Posts

Sessions of the Day Securing Outgoing Traffic: Building a Powerful Internet Egress Gateway for Reliable Connectivity Seeing Double? Implementing Multicast with eBPF and Cilium Testing Kubernetes Without Kubernetes: A Networking Deep Dive Thousands of Gamers, One Kubernetes Network Topology Aware Routing: Understanding the Tradeoffs Goodbye etcd! Running Kubernetes on Distributed PostgreSQL Multicast with eBPF and Cilium Cilium’s multicast support is in beta (at the time of writing). I believe the host of this talk is leading the delivery of said feature set. ...

Award Show Adobe, over 5000 contributions to CNCF projects 🥇 Capital One, cloud-native banking 🏦 Reddit, a clear member of the CNCF subreddit 😉 Today’s Sessions Yahoo’s Kubernetes Journey from on-Prem to Multi-Cloud at Scale CNCF TAG Network: Intro & Deep Dive Kubernetes SIG Meet and Greet Lunch & Learn How the Tables Have Turned: Kubernetes Says Goodbye to Iptables Kubernetes Multi-Cluster Networking 101 (IDK why I attended this 😅) Favorite Session of the Day How the Tables Have Turned ...

The main event begins! Outside of the initial advisory on combatting patent trolls and the war the CNCF is waging against them, the keynotes were underwhelming. Much sponsored AI talk. Exhibit A: The Solutions Showcase hall was massive and buzzing with traffic. Countless vendors, learning booths, research presentations. Today’s Sessions SIG Network Intro and Updates Best Friends Keep No Secrets: Going Secretless with cert-manager Cilium, eBPF, WireGuard: Can We Tame the Network Encryption Performance Gap? Life of a Packet: Ambient Edition CNI Updates and Direction! Creating Paved Paths for Platform Engineers 🪧 Poster Session (PS08): Unveiling Anomalies: eBPF-Based Detection in High-Volume Encrypted Network Traffic Session Highlights SIG Networking. Network Policy Enhancement Proposals (NPEPs) FQDN support! AdminNetworkPolicy Global “tier” ahead of NetworkPolicy No implicit deny; no match fall through Explicit Allow/Pass/Deny Implemented by Antrea, OVN, Calico, KubeOVN, kube-network-policies (Cilium in the roadmap) BaselineAdminNetworkPolicy Singleton policy Applies only if no netpols apply to workload Replaces “allow by default” Tenant Isolation Policy Assistant policy simulation tool can get policy/pods/etc from cluster nodes Had a great conversation with Casey Davenport and Shaun Crompton of Tigera about SIG dynamics and the contributor track Daniel Borkmann, one of the talents at Isovalent, showcased enhancements to Wireguard encryption performance in Cilium IPSec is more performant but harder to manage (key rotations) Wireguard is relatively simple in design (resembling that of SSH), innate auto-rotation of keys, supports L3 Cilium handles key rotations via annotations CPU pinning! Essential for consistent benchmarking. CNI Updates & Direction for 2.0! Plugin status reporting!!! 🥳 Finally, the CNI will be able to control node readiness based on IP addr exhaustion or daemon errors Device interaction standardization (attaching multiple NICs and consistent handling of device resources) Argo Ready To Drive Us, Literally ...

Starting the New Day Kickoff Highlights Standout Talks How to Use XDP and eBPF to Accelerate IPSec Throughput by 400% Live Migrating Production Clusters From Calico to Cilium Hubble Beyond Cilium Starting the New Day Much of the snow did not stick to the floor but instead my hair and jacket. 😶‍🌫️ As someone interested in eBPF, having researched and developed some eBPF programming, I was especially excited for this convention. ...

Cloud Native Rejekts is a two-day event but I unfortunately could not split my time between the two venues, especially given the distance between Kiln and the convention center. I decided to focus on WasmCon talks. The event kicked off with a Choose Your Own Adventure workshop led by the folks at Cosmonic, the presumptive pioneers of WebAssembly (Wasm). The workshop was jam packed with technologists from all around and the density was quickly felt as the wifi experience suffered tremendously. We were tasked with downloading a few tools like wash and wasm-tools to get started. The two totaled ~40MB and took me ~10min to procure. 😰 Maybe Wasm routers would have helped. 🤷🏽‍♂️😅 Once installed, we were off to the races. The provided boilerplate used TinyGo (the only golang compiler currently supported by Wasm) to walk us through writing a cute dog image generator (Rasma, you missed out! 😄). ...