Explore a scalable reimplementation of the Kubernetes service abstraction using eBPF in this 43-minute Linux Plumbers Conference talk. Delve into recent kernel changes that enabled this implementation and future modifications that could simplify it further. Learn about Kubernetes' architecture, the limitations of the default kube-proxy implementation, and how Cilium leverages eBPF technology to overcome scalability and reliability issues in large-scale Kubernetes deployments. Gain insights into container networking with eBPF, focusing on load balancing and NAT, without requiring prior Kubernetes knowledge.
Overview
Syllabus
Intro
Problem statement
Cilium: overview
Cilium v1.6: BPF ClusterIP
Cilium v1.6: BPF Node Port
Global socket cookies
Managed neighbor entries for backends 1/2
LRU BPF callback on entry eviction
LRU BPF eviction zones
BPF atomic ops
BPF getpeername hook
Improved mapping collision resolution
Taught by
Linux Plumbers Conference
