small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models Installation Observability Network Policy Security Tutorials Advanced Networking Cluster Mesh Operations Istio Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility & Considerations

small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models Installation Observability Network Policy Security Tutorials Advanced Networking Cluster Mesh Operations Istio Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Security Bugs Operations System Requirements Summary Architecture Support Linux Distribution Compatibility

small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Security Datapath Failure Failure Behavior Architecture Datapath Scale Kubernetes Integration Getting Help FAQ Slack GitHub Security Bugs Integrations Kubernetes Introduction Concepts Requirements Configuration Network Policy

small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel

small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models Guides Installation Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Security Datapath Failure Failure Behavior Architecture Datapath Scale Kubernetes Integration Getting Help FAQ Slack GitHub Security Bugs Integrations Kubernetes Introduction Concepts Requirements Configuration Network Policy

small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models Guides Installa�on Security Tutorials Advanced Networking Opera�ons Is�o Other Orchestrators Concepts Component Overview Assurances Terminology Address Management Mul� Host Networking Security Architecture Datapath Datapath Scale Kubernetes Integra�on Ge�ng Help FAQ Slack GitHub Security Bugs Integra�ons Kubernetes Introduc�on Concepts Requirements Configura�on Network Policy Endpoint CRD Kubernetes Compa�bility

small Cilium setup on your laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Kubernetes Integration Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions

call, directly or through one of the available eBPF libraries. The verifier runs in a privileged context and performs static analysis to ensure that eBPF programs are safe for the kernel, or sometimes accurate That confounded darkness was repelled in a blast! eBPF can be used in conjunction with Linux Security Modules (LSM) to allow runtime instrumentation of the LSM hooks. eBPF combines seeing and understanding of all networking. This creates security systems operating with richer context and a better level of control than traditional solutions. Projects using eBPF for security purposes include Falco, Tetragon

) with policy enforcement (LSM probes) ▶ Rapid prototyping ▶ Safe production deployment of new security solutions We have an opportunity to rethink process confinement from the ground up. 3 / 7 bpfbox rules: ▶ #[directive] syntax ▶ Specify actions to be taken on a block of rules ▶ Add additional context to a block of rules 5 / 7 Our Policy Language Policy at the Function Call Level ▶ #[func " foo"

more than 150 engineers Reduce operational complexity Scalability Availability Observability Security Reliability Messaging Analytics Multi-tenancy caveats ● Single underlying infrastructure ● operational complexity ○ Infrastructure is operated by a team of 3 engineers ● Reduce costs ● Security issues ● Scalability issues Namespaces +400 Pods +10k Services +3k CPU +2k Mem +5TB kube-proxy replacement NetworkPolicy logging Multi-cluster DNS Aware NetworkPolicy Increased Istio security External Services TLS visibility Performance Kafka policies by labels