demand. This results in a large number of application containers to be started in a short period of time. Typical container firewalls secure workloads by filtering on source IP addresses and destination In order for the entire system to come up, the following components have to be running at the same time: kube-dns or coredns cilium-xxx cilium-etcd-operator etcd-operator etcd-xxx All timeouts are configured CrashLoopBackoff, bootstrapping can be expedited by restarting the pods to reset the CrashLoopBackoff time. CoreDNS: Enable reverse lookups In order for the TLS certificates between etcd peers to work correctly

demand. This results in a large number of application containers to be started in a short period of time. Typical container firewalls secure workloads by filtering on source IP addresses and destination Cluster Mesh With Kind we can simulate Cluster Mesh in a sandbox too. Kind Configuration This time we need to create (2) config.yaml, one for each kubernetes cluster. We will explicitly configure their In order for the entire system to come up, the following components have to be running at the same time: kube-dns or coredns cilium-xxx cilium-etcd-operator etcd-operator etcd-xxx All timeouts are configured

terminal window for A-Wing, set A-wing’s coordinates: >>> client.set("awing-coord","4309.432,918.980",time=2400) True >>> client.get("awing-coord") '4309.432,918.980' In your main terminal window, have "0.0,0.0",time=2400) True >>> client.get("xwing-coord") '0.0,0.0' From A-Wing, set the X-Wing coordinates back to their proper posi�on: >>> client.set("xwing-coord","8893.34,234.3290",time=2400) True window: >>> client.get("xwing-coord") '8893.34,234.3290' >>> client.set("awing-coord","0.0,0.0",time=1200) Traceback (most recent call last): File "", line 1, in File "/usr/local/lib/python3

demand. This results in a large number of application containers to be started in a short period of time. Typical container firewalls secure workloads by filtering on source IP addresses and destination Cluster Mesh With Kind we can simulate Cluster Mesh in a sandbox too. Kind Configuration This time we need to create (2) config.yaml, one for each kubernetes cluster. We will explicitly configure their In order for the entire system to come up, the following components have to be running at the same time: kube-dns or coredns cilium-xxx cilium-operator-xxx cilium-etcd-operator etcd-operator cilium-etcd-xxx

demand. This results in a large number of application containers to be started in a short period of time. Typical container firewalls secure workloads by filtering on source IP addresses and destination efficient service-to-backend translation right in the Linux kernel’s socket layer (e.g. at TCP connect time) such that per-packet NAT operations overhead can be avoided in lower layers. Bandwidth Management Management Cilium implements bandwidth management through efficient EDT-based (Earliest Departure Time) rate-limiting with eBPF for container traffic that is egressing a node. This allows to significantly reduce

demand. This results in a large number of application containers to be started in a short period of time. Typical container firewalls secure workloads by filtering on source IP addresses and destination efficient service-to-backend translation right in the Linux kernel’s socket layer (e.g. at TCP connect time) such that per-packet NAT operations overhead can be avoided in lower layers. Bandwidth Management Management Cilium implements bandwidth management through efficient EDT-based (Earliest Departure Time) rate-limiting with eBPF for container traffic that is egressing a node. This allows to significantly reduce

demand. This results in a large number of application containers to be started in a short period of time. Typical container firewalls secure workloads by filtering on source IP addresses and destination efficient service-to-backend translation right in the Linux kernel’s socket layer (e.g. at TCP connect time) such that per-packet NAT operations overhead can be avoided in lower layers. Bandwidth Management Management Cilium implements bandwidth management through efficient EDT-based (Earliest Departure Time) rate-limiting with eBPF for container traffic that is egressing a node. This allows to significantly reduce

assembly language with a stable instruction set. eBPF programs can be loaded and upgraded in real time without the need to restart the kernel. System calls Bees of various talents took many roles in the lead. SLOW 0 0 0 0 1 1 1 1 0 1 1 1 0 0 1 1 0 0 0 0 1 0 0 1 1 0 1 0 0 1 1 0 The Just-in-Time (JIT) compilation step translates the generic bytecode of the program into the machine-specific instruction the inside and with no halt required. No more dangerous stops on hostile satellites! For the first time the crew could enjoy peace of mind. Once they had completed all pending upgrades, and then some The

2020 2 What will we be doing? 3 How are we going to do it? 4 Demo time 5 Tracing Go function with uprobes 6 Demo time 7 Conclusions ● eBPF programs can be attached to different events: ○

kernel v5.1 (off by default) – Turns on stats collection for all eBPF programs – exposes total run_time_ns and run_cnt – Use cases: – Benchmarking + CI/CD – Sampling profiler in production How does