Weaveworks, profile picture
Uploaded byWeaveworks
78 views

Robust Network Security and Observability with GitOps and Cilium

The document discusses a webinar featuring experts from Weaveworks and Isovalent, focusing on robust network security and observability through GitOps and Cilium. It emphasizes the importance of GitOps for Kubernetes users and highlights various services and tools offered by Weaveworks, including continuous application delivery and advanced security measures. Additionally, it introduces Cilium as a powerful networking solution utilizing eBPF for enhanced security and visibility in cloud-native environments.

Download to read offline
1 Confidential do not distribute Robust Network Security and Observability with GitOps and Cilium In partnership with:
2 2 Webinar Platform - FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
3 3 Lutz Lange Solutions Architect, Weaveworks Lutz is a Solution Architect at Weaveworks. He lives in Berlin and has a long history in the Container, Kubernetes and Cloud Native space. He was one of the 1st attendees in Google's Kubernetes Training program back when Kubernetes was in its infancy. He has also worked at Red Hat, Instana, Pivotal and VMware and thinks that GitOps is something every serious user of Kubernetes needs. Speaker introduction Raphaël Pinson Solutions Architect, Isovalent Raphaël is a Solutions Architect with Cloud Native networking and security specialists Isovalent, creators of the Cilium eBPF-based networking project. He works on Cilium, Hubble & Tetragon and the future of Cloud-Native networking & security using eBPF. An early adopter of the DevOps principle, he has been a practitioner of Configuration Management and Agile principles in Operations for many years, with a special involvement in the Puppet and Terraform communities over the years.
4 Weaveworks is backed by solid investors Weaveworks is a key partner with all the major infrastructure and Kubernetes vendors Weaveworks: the GitOps company Weaveworks is deeply committed to the Open Source Community
5 Confidential do not distribute 5 Battle Tested Weaveworks Approach Process Technical support Customer Reliability Engineering (CRE) ● Weaveworks approved expertise in Gitops, kubernetes & cloud native ● “Virtual” SRE ● Traditionally embeds in customers team ● Long term technical resourcing (6 month or 12 Months) Weave GitOps Services Weave GitOps Enterprise ● Curated platform- Clusters on-demand & Application Deployment ● Run Anywhere on any K8 platform ● Integrated security & Policy & Governance ● 24/7 Support Consulting, Professional Services, Training ● Workshops ○ Design, build, operate and Optimize ● POC Delivery ● Training ○ Skills Development ● Time and materials ○ Day Rate CAPABILITIES Reconciliation loop Monitor specific events in Git – repos, branches and/or folders Simple profile bootstrap Setup, provision and operate a custom, production-ready cluster Application management UI immediately detect drift between states as well as cluster health problems. Cluster fleet management Reuse cluster templates easily from git Team Management & Governance Segment responsibilities and enforce change control policies Advanced Security RBAC, Single Sign On (SSO)
6 Confidential do not distribute 6 Continuous Application Delivery - use GitOps to deploy and operate applications. Automation increases deployment velocity and developer productivity. Weave GitOps - Use Cases Kubernetes Everywhere - in the cloud or the datacenter Kubernetes is a universal platform that’s easy to manage with GitOps. DevOps Automation - Lifecycle management of the entire platform. All clusters and services, using automation and policy. 1 4 2 5 3 6 Self-Service Platforms - a complete platform giving developers autonomy while ensuring consistency and manageability. Trusted Delivery - shift policy and security left - governance, risk, and compliance are non-negotiable. Progressive Delivery - deploy services across many environments and regions reliably using GitOps
7 Confidential do not distribute 7 Weave GitOps Experience DEVELOPER EXPERIENCE • Continuous Delivery, observability, and monitoring • Consistent developer workflows across multiple deployments • Team workspaces for multi-tenanted usage OPERATOR EXPERIENCE • Extend Kubernetes to managed platform using GitOps model • An Open Source Kubernetes platform for on-premise deployment • Additive to manage Kubernetes (e.g., EKS, AKS or GKE) • Upgrades to new versions • Extensible controls to implement security and policy controls
8 Confidential do not distribute 8 Test IDE Build GitOps – An Operating Model for Cloud Native Unifying Deployment, Monitoring and Management. Git as the single source of truth of a system’s desired state ALL intended operations are committed by pull request ALL diffs between intended and observed state with automatic convergence ALL changes are observable, verifiable and auditable Kubernetes GitOps Continuous Integration GIT “Immutability Firewall” Deployment (clusters, apps) Monitoring Logging (Observability) Management (operations)
9 App Team workspaces App Management Cluster App Leaf Cluster Profile Policy Management Management UI Weave GitOps Enterprise Kubernetes Cluster Management UI Management UI Multi Cluster Installer (CAPI) Weave GitOps Enterprise Kubernetes Weave GitOps Enterprise
Cilium & eBPF Introduction
● Open Source Projects ● Company behind Cilium ● Provides Cilium Enterprise
What is Cilium? At the foundation of Cilium is the new Linux kernel technology eBPF, which enables the dynamic insertion of powerful security, visibility, and networking control logic within Linux itself. Besides providing traditional network level security, the flexibility of BPF enables security on API and process level to secure communication within a container or pod. Read More ● Networking & Load-Balancing ○ CNI, Kubernetes Services, Multi-cluster, VM Gateway ● Network Security ○ Network Policy, Identity-based, Encryption ● Observability ○ Metrics, Flow Visibility, Service Dependency
Makes the Linux kernel programmable in a secure and efficient way. “What JavaScript is to the browser, eBPF is to the Linux Kernel”
16 Cluster Install Demo
What is Hubble?
Flow Visibility $ kubectl get pods NAME READY STATUS RESTARTS AGE tiefighter 1/1 Running 0 2m34s xwing 1/1 Running 0 2m34s deathstar-5b7489bc84-crlxh 1/1 Running 0 2m34s deathstar-5b7489bc84-j7qwq 1/1 Running 0 2m34s $ hubble observe --follow -l class=xwing # DNS lookup to coredns default/xwing:41391 (ID:16092) -> kube-system/coredns-66bff467f8-28dgp:53 (ID:453) to-proxy FORWARDED (UDP) kube-system/coredns-66bff467f8-28dgp:53 (ID:453) -> default/xwing:41391 (ID:16092) to-endpoint FORWARDED (UDP) # ... # Successful HTTPS request to www.disney.com default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: SYN) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: SYN, ACK) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: ACK, FIN) default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: RST) # ... # Blocked HTTP request to deathstar backend default/xwing:49610 (ID:16092) -> default/deathstar:80 (ID:16081) Policy denied DROPPED (TCP Flags: SYN) Flow Metadata ‒ Ethernet headers ‒ IP & ICMP headers ‒ UDP/TCP ports, TCP flags ‒ HTTP, DNS, Kafka, ... Kubernetes ‒ Pod names and labels ‒ Service names ‒ Worker node names DNS (if available) ‒ FQDN for source and destination Cilium ‒ Security identities and endpoints ‒ Drop reasons ‒ Policy verdict matches
Service Map
API-aware Authorization
Network Policy Editor
Zero Trust Security Demo namespace=raphink-0
OSS Community eBPF-based Networking, Observability, Security cilium.io cilium.slack.com Regular news Learn more about Cilium! Base technology The revolution in the Linux kernel, safely and efficiently extending the capabilities of the kernel. ebpf.io What is eBPF? - ebook For the Enterprise Hardened, enterprise-grade eBPF-powered networking, observability, and security. isovalent.com/product isovalent.com/labs
24 Confidential do not distribute 2 4 Questions? Please use the Q&A window to submit your questions.
25 Whitepaper: Shifting Security Left with GitOps and Trusted Delivery https://bit.ly/3MvzXgQ Learn more about Weave GitOps www.weave.works/enterprise Request a personal demo www.weave.works/contact Thank You
26 Confidential do not distribute 2 6 Thank you https://weave.works

More Related Content

PPTX
リアルタイムにデータを配信・変換・統合:Qlik Cloudデータ統合のご紹介
byQlikPresalesJapan
 
PDF
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
byVMworld
 
PPTX
SAP Cloud Platform SLAs and ITSM Process
bySAP Cloud Platform
 
PPTX
Qlik Cloud データカタログ機能のご紹介
byQlikPresalesJapan
 
PDF
Building DataCenter networks with VXLAN BGP-EVPN
byCisco Canada
 
PDF
Oracle Cloud Infrastructure:2021年11月度サービス・アップデート
byオラクルエンジニア通信
 
PDF
Cisco Meraki Overview
bySSISG
 
PDF
INF-018_OS の中で SDN 抗争勃発!? ~主役を争う VXLAN vs NVGRE~
bydecode2016
 
リアルタイムにデータを配信・変換・統合:Qlik Cloudデータ統合のご紹介
byQlikPresalesJapan
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
byVMworld
 
SAP Cloud Platform SLAs and ITSM Process
bySAP Cloud Platform
 
Qlik Cloud データカタログ機能のご紹介
byQlikPresalesJapan
 
Building DataCenter networks with VXLAN BGP-EVPN
byCisco Canada
 
Oracle Cloud Infrastructure:2021年11月度サービス・アップデート
byオラクルエンジニア通信
 
Cisco Meraki Overview
bySSISG
 
INF-018_OS の中で SDN 抗争勃発!? ~主役を争う VXLAN vs NVGRE~
bydecode2016
 

What's hot

PDF
Kubermatic CNCF Webinar - start.kubermatic.pdf
byLibbySchulze
 
PPTX
Using Rook to Manage Kubernetes Storage with Ceph
byCloudOps2005
 
PPTX
Hybrid Data Deliveryを活用してオンプレミスデータをQlik Cloudでリアルタイム活用!
byQlikPresalesJapan
 
PDF
How to Survive an OpenStack Cloud Meltdown with Ceph
bySean Cohen
 
PPTX
Red Hat Openshift Fundamentals.pptx
byssuser18b1c6
 
PPTX
Hashicorp Vault Open Source vs Enterprise
byStenio Ferreira
 
PDF
S108283 svc-storwize-lagos-v1905d
byTony Pearson
 
PPTX
How Kubernetes scheduler works
byHimani Agrawal
 
PDF
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
byRobb Boyd
 
PPTX
Citrix adc technical overview
byRoshan Dias
 
PDF
プライベートクラウドを支えるAMD EPYCサーバ
byTomohiro Hirano
 
PPTX
Multi cloud security architecture
byMaganathin Veeraragaloo
 
PDF
Azure IoT Edge for Linux on Windows (EFLOW)を学ぶ!
byJingun Jung
 
PPTX
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
byMotonori Shindo
 
PPTX
フロー技術によるネットワーク管理
byMotonori Shindo
 
PPTX
OpenStack High Availability
byJakub Pavlik
 
PPTX
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
byTakuya ASADA
 
PDF
コンテナセキュリティにおける権限制御(OCHaCafe5 #3 Kubernetes のセキュリティ 発表資料)
byNTT DATA Technology & Innovation
 
PDF
PFN のオンプレML基盤の取り組み / オンプレML基盤 on Kubernetes 〜PFN、ヤフー〜
byPreferred Networks
 
PDF
オンプレミス回帰の動きに備えよ ~クラウドの手法をオンプレミスでも実現するには~(CloudNative Days Fukuoka 2023 発表資料)
byNTT DATA Technology & Innovation
 
Kubermatic CNCF Webinar - start.kubermatic.pdf
byLibbySchulze
 
Using Rook to Manage Kubernetes Storage with Ceph
byCloudOps2005
 
Hybrid Data Deliveryを活用してオンプレミスデータをQlik Cloudでリアルタイム活用!
byQlikPresalesJapan
 
How to Survive an OpenStack Cloud Meltdown with Ceph
bySean Cohen
 
Red Hat Openshift Fundamentals.pptx
byssuser18b1c6
 
Hashicorp Vault Open Source vs Enterprise
byStenio Ferreira
 
S108283 svc-storwize-lagos-v1905d
byTony Pearson
 
How Kubernetes scheduler works
byHimani Agrawal
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
byRobb Boyd
 
Citrix adc technical overview
byRoshan Dias
 
プライベートクラウドを支えるAMD EPYCサーバ
byTomohiro Hirano
 
Multi cloud security architecture
byMaganathin Veeraragaloo
 
Azure IoT Edge for Linux on Windows (EFLOW)を学ぶ!
byJingun Jung
 
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
byMotonori Shindo
 
フロー技術によるネットワーク管理
byMotonori Shindo
 
OpenStack High Availability
byJakub Pavlik
 
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
byTakuya ASADA
 
コンテナセキュリティにおける権限制御(OCHaCafe5 #3 Kubernetes のセキュリティ 発表資料)
byNTT DATA Technology & Innovation
 
PFN のオンプレML基盤の取り組み / オンプレML基盤 on Kubernetes 〜PFN、ヤフー〜
byPreferred Networks
 
オンプレミス回帰の動きに備えよ ~クラウドの手法をオンプレミスでも実現するには~(CloudNative Days Fukuoka 2023 発表資料)
byNTT DATA Technology & Innovation
 

Similar to Robust Network Security and Observability with GitOps and Cilium

PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
byWeaveworks
 
PDF
Free GitOps Workshop + Intro to Kubernetes & GitOps
byWeaveworks
 
PDF
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
byWeaveworks
 
PDF
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
byContainerDay Security 2023
 
PDF
A GitOps model for High Availability and Disaster Recovery on EKS
byWeaveworks
 
PDF
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
bySonja Schweigert
 
PDF
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
byWeaveworks
 
PDF
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
byWeaveworks
 
PDF
Free GitOps Workshop
byWeaveworks
 
PDF
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
byWeaveworks
 
PDF
Achieve Data & Operational Sovereignty: Managing Hybrid & Edge EKS Deployment...
byWeaveworks
 
PDF
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
byWeaveworks
 
PDF
Immediate download DevOps for networking boost your organization's growth by ...
bykapuilakna
 
PDF
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
byWeaveworks
 
PDF
Observe and command your fleets across any kubernetes with weave git ops
byWeaveworks
 
PDF
Continuous Lifecycle London 2018 Event Keynote
byWeaveworks
 
PDF
Speeding up your team with GitOps
byBrice Fernandes
 
PPTX
Cloud Native Apps with GitOps
byWeaveworks
 
PDF
Delivering Quality at Speed with GitOps
byWeaveworks
 
PDF
Intro to Kubernetes & GitOps Workshop
byWeaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
byWeaveworks
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
byWeaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
byWeaveworks
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
byContainerDay Security 2023
 
A GitOps model for High Availability and Disaster Recovery on EKS
byWeaveworks
 
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
bySonja Schweigert
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
byWeaveworks
 
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
byWeaveworks
 
Free GitOps Workshop
byWeaveworks
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
byWeaveworks
 
Achieve Data & Operational Sovereignty: Managing Hybrid & Edge EKS Deployment...
byWeaveworks
 
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
byWeaveworks
 
Immediate download DevOps for networking boost your organization's growth by ...
bykapuilakna
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
byWeaveworks
 
Observe and command your fleets across any kubernetes with weave git ops
byWeaveworks
 
Continuous Lifecycle London 2018 Event Keynote
byWeaveworks
 
Speeding up your team with GitOps
byBrice Fernandes
 
Cloud Native Apps with GitOps
byWeaveworks
 
Delivering Quality at Speed with GitOps
byWeaveworks
 
Intro to Kubernetes & GitOps Workshop
byWeaveworks
 

More from Weaveworks

PDF
Intro to GitOps & Flux.pdf
byWeaveworks
 
PDF
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
byWeaveworks
 
PDF
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
byWeaveworks
 
PDF
Six Signs You Need Platform Engineering
byWeaveworks
 
PDF
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
byWeaveworks
 
PDF
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
byWeaveworks
 
PDF
Building internal developer platform with EKS and GitOps
byWeaveworks
 
PDF
GitOps Testing in Kubernetes with Flux and Testkube.pdf
byWeaveworks
 
PDF
Implementing Flux for Scale with Soft Multi-tenancy
byWeaveworks
 
PDF
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
byWeaveworks
 
PDF
The Story of Flux Reaching Graduation in the CNCF
byWeaveworks
 
PDF
Flux Beyond Git Harnessing the Power of OCI
byWeaveworks
 
PDF
Weave AI Controllers (Weave GitOps Office Hours)
byWeaveworks
 
PDF
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
byWeaveworks
 
PDF
Flamingo: Expand ArgoCD with Flux (Office Hours)
byWeaveworks
 
PDF
Flux’s Security & Scalability with OCI & Helm Slides.pdf
byWeaveworks
 
PDF
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
byWeaveworks
 
PDF
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
byWeaveworks
 
PDF
How to Avoid Kubernetes Multi-tenancy Catastrophes
byWeaveworks
 
PDF
Flux Security & Scalability using VS Code GitOps Extension
byWeaveworks
 
Intro to GitOps & Flux.pdf
byWeaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
byWeaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
byWeaveworks
 
Six Signs You Need Platform Engineering
byWeaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
byWeaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
byWeaveworks
 
Building internal developer platform with EKS and GitOps
byWeaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
byWeaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
byWeaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
byWeaveworks
 
The Story of Flux Reaching Graduation in the CNCF
byWeaveworks
 
Flux Beyond Git Harnessing the Power of OCI
byWeaveworks
 
Weave AI Controllers (Weave GitOps Office Hours)
byWeaveworks
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
byWeaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
byWeaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
byWeaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
byWeaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
byWeaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
byWeaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
byWeaveworks
 

Recently uploaded

PDF
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
PDF
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
bySandesh Rao
 
PDF
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
PDF
API Days Australia - API Management in the AI Era
byNilesh Gule
 
PDF
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
PDF
Top 11 Sites to Buy Verified GitHub Accounts in 2025
byBuy GitHub Accounts Looking for a verified GitHub account?
 
PDF
Log-based anomaly detection using BiLSTM-Autoencoder
byMohammed BEKKOUCHE
 
PDF
Embracing Karpenter to scale, optimise and upgrade Kubernetes
byMarko Bevc
 
PDF
Performance.sync(): 7 Levels of a Web Performance Journey
bySergeyChernyshev
 
PPTX
Taming Time in PHP: Best Practices and Gotchas at Longhorn PHP 2025
byScott Keck-Warren
 
PDF
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
PPTX
Artificial Intelligence lecture slides.pptx
bymaimelabernard6
 
PDF
Memo No.3006141 dt.25.10.2025- SOP for Grant of Online Change Of Land Use
byRaghu Ram
 
DOCX
Formula 3 - MACO using general limit.docx
byMarkus Janssen
 
DOCX
Formula 1 - APIC general MACO calculation.docx
byMarkus Janssen
 
PDF
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
DOCX
Formula 2 - APIC HBEL general calculation.docx
byMarkus Janssen
 
PDF
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
PPTX
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
bySandesh Rao
 
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
API Days Australia - API Management in the AI Era
byNilesh Gule
 
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
Top 11 Sites to Buy Verified GitHub Accounts in 2025
byBuy GitHub Accounts Looking for a verified GitHub account?
 
Log-based anomaly detection using BiLSTM-Autoencoder
byMohammed BEKKOUCHE
 
Embracing Karpenter to scale, optimise and upgrade Kubernetes
byMarko Bevc
 
Performance.sync(): 7 Levels of a Web Performance Journey
bySergeyChernyshev
 
Taming Time in PHP: Best Practices and Gotchas at Longhorn PHP 2025
byScott Keck-Warren
 
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
Artificial Intelligence lecture slides.pptx
bymaimelabernard6
 
Memo No.3006141 dt.25.10.2025- SOP for Grant of Online Change Of Land Use
byRaghu Ram
 
Formula 3 - MACO using general limit.docx
byMarkus Janssen
 
Formula 1 - APIC general MACO calculation.docx
byMarkus Janssen
 
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
Formula 2 - APIC HBEL general calculation.docx
byMarkus Janssen
 
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 

Robust Network Security and Observability with GitOps and Cilium

  • 1.
    1 Confidential do notdistribute Robust Network Security and Observability with GitOps and Cilium In partnership with:
  • 2.
    2 2 Webinar Platform -FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
  • 3.
    3 3 Lutz Lange Solutions Architect,Weaveworks Lutz is a Solution Architect at Weaveworks. He lives in Berlin and has a long history in the Container, Kubernetes and Cloud Native space. He was one of the 1st attendees in Google's Kubernetes Training program back when Kubernetes was in its infancy. He has also worked at Red Hat, Instana, Pivotal and VMware and thinks that GitOps is something every serious user of Kubernetes needs. Speaker introduction Raphaël Pinson Solutions Architect, Isovalent Raphaël is a Solutions Architect with Cloud Native networking and security specialists Isovalent, creators of the Cilium eBPF-based networking project. He works on Cilium, Hubble & Tetragon and the future of Cloud-Native networking & security using eBPF. An early adopter of the DevOps principle, he has been a practitioner of Configuration Management and Agile principles in Operations for many years, with a special involvement in the Puppet and Terraform communities over the years.
  • 4.
    4 Weaveworks is backedby solid investors Weaveworks is a key partner with all the major infrastructure and Kubernetes vendors Weaveworks: the GitOps company Weaveworks is deeply committed to the Open Source Community
  • 5.
    5 Confidential do notdistribute 5 Battle Tested Weaveworks Approach Process Technical support Customer Reliability Engineering (CRE) ● Weaveworks approved expertise in Gitops, kubernetes & cloud native ● “Virtual” SRE ● Traditionally embeds in customers team ● Long term technical resourcing (6 month or 12 Months) Weave GitOps Services Weave GitOps Enterprise ● Curated platform- Clusters on-demand & Application Deployment ● Run Anywhere on any K8 platform ● Integrated security & Policy & Governance ● 24/7 Support Consulting, Professional Services, Training ● Workshops ○ Design, build, operate and Optimize ● POC Delivery ● Training ○ Skills Development ● Time and materials ○ Day Rate CAPABILITIES Reconciliation loop Monitor specific events in Git – repos, branches and/or folders Simple profile bootstrap Setup, provision and operate a custom, production-ready cluster Application management UI immediately detect drift between states as well as cluster health problems. Cluster fleet management Reuse cluster templates easily from git Team Management & Governance Segment responsibilities and enforce change control policies Advanced Security RBAC, Single Sign On (SSO)
  • 6.
    6 Confidential do notdistribute 6 Continuous Application Delivery - use GitOps to deploy and operate applications. Automation increases deployment velocity and developer productivity. Weave GitOps - Use Cases Kubernetes Everywhere - in the cloud or the datacenter Kubernetes is a universal platform that’s easy to manage with GitOps. DevOps Automation - Lifecycle management of the entire platform. All clusters and services, using automation and policy. 1 4 2 5 3 6 Self-Service Platforms - a complete platform giving developers autonomy while ensuring consistency and manageability. Trusted Delivery - shift policy and security left - governance, risk, and compliance are non-negotiable. Progressive Delivery - deploy services across many environments and regions reliably using GitOps
  • 7.
    7 Confidential do notdistribute 7 Weave GitOps Experience DEVELOPER EXPERIENCE • Continuous Delivery, observability, and monitoring • Consistent developer workflows across multiple deployments • Team workspaces for multi-tenanted usage OPERATOR EXPERIENCE • Extend Kubernetes to managed platform using GitOps model • An Open Source Kubernetes platform for on-premise deployment • Additive to manage Kubernetes (e.g., EKS, AKS or GKE) • Upgrades to new versions • Extensible controls to implement security and policy controls
  • 8.
    8 Confidential do notdistribute 8 Test IDE Build GitOps – An Operating Model for Cloud Native Unifying Deployment, Monitoring and Management. Git as the single source of truth of a system’s desired state ALL intended operations are committed by pull request ALL diffs between intended and observed state with automatic convergence ALL changes are observable, verifiable and auditable Kubernetes GitOps Continuous Integration GIT “Immutability Firewall” Deployment (clusters, apps) Monitoring Logging (Observability) Management (operations)
  • 9.
    9 App Team workspaces App Management Cluster App Leaf Cluster ProfilePolicy Management Management UI Weave GitOps Enterprise Kubernetes Cluster Management UI Management UI Multi Cluster Installer (CAPI) Weave GitOps Enterprise Kubernetes Weave GitOps Enterprise
  • 10.
  • 11.
    ● Open SourceProjects ● Company behind Cilium ● Provides Cilium Enterprise
  • 12.
    What is Cilium? Atthe foundation of Cilium is the new Linux kernel technology eBPF, which enables the dynamic insertion of powerful security, visibility, and networking control logic within Linux itself. Besides providing traditional network level security, the flexibility of BPF enables security on API and process level to secure communication within a container or pod. Read More ● Networking & Load-Balancing ○ CNI, Kubernetes Services, Multi-cluster, VM Gateway ● Network Security ○ Network Policy, Identity-based, Encryption ● Observability ○ Metrics, Flow Visibility, Service Dependency
  • 14.
    Makes the Linuxkernel programmable in a secure and efficient way. “What JavaScript is to the browser, eBPF is to the Linux Kernel”
  • 16.
  • 17.
  • 18.
    Flow Visibility $ kubectlget pods NAME READY STATUS RESTARTS AGE tiefighter 1/1 Running 0 2m34s xwing 1/1 Running 0 2m34s deathstar-5b7489bc84-crlxh 1/1 Running 0 2m34s deathstar-5b7489bc84-j7qwq 1/1 Running 0 2m34s $ hubble observe --follow -l class=xwing # DNS lookup to coredns default/xwing:41391 (ID:16092) -> kube-system/coredns-66bff467f8-28dgp:53 (ID:453) to-proxy FORWARDED (UDP) kube-system/coredns-66bff467f8-28dgp:53 (ID:453) -> default/xwing:41391 (ID:16092) to-endpoint FORWARDED (UDP) # ... # Successful HTTPS request to www.disney.com default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: SYN) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: SYN, ACK) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: ACK, FIN) default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: RST) # ... # Blocked HTTP request to deathstar backend default/xwing:49610 (ID:16092) -> default/deathstar:80 (ID:16081) Policy denied DROPPED (TCP Flags: SYN) Flow Metadata ‒ Ethernet headers ‒ IP & ICMP headers ‒ UDP/TCP ports, TCP flags ‒ HTTP, DNS, Kafka, ... Kubernetes ‒ Pod names and labels ‒ Service names ‒ Worker node names DNS (if available) ‒ FQDN for source and destination Cilium ‒ Security identities and endpoints ‒ Drop reasons ‒ Policy verdict matches
  • 19.
  • 20.
  • 21.
  • 22.
    Zero Trust SecurityDemo namespace=raphink-0
  • 23.
    OSS Community eBPF-based Networking, Observability,Security cilium.io cilium.slack.com Regular news Learn more about Cilium! Base technology The revolution in the Linux kernel, safely and efficiently extending the capabilities of the kernel. ebpf.io What is eBPF? - ebook For the Enterprise Hardened, enterprise-grade eBPF-powered networking, observability, and security. isovalent.com/product isovalent.com/labs
  • 24.
    24 Confidential do notdistribute 2 4 Questions? Please use the Q&A window to submit your questions.
  • 25.
    25 Whitepaper: Shifting SecurityLeft with GitOps and Trusted Delivery https://bit.ly/3MvzXgQ Learn more about Weave GitOps www.weave.works/enterprise Request a personal demo www.weave.works/contact Thank You
  • 26.
    26 Confidential do notdistribute 2 6 Thank you https://weave.works