YoVDO

Drawing Lines in the Sand - Running Unprivileged eBPF in Kubernetes

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

eBPF Courses Kubernetes Courses System Administration Courses Containerization Courses Linux Security Courses Network Monitoring Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of running unprivileged eBPF in Kubernetes in this 25-minute conference talk by Nikola Grcevski from Grafana Labs. Delve into the powerful capabilities of eBPF for gaining insights on connectivity, networking, security, and performance with minimal code. Examine the challenges of elevated permissions required for eBPF probes and learn strategies to avoid using 'privileged:true' in Kubernetes securityContext. Investigate the relationship between Linux security capabilities and eBPF capabilities, understanding when CAP_SYS_ADMIN is insufficient and how to circumvent it. Gain detailed knowledge about the specific capabilities required for common eBPF features and discover scenarios where CAP_BPF is adequate. Uncover the additional privileges needed for various types of instrumentation to avoid relying on CAP_SYS_ADMIN.

Syllabus

Drawing Lines in the Sand, or Running Unprivileged eBPF in Kubernetes - Nikola Grcevski


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Linux Server Management and Security
University of Colorado System via Coursera Cybersecurity Roles, Processes & Operating System Security
IBM via Coursera Operating Systems and Security
IBM via edX Linux Security and Hardening, The Practical Security Guide.
Udemy The Complete Cyber Security Course : Hackers Exposed!
Udemy