The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Current Kubernetes networking solutions provide basic security for pod network traffic using layers 3 and 4 CIDR-based or identity-based network policies. However, there is no mechanism to assign network identities to native processes running on hosts (e.g., kubelet) or processes in pods that use the host network. Securing host processes has traditionally been done using layer 7 auth, which comes with its overhead costs and scale challenges. In this talk, Vinay presents an innovative, industry-first approach that leverages eBPF to efficiently identify, in the kernel at network layer, traffic from native host processes and pods using host network. This takes network micro-segmentation to a new level. He will explain how host process identities are transmitted on a per-packet basis, and illustrate efficient network policy enforcement for such traffic. He will discuss how this approach offers significant scalability advantages, and conclude with a demo showcasing the proposed solution.
Vinay helps solve Kubernetes networking challenges using eBPF in large-scale clusters with globally distributed workloads at eBay Cloud. Before eBay, Vinay contributed the In-Place Pod Resize feature to Kubernetes, and worked on advanced research projects in Kubernetes compute & networking... Read More →
