[$] BPF for security—and chaos—in Kubernetes

BPF is probably familiar to many LWN readers, though it's likely not yetquite as well known in the Kubernetes community - but that could soonchange. At KubeCon +CloudNativeCon Europe 2019 there were multiple sessions with BPF in the title where developers talked about how BPF can be used tohelp with Kubernetes security, monitoring, and even chaos engineeringtesting.We will look at two of those talks that were led by engineers closelyaligned with the open-source Cilium project, which is allabout bringing BPF to Kubernetes container environments.Thomas Graf, who contributes to BPF development in the Linux kernel,led a session on transparent chaos testing with Envoy, Cilium, and BPF,while his counterpart Dan Wendlandt, who is well known in the OpenStackcommunity for helping to start the Neutron networking project, spoke aboutusing the kernel's BPF capabilities to add visibility andsecurity in a Kubernetes-aware manner.