[$] BPF for security—and chaos—in Kubernetes

BPF is probably familiar to many LWN readers, though it's likely not yet
quite as well known in the Kubernetes community — but that could soon
change. At KubeCon +
CloudNativeCon Europe 2019 there were multiple sessions with BPF in
the title where developers talked about how BPF can be used to
help with Kubernetes security, monitoring, and even chaos engineering
testing.
We will look at two of those talks that were led by engineers closely
aligned with the
open-source Cilium project, which is all
about bringing BPF to Kubernetes container environments.
Thomas Graf, who contributes to BPF development in the Linux kernel,
led a session on transparent chaos testing with Envoy, Cilium, and BPF,
while his counterpart Dan Wendlandt, who is well known in the OpenStack
community for helping to start the Neutron networking project, spoke about
using the kernel's BPF capabilities to add visibility and
security in a Kubernetes-aware manner.