Using eBPF to Bring Kubernetes-Aware Security to the Linux Kernel – Dan Wendlandt, Isovalent
TTS
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Using eBPF to Bring Kubernetes-Aware Security to the Linux Kernel - Dan Wendlandt, Isovalent
eBPF is a powerful Linux kernel technology that has recently become available in mainstream Linux distributions, enabling radically deeper visibility into and control over many aspects of operating system behavior. In this talk, we will cover the basics of eBPF and then dive into a hands-on exploration of use cases where eBPF-based technologies like Cilium and BCC can enable security visibility and isolation well beyond what is possible with traditional Linux security primitives, Examples include: 1. Auditing the set of syscalls made by users who access pods via "kubectl exec". 2. Network visibility and access control that distinguishes between a sidecar and primary container inside a single pod. 3. API-layer visibility into inter-service connectivity, even if the connection is encrypted using TLS.
https://sched.co/MPdW
source
Gloss