Photo by Moritz Kindler on Unsplash
Liz Rice, chief open source officer of Isovalent, joins us to talk about her work around the Cloud Native Computing Foundation (CNCF), including recent milestones for open source projects Cilium and Tetragon.
In this interview, Rice and host Katherine Druckman, an Intel open source evangelist, dive into new and exciting use cases made possible by eBPF technology, the tangible benefits of collaboration, and what’s next for Cilium and Tetragon. Rice also shares why she’s excited about a new eBPF documentary available now on ebpfdocumentary.com.
Listen to the full Open at Intel podcast episode here. The following conversation has been edited and condensed for brevity and clarity.
The Power of eBPF
Katherine Druckman: Can you tell us who you are and what you do?
Liz Rice: I work at Isovalent, which originally created the Cilium project. Cilium recently graduated, so that’s been a big event for us. I’m also on the governing board of the CNCF, representing the Silver Members, and in the past I was chair of the Technical Oversight Committee (TOC), so I’ve had a long history with the CNCF.
Katherine Druckman: Would you give us the Cliffs Notes version of what Cilium is?
Liz Rice: Cilium is best known as a networking plugin for Kubernetes, though you can use it outside of a Kubernetes environment. It’s built on a technology called eBPF, which is a cool way to customize how your kernel behaves. Cilium offers networking, networking observability, and lots of network security capabilities. And now with a separate project of Cilium called Tetragon, we also provide runtime security, observability, and runtime enforcement. So, there’s a pretty broad scope of things we can do with Cilium thanks to the power of eBPF.
Katherine Druckman: For the uninitiated, can you tell us about the origins of eBPF and why it’s so interesting?
Liz Rice: Just yesterday was the premiere of the eBPF documentary, which tells the story of when Alexei [Starovoitov] came up with the concept of essentially running a virtual machine (VM) inside the kernel. The film does a great job conveying how that was a bit of a mad idea at the time. He had to convince the kernel community that it was a good idea. Others helped popularize the idea and developed cool tracing tools with it. It’s been years in development, and now eBPF is a technology platform that allows us to build these incredibly powerful infrastructure tools—like observability, tracing, security, and networking—that everybody needs in their cloud-native environments, common to all their applications.
Katherine Druckman: The eBPF Foundation has an annual online summit. Since you’re heavily involved in that, will you tell us a little about that?
Liz Rice: The eBPF Summit started during the pandemic, so it’s always been online. I think it’s been successful from that point of view. Kernel technology is quite low level and has experts from all around the world. Bringing them together physically would be hard to do, but we can get everybody together online. We have people in Slack commenting on the talks. We ask people from the community to submit talks when we know they’re working on something interesting. eBPF is such a novel way of doing things. The idea that you’re going to run programs inside the kernel is surprising to people, and the things you can do with it are so varied. It’s a pretty technical event, but there’s always a lot to learn and many new and surprising things people are doing with it.
Katherine Druckman: From your perspective of the landscape, what kind of creative implementations of this technology are you seeing that surprise you?
Liz Rice: There’s a project called Kepler that’s being used to measure software energy use. They’re using eBPF to instrument CPU time and memory cache retrievals. It was obvious to me that you would be burning energy via CPU cycles, but it hadn’t really occurred to me that retrieving memory costs energy. eBPF is providing tools to measure energy use with the intent to reduce it. That’s an important thing.
Better Together
Katherine Druckman: You’re involved with many communities. Can you tell us why your community work is important to you?
Liz Rice: I was a late convert to the world of open source. I got involved around the same time containers were becoming a thing, so the first years of my career were based around proprietary software. When I started getting involved in the container community, I saw the caliber of things people were building together and how they put company politics aside to come together and solve technical problems. I genuinely believe that open source is the best way to develop common technology. Letting everyone see how things work really does result in better solutions. It also just makes sense. If everybody needs a networking solution to connect their workloads, people don’t need to write their own; they have other ways to differentiate their business. It’s more efficient for everyone to have some common solutions we all can use.
Katherine Druckman: Can you tell us about your work with OpenUK?
Liz Rice: It brings together incredible people in the UK. It’s enabling us to see opportunities for open source software and communicate, particularly with government bodies, to lobby for open data and the use of open source technology. Some of the interesting debates right now around things like AI are not just about engineering but about the use of that technology and the extent to which it should be open. It feels important for people with a technical background to be involved in those conversations. It’s important to think about how we, as a community, can come together from different organizations and do good by getting governments to use more open source technologies.
What’s Next for Isovalent Projects
Katherine Druckman: What’s on the horizon for Cilium?
Liz Rice: We’ve just gone through graduation, so it feels like we’ve achieved a real milestone of adoption and being proven. But there are loads of new applications. For example, people increasingly use Cilium beyond Kubernetes to connect to external workloads across multiple clouds. So we have some custom mesh solutions. We have what we’re now calling Cilium Mesh for those who may have ingress from certain workloads and egress to other workloads; maybe you’re connecting over BPG or have telco use cases where you’ve got very specific protocols you want to work with. Networking is one of those worlds where you think you just plug in everything and networks happen, but it turns out there are loads of different protocols, requirements, and environments. I think we’ll see Cilium being used in a broader range of places.
And Tetragon just went 1.0, which is another big milestone—seeing that get adopted in its relatively early days. I really want to see how it gets used and the kind of security profiles people build for it and with it. At some point, some major CVE will come out, and people will detect it with Tetragon. That will be a really exciting story to hear about.
To hear more of this conversation and others, subscribe to the Open at Intel podcast:
- openatintel.podbean.com
- Google Podcasts
- Apple Podcasts
- Spotify
- Amazon Music
- Your favorite podcast player (RSS)
About the Author
Katherine Druckman, Open Source Evangelist, Intel
Katherine Druckman, an Intel open source evangelist, hosts the podcasts Open at Intel, Reality 2.0, and FLOSS Weekly. A security and privacy advocate, software engineer, and former digital director of Linux Journal, she’s a longtime champion of open source and open standards.