Implementing Least Privilege Security and Networking with BPF on Kubernetes
BPF is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security, and tracing. At the same time, the rise of Kubernetes is creating demand for routing, lo …
| Talk Title | Implementing Least Privilege Security and Networking with BPF on Kubernetes |
| Speakers | Arvind Soni (Product Lead, Isovalent Inc.) |
| Conference | KubeCon + CloudNativeCon North America |
| Conf Tag | |
| Location | Seattle, WA, USA |
| Date | Dec 9-14, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
BPF is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security, and tracing. At the same time, the rise of Kubernetes is creating demand for routing, load-balancing & security infrastructure that is highly scalable, application-aware, and resilient. Microservices architectures divvy up application functionality into services and expose them via APIs using protocols such as HTTP/REST, gRPC, or Kafka. This creates new challenges. What was previously traditional Layer 3-4 networking security (limited to the IP and port level) now exposes either the entire API surface or none of it. This is insufficient to implement least privilege security for microservices. This talk introduces the open source project Cilium - built on BPF to provide Linux native networking and least privilege security for microservices while integrating with Kubernetes.
