KCD Lima: eBee in Peru!

Liz Rice eBee in Peru! Chief Open Source Ofﬁcer, Isovalent
at Cisco

¡Hola! Me llamo Liz 👋 • Open source and community
at Isovalent, now part of Cisco • Author Learning eBPF & Container Security • Formerly CNCF Governing Board, chair of Technical Oversight Committee • Early career writing network protocol code

This is eBee

What is ? Makes the kernel programmable

userspace kernel app event eBPF program system calls - run
custom code in the kernel

userspace kernel app eBPF program eBPF Verifier system calls -
safely run custom code in the kernel 🔍

Photo: Smishra1 CC BYSA 4.0 One day in July 2024

✅ Open Source, many contributors ✅ Field-hardened The verifier is
software too Much reduced chance of a kernel crash

Like Inca walls, eBPF is Robust Good for security Takes
skill to build

Incas built incredible things together Ayni - reciprocal work Mita
- required work on state projects Minka - work for the benefit of the community

Sometimes Incas had to make bug fixes

Incas upgraded to avoid vulnerabilities Rebuilding rope bridges every year
Photo by Marcos Venteo:

eBPF is the foundation for powerful Cloud Native tools for
networking, observability and security

Chasquis - messenger runners Fit and trained to run long
distances Relay system - up to 300km / day Incas had networking

Controls on people and goods as they passed through checkpoints
Incas had network policies

Incas had encrypted data traffic Quipus - knotted strings

Incas had observability hubble Observation points high up

Incas had security Walls Narrow staircases Gates with doors Armed
guards

Did the Incas have Tetragon?

apiVersion: cilium.io/v1alpha1 kind: TracingPolicy metadata: name: "inca" spec: kprobes: -
call: "security_file_permission" ... selectors: - matchArgs: - index: 0 operator: "Equal" values: - "/lost_city_of_inca.txt" matchActions: - action: Sigkill 🚀 process 021c177557f5 /usr/bin/cat /lost_city_of_inca.txt 📚 read 021c177557f5 /usr/bin/cat /lost_city_of_inca.txt 💥 exit 021c177557f5 /usr/bin/cat /lost_city_of_inca.txt SIGKILL Did the Incas have Tetragon?

Muchas gracias! ebpf.io cilium.io tetragon.io isovalent.com/labs

KCD Lima: eBee in Peru!

KCD Lima: eBee in Peru!

Liz Rice

More Decks by Liz Rice

Other Decks in Technology

Featured

Transcript

Liz Rice eBee in Peru! Chief Open Source Ofﬁcer, Isovalent

¡Hola! Me llamo Liz 👋 • Open source and community

This is eBee

What is ? Makes the kernel programmable

userspace kernel app event eBPF program system calls - run

userspace kernel app eBPF program eBPF Verifier system calls -

Photo: Smishra1 CC BYSA 4.0 One day in July 2024

✅ Open Source, many contributors ✅ Field-hardened The verifier is

Like Inca walls, eBPF is Robust Good for security Takes

Incas built incredible things together Ayni - reciprocal work Mita

Sometimes Incas had to make bug fixes

Incas upgraded to avoid vulnerabilities Rebuilding rope bridges every year

eBPF is the foundation for powerful Cloud Native tools for

Chasquis - messenger runners Fit and trained to run long

Controls on people and goods as they passed through checkpoints

Incas had encrypted data traffic Quipus - knotted strings

Incas had observability hubble Observation points high up

Incas had security Walls Narrow staircases Gates with doors Armed

Did the Incas have Tetragon?

apiVersion: cilium.io/v1alpha1 kind: TracingPolicy metadata: name: "inca" spec: kprobes: -

Muchas gracias! ebpf.io cilium.io tetragon.io isovalent.com/labs