Andy Wright

Author Archives: Andy Wright

Introducing the Calico eBPF Dataplane

eBPF is a hot topic right now; most of the infrastructure-focused conferences and events have included talks on eBPF over the past year, which is creating a lot of interest in the technology.

You might be wondering what eBPF is. eBPF stands for “extended Berkeley Packet Filter” which is a feature in modern Linux kernels that allows you to write mini-programs that are attached to low-level hooks in the Linux kernel, that execute based on certain events (e.g. filtering network traffic). While Calico is primarily focused on networking and security use cases, eBPF is a broad technology that applies to many other use cases as well.

We’ve always been tracking eBPF and it’s potential to enhance Calico, however, most users have not been ready for it. Improving on Calico’s already excellent dataplane using eBPF requires the latest Linux kernels, that are not always available to our enterprise customers that require a vendor-supported Linux distribution to run in production. Nevertheless, we decided to add an eBPF dataplane to support those users that are able to use the latest Linux kernels, as well as provide a future-proofed path for those who will wait until their vendor-supported Linux distributions will support the Continue reading

Security Policy as Code Now Fully Automated with Calico Enterprise 2.6

We are excited to announce the general availability of Calico Enterprise 2.6 (formerly known as Tigera Secure). With this release, it is now possible to fully-automate Security-Policy-as-Code within a CI-CD pipeline, including the ability to implement security as a Canary rollout, which is the most critical requirement to automating network security.

DevOps is now mainstream and practiced in nearly every major enterprise; it has transitioned from what was a competitive differentiator a few years ago to the industry standard today.

DevOps relies on automation to continuously optimize the cycle time from code to production. DevOps automation manifests itself in 2 forms.

  1. Automation of the underlying infrastructure (infrastructure as code)
  2. Automation of the software delivery process (Continuous Integration and Continuous Delivery (CICD) pipeline)

Security has become an integral part of the DevOps team’s responsibilities. A quick sample of DevOps jobs on LinkedIn is a quick example; nearly every DevOps job posting has “security” as a required responsibility. It’s no longer enough to automate the infrastructure, it is now necessary to implement security within the delivery pipeline and perhaps link SW CI-CD pipelines with the corresponding security policies that they should be deployed with. DevOps teams have struggled to automate this Continue reading

Tigera Secure 2.5 – Implement Kubernetes Network Security Using Your Firewall Manager

We are excited to announce the general availability of Tigera Secure 2.5. With this release, security teams can now create and enforce security controls for Kubernetes using their existing firewall manager.

Containers and Kubernetes adoption are gaining momentum in enterprise organizations. Gartner estimates that 30% of organizations are running containerized applications today, and they expect that number to grow to 75% by 2022. That’s tremendous growth considering the size and complexity of enterprise IT organizations. It’s difficult to put exact metrics on the growth in Kubernetes adoption; however, KubeCon North America attendance is a good proxy. KubeCon NA registrations grew from 1,139 in 2016 to over 8,000 in 2018 and are expected to surpass 12,000 this December, and the distribution of Corporate Registrations has increased dramatically.

KubeCon Registrations

Despite this growth, Kubernetes is a tiny percentage of the overall estate the security team needs to manage; sometimes less than 1% of total workloads. Security teams are stretched thin and understaffed, so it’s no surprise that they don’t have time to learn the nuances of Kubernetes and rethink their security architecture, workflow, and tools for just a handful of applications. That leads to stalled deployments and considerable friction between the application, infrastructure, Continue reading