Securing your applications with a defense in depth architecture and gaining visibility in your application behavior are the two key requirements to be successful in any modern cloud native deployment.
While service meshes like Istio provide these capabilities via a user space proxy mechanism it's not always feasible to inject sidecars proxies for all your applications. On the other hand Kernel technologies like eBPF when used in a CNI like Cilium provides security and metrics transparently but lacks the richness of information and policy capabilities provided by a layer 7 proxy with strong identities.
In this session, I will present how we can leverage capabilities provided by both these technologies and achieve better security and observability ensuring all your applications can have uniform policy and visibility irrespective of whether they are in the mesh or not or if they are running as a container in Kubernetes or long running VM where making privileged changes are often not possible.