TALK DETAILS -
"eBPF Data Plane Deep Dive", Chris Tomkins
Abstract: Are you always curious? Then let’s take the lid off a cluster running the Calico eBPF data plane and see what’s going on in there.
You will learn:
* The theory of a packet walk through a cluster running the Calico eBPF data plane
* How to see the real thing on a cluster running Calico eBPF
* How to use available tools for diagnostics or to gain visibility of Calico’s eBPF data plane
“Generating custom seccomp profiles with Inspektor Gadget”, Jose Blanquicet
Abstract: Using a custom seccomp profile is one of the most recommended ways to increase the security of our Kubernetes workload. However, to be able to do that, we need to know all the system calls that our application uses during its whole life cycle, which is not a simple task.
By default, Kubernetes asks the container runtime to create a container using the `Unconfined` seccomp profile, meaning that seccomp is disabled. Such default behavior ensures that our application will run without problems, but it leaves the containers exposed to remote code execution vulnerabilities.
During this talk, we are going to show how to use Inspektor Gadget to identify all the system calls used by an application and how to generate a custom seccomp profile that ensures it will continue working as intended and with the exact privileges it requires.