March 19, 2024
Courtyard by Marriott Paris Porte de Versailles, France
CalicoCon 2024
Join us for an immersive event led by the Calico team, where you’ll gain education, training, and best practices for Kubernetes networking, security, and observability.
About
CalicoCon is coming to KubeCon + CloudNativeCon Europe 2024.
Join us to explore the trends, strategies, and technologies making waves in the Kubernetes networking, security, and observability world.
We will cover the state of Project Calico. Calico users & engineers will dive deep into various areas, including eBPF, Windows HNS, multi-cluster mesh, best practices for network policies, egress gateway, scale, performance, encryption, and compliance.
Attendees will get to ask their questions and network with the Calico engineering and leadership team.
We’ll end with a reception where you can meet other Calico users on their Kubernetes journeys and those behind Calico.
Agenda
| 9:00-9:15 | Welcome Reception |
| 9:15-10:30 | Workshop : eBPF-based Networking and Security with Calico (Reza Ramezanpour) |
| 10:30-10:45 | Coffee Break |
| 10:45-12:00 | Workshop: eBPF-based Networking and Security with Calico (Reza Ramezanpour) |
| 12:00-1:00 | Lunch |
| 1:00-1:20 | Keynote : Project Calico Past, Present, and Future |
| 1:20-1:50 | Calico eBPF - Security and Performance in Production (Tomas Hruby) |
| 1:50-2:15 | IPv6 for Calico eBPF - How We Got There (Tomas Hruby) |
| 2:15-2:30 | Coffee Break |
| 2:30-3:00 | Best Practices: Using Calico Policies to Secure Kubernetes Traffic (Jeremy Guerrand) |
| 3:00-3:30 | Implementing Calico BGP for Enhanced Multi-Cluster Connectivity across Cloud Environments (Rui De Abreu) |
| 3:30-4:00 | Network policy at scale; scaling Calico to 15k+ nodes and 10k network policies (Shaun Crampton) |
| 4:00-6:00 | Happy Hour & Networking |
Venue Information
Hall 78, Courtyard by Marriott Paris Porte de Versailles
5 Rue Ernest Renan,
92130 Issy-les-Moulineaux, France
Hall 78, Courtyard by Marriott Paris Porte de Versailles, 5 Rue Ernest Renan, 92130 Issy-les-Moulineaux, France
Registration
This event is one of the co-located events at KubeCon + CloudNativeCon Europe 2024.
Attendees can register by adding it to their existing registration using the CNCF portal.
Speakers
Shaun Crampton
Distinguished Engineer, Tigera
Tomas Hruby
Staff Software Engineer, Tigera
Rui De Abreu
Principal Solutions Architect, Tigera
Jeremy Guerrand
Solutions Architect, Tigera
Shaun Crampton
Distinguished Engineer, Tigera
Tomas Hruby
Staff Software Engineer, Tigera
Rui De Abreu
Principal Solutions Architect, Tigera
Reza Ramezanpour
Developer Advocate, Tigera
Jeremy Guerrand
Solutions Architect, Tigera
Reza Ramezanpour
Developer Advocate, Tigera
Why Attend?
Security Teams
Learn how to holistically secure your cloud-native applications following today’s best practices
DevOps and SRE Teams
Learn how to include security and observability in your CI/CD pipeline to enable security, observability and troubleshooting
Platform Architects
Learn architecture patterns and best practices to secure and troubleshoot cloud-native applications
Watch replays
Learn about the latest container security trends and discover strategies and technologies
that will help your organization secure, observe, and troubleshoot cloud-native applications.
Share The Event
Copyright ©2021 Tigera, Inc.
Workshop: eBPF-based Networking and Security with Calico
Hands-on workshop to learn eBPF-based networking and network security for Kubernetes using Calico. With this experience, you will be able to architect and implement a scalable and secure Kubernetes-based SaaS or CaaS platform.
The workshop will cover the following topics:
- Kubernetes deployment and networking
- Why eBPF (source IP preservation, DDoS mitigation, and lower resource utilization)
- Secure workload access and strengthen your cluster’s security posture
- Implement eBPF security policies
- Implement cluster-wide encryption with Calico eBPF dataplane and WireGuard
- Leveraging IPv6 with Calico’s eBPF dataplane
What you’ll need on the day:
- A device with a modern web browser.
Calico eBPF - Security and Performance in Production
eBPF is the hottest kernel feature these days, but Calico’s eBPF dataplane has been available for 4 years already! We will dive into the inner workings of the Calico eBPF dataplane, exploring its key components and how it leverages the eBPF technology to enhance networking and security in Kubernetes. You will gain insights into the performance benefits of eBPF, including reduced latency and improved scalability. We will discuss how the eBPF-based dataplane differs from the iptables-based one, what extra features are provided, what is or is not compatible, and when you definitely want to select Calico eBPF over other options. We will cover how to troubleshoot the dataplane to effectively address any issues. It is an opportunity to gain a deeper understanding of the Calico eBPF dataplane and its role in optimizing your Kubernetes networking and security.
IPv6 for Calico eBPF - How We Got There
eBPF is a hot topic in the programmability of the Linux kernel. Calico leverages it to enhance observability, security, and performance. But how easy is it to use technology to achieve your goals? How does eBPF programming differ from kernel or userspace programming? What are the pitfalls and how to tackle them? We will answer these and other questions as we discuss how we added support for IPv6 to Calico’s eBPF dataplane. We will present the good and bad design choices we made and the lessons we learned. IPv6-only is available in the latest 3.27 release and dual-stack support will be part of the next 3.28 version.
Best Practices: Using Calico Policies to Secure Kubernetes Traffic
In this session, we will discuss how Kubernetes, now a standard for hosting modern, microservices-based cloud-native applications, requires a new approach to network security, due to the dynamic and ephemeral characteristics of Kubernetes workloads.
Conventional firewall approaches in multi-cluster, zone-based architectures lack granular visibility and give overly broad IP range allowances, leading to a larger attack surface. With Calico policies, you can define, test, and enforce stringent traffic rules between pods and services within Kubernetes. It provides detailed control over both ingress and egress traffic, effectively isolating workloads, enhancing network performance, and ensuring compliance with various security standards.
Implementing Calico BGP for Enhanced Multi-Cluster Connectivity across Cloud Environments
In this technical session, we will delve into the implementation of Calico BGP to facilitate seamless multi-cluster connectivity in Kubernetes environments. We will explore the intricacies of BGP routing, BGP peering, and the integration of Calico BIRD within a flat network architecture. The focus will be on leveraging Calico’s open-source capabilities and its overlay networking feature, which is particularly beneficial in cloud settings lacking Layer 2 connectivity. Key topics include cloud-specific BGP configurations, overlay networking strategies, effective utilization of Calico IP pools, and DNS forwarding across multi-cluster deployments.
Network policy at scale: scaling Calico to 15k+ nodes and 10k network policies
Calico is the most widely deployed network policy engine in the Kubernetes ecosystem and we’ve always been proud of our performance and scale, but…
What do you do when a customer casually (or not so casually) mentions that their 10,000th node isn’t performing as well as they expected and that they’d quite like to scale up to 15k nodes? About a year ago, Shaun found himself in that exciting (?) position and he got the opportunity to optimize Calico’s network policy engine end-to-end. Expect a deep dive on Calico’s scale-out architecture (which should be interesting whether you’re looking for a network policy solution or just to see how we scaled our application on top of Kubernetes), how it’s evolved, how we do (mocked) high-scale testing, and a rundown of the improvements in v3.27 that take it to the next level.
