Slide 9 text

Run custom code in the kernel @doniacld https://ebpf.io/books/buzzing-across-space-illustrated-childrens-guide-to-ebpf.pdf

Slide 10

Slide 10 text

How works? @doniacld

Slide 11

Slide 11 text

How works? @doniacld

Slide 12

Slide 12 text

eBPF Demo @doniacld

Slide 13

Slide 13 text

github.com/cilium/ebpf @doniacld

Slide 14

Slide 14 text

Uses Cases for @doniacld

Slide 15

Slide 15 text

Uses Cases for @doniacld

Slide 16

Slide 16 text

in Kubernetes @doniacld

Slide 17

Slide 17 text

Introducing Cilium @doniacld

Slide 18

Slide 18 text

Introducing Cilium @doniacld

Slide 19

Slide 19 text

● Open source networking for Kubernetes ● Leverages eBPF for security policies ● Identity-based security model Introducing Cilium @doniacld

Slide 20

Slide 20 text

Securing networks with Cilium & eBPF ● eBPF enables identity-aware policies ● Apply security rules based on labels ● Restrict access between entities @doniacld

Slide 21

Slide 21 text

Cilium Demo @doniacld

Slide 22

Slide 22 text

Gophers around the world @doniacld

Slide 23

Slide 23 text

Cilium Network Policy @doniacld apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: name: gopher-travel-policy-allow-only-eu-to-us spec: description: "Allow gophers to travel from EU to US" endpointSelector: matchLabels: app: gopher continent: eu egressDeny: - toEndpoints: - matchLabels: continent: au egress: - toEndpoints: - matchLabels: continent: us

Slide 24

Slide 24 text

github.com/doniacld/cilium-gophers-demo @doniacld

Slide 25

Slide 25 text

Kubernetes Network Policy vs Cilium Network Policy @doniacld

Slide 26

Slide 26 text

Thank you! ebpf.io @ciliumproject @isovalent Let’s connect @doniacld

Slide 27

Slide 27 text

Learn more! Hardened, enterprise-grade eBPF-powered networking, observability, and security. For the Enterprise isovalent.com/product isovalent.com/labs eBPF-based Networking, Observability, Security OSS Community cilium.io cilium.slack.com The revolution in the Linux kernel, safely and efficiently extending the capabilities of the kernel. Base technology ebpf.io What is eBPF? - ebook Regular news