Can I use Tetragon without Cilium?

[28:00] Learn how Tetragon enables powerful realtime, eBPF-based Security Observability and Runtime Enforcement - all without Cilium!

In this recording we answer the question “Can I use Tetragon without Cilium CNI?”

This tutorial will cover how to install and configure Tetragon in Kubernetes with another CNI. In this example we use the open-source Calico project.

Futher information and a text based guide can be found at this supporting blog post.

Labs

Getting Started with Tetragon

Security Observability is a new paradigm that utilizes eBPF, a Linux kernel technology, to allow Security and DevOps teams, SREs, Cloud Engineers, and Solution Architects to gain real-time visibility into Kubernetes and helps to secure your production environment with Tetragon. Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team. The best way to learn about Security Observability and Cilium Tetragon is to read the book “Security Observability with eBPF” by Jed Salazar and Natalia Reka Ivanko. And the best way to have your first experience with Tetragon is to walk through this lab, which takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!

Apr 08, 2024