![]() Multicloud environments where workloads can seamlessly migrate isn’t “some pie-in-the-sky notion,” he said. Wendlandt underscored the fact that Kubernetes promises consistency in life-cycle application workloads regardless of underlying infrastructure. “It is really not an exaggeration to say that eBPF will change every aspect of how modern workloads run on any and all Linux platforms,” said Wendlandt. Organizations are also looking to use eBPF to measure and enforce software supply chain security and workload profiling. ![]() But demand prompted expansion to network observability ( Hubble), runtime security observability and enforcement ( Tetragon) and Cilium Service Mesh. The technology initially focused on Kubernetes networking and security use cases such as connectivity, load-balancing and firewalling, said Wendlandt. Meeting modern workload needsĪnd Cilium continues to evolve. “Cilium provides a consistent way to connect, secure and observe workloads across any type of underlying multicloud infrastructure,” said Wendlandt. Still, he described it as a “very low-level technology.” Cilium’s open-source community ultimately makes eBPF consumable, he said. “eBPF allows us to teach Linux to identify and properly connect, load-balance, firewall, and monitor these containerized workloads in a way that would never be scalable or performant using the legacy Linux networking,” said Wendlandt. The world looks “drastically different” when Linux is used as the foundation for Kubernetes infrastructure, Wendlandt said, with hundreds of containers running on each node and rapidly appearing and disappearing as workloads life-cycle via automated continuous integration/continuous delivery (CI/CD) pipelines. Without it, the networking stack within Linux is largely composed of code that hasn’t changed much in 20 years, he said, and that was designed in an era when Linux was either running on a standalone server or a network appliance connecting static services. “eBPF essentially allows us to teach the Linux kernel new tricks,” he said. Making eBPF consumableĮBPF, without a doubt, has fueled Cilum’s rapid rise, said Wendlandt. “This technological leap enables Isovalent to provide rich context and insight for security and operator teams,” said Wendlandt. This runs directly in the Linux kernel alongside each application workload. Similarly, their focus on traditional packet-layer identity means they can’t understand service-identity and API-call details in modern workloads.Ĭilium addresses these challenges by providing a multicloud and on-premises connectivity fabric that is secure and observable. ![]() Such devices then become bottlenecks, given the explosion of API-communication between modern applications. Not only does Kubernetes not have built-in capabilities to tackle these problems, but traditional network infrastructure devices - firewalls, network load-balancers, network monitoring devices - are also limited in closing gaps, said Wendlandt.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |