Google Distributed Cloud Virtual Now Supports Virtual Machines
Recently Google announced the general availability of virtual machine (VM) support in Anthos for bare metal, also known as Google Distributed Cloud Virtual (GDC), which will allow customers to run VMs alongside containers on a single, unified, Google Cloud-connected platform in their data center or at the edge.
Google Cloud Spanner Introduces Free Trial Instances and Fine-Grained Access Control
Google Cloud recently announced different improvements to their managed databases. The cloud provider introduced free trial instances and fine-grained access control for Spanner to let developers try the managed service and configure access to data at the table and column level.
Kubernetes Control Plane Metrics Now Available in Google Kubernetes Engine
Google has announced the general availability of Kubernetes control plane metrics in Google Kubernetes Engine (GKE). These metrics are directly integrated with Google Cloud Monitoring providing a single solution for troubleshooting issues with GKE. Integration with third-party observability tooling is also possible via the Cloud Monitoring API.
Open-Source Threat Detection Tool Falco Adds Support for Google gVisor
The latest version of Falco introduces support for gVisor, Google’s application kernel providing an additional isolation layer between applications and the host OS. Using Falco 0.32.1 users can monitor security events from gVisor to detect threats and audit containers.
Google Open-Sources Natural Language Robot Control Method SayCan
Researchers from Google’s Robotics team have open-sourced SayCan, a robot control method that uses a large language model (LLM) to plan a sequence of robotic actions to achieve a user-specified goal. In experiments, SayCan generated the correct action sequence 84% of the time.
GCP Announces MITRE ATT&CK Mappings to Implement Security Controls
Google Cloud Platform (GCP) recently announced the MITRE ATT&CK Mappings to improve security controls across the Google Cloud workloads. The MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics & techniques based on real-world observations. The mappings will empower Google Cloud users to assess the GCP controls against adversary tactics, techniques and procedures(TTPs).
]]>
eBPF allows developers to safely and efficiently embed programs in any piece of software, including the operating system kernel. As a result, eBPF is quickly becoming the method of choice for achieving a wide range of infrastructure use cases, delivering significant efficiency and performance gains and dramatically reducing the complexity of the system. For example, Facebook is using eBPF as the primary software-defined load balancer in its data centres, and Google is using Cilium to bring eBPF-based networking and security to the managed Kubernetes offerings GKE and Anthos. Alexei Starovoitov, Co-creator and Maintainer of eBPF, Kernel Developer at Facebook, commented:
“eBPF is a revolutionary technology that allows us to modify operating system behaviour in real-time without risky or expensive kernel code changes. It’s had a remarkable impact on our ability to iterate quickly on everything from networking to security to containerization.”
eBPF changes the way operating systems and infrastructure services are designed. It bridges the boundary between kernel and userspace. It encourages and accelerates innovation and is a significant leap forward in open source technology for networking, security, application profiling/tracing and system observability use cases. eBPF enables users to even combine and apply logic across multiple subsystems which were traditionally completely independent. Daniel Borkmann, Co-creator and Maintainer of eBPF, Kernel Developer at Isovalent also noted:
“eBPF has redefined the way we think about the operating system and has led to a massive wave of innovation in networking, security, and observability. Because of its deep relevance in the cloud-native world, eBPF adoption has been accelerating at an incredible pace.”
By making the OS kernel programmable, infrastructure software can leverage existing layers, making them more intelligent, scalable and feature-rich without continuing to add additional layers of complexity to the system. eBPF has resulted in the development of a completely new generation of tooling in areas such as networking, security, application profiling/tracing and performance troubleshooting that no longer rely on existing kernel functionality but instead actively reprogram runtime behaviour without compromising execution efficiency or safety.
The eBPF Foundation will expand the significant level of contributions being made to extend the powerful capabilities of eBPF and grow beyond Linux. It will be the home for open source eBPF projects and technologies and nurture the community through a variety of activities, including summits and other collaboration events in order to further drive the growth and adoption of the eBPF ecosystem.
]]>