An additional watcher for pods (to create certs) and some code tweaks and we now have mTLS between pods. We can see before pod-01 was receiving from pod-02, and after 01 receives from 01 (the #eBPF proxy) 🐝

🎉 Congratulations to Cilium for securing the win in the Open Source Software category, sponsored by Linaro at the OpenUK Awards2024! #openukawards #opensource #opensourcesoftware

Injecting an eBPF transparent proxy, creating certs on pod start up and mTLS between standard workloads. Job done 🫡

I have blogged (well I started a few days ago, and finished off over lunch) This is the first part of writing your own service mesh, using #eBPF🐝 thebsdbox.co.uk/2024/11/30/Bui…

thebsdbox.co.uk/2024/12/02/Con… Wrote up the second part about building your own service mesh, with eBPF intercepting the traffic we need the final pieces to finish end to end connectivity 😀

Come join @raphink and myself in 40 minutes! youtube.com/watch?v=bnTloC… We will walk through building a service mesh from scratch with some eBPF (and a bit of luck) 🐝

thebsdbox.co.uk/kube-vip/ Made a manifest generator for kube-vip … quite proud of my little attempt into html/javascript.

XFRM Reference Guidefrom Cilium documentation is excellent , best place I found to explain this complex subsystem of the Linux kernel docs.cilium.io/en/latest/refe…

Stage 4 of the Tour de Zwift looks horrendous zwiftinsider.com/route/la-reine/

Though veth would seem like a perfect fit for container networking, but practitioners soon discovered it had a number bottlenecks that slowed communication rates across containers. thenewstack.io/bytedance-to-n… #NetKit The New Stack #Linux #eBPF

might be biased, but i think the work we are doing at Loophole Labs with eBPF is among some of the most interesting use-cases in the entire space youtube.com/watch?v=Y_C4Ti…

We have a blog post coming out soon where we show how outbound XDP can improve application throughput by 2x - with no changes to the host or the application.

With a fix to ephemeral containers in v1.33 in Kubernetes it’s now possible to add mTLS to an existing pod, no admission controller/webhook needed anymore. 🤩

Wow ephemeral containers allow for some funky stuff! I can easily apply a ephemeral container that intercepts traffic (with eBPF 🐝) and transparently encrypts it between pods. Doesn't show up as a container, so does that mean it isn't a sidecar 🤔

Only took 9 years

e in eBPF stands for easy

What I’m now calling egressV2 is pretty much done in kube-vip, native kernel calls and simple nftables rules should make for a much nicer experience. github.com/kube-vip/kube-…