The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Service mesh has brought transparent encryption capabilities to cloud-native applications. However, the tight coupling of sidecars with workloads complicates lifecycle management.
Both Isito and Cilium have implemented sidecarless service mesh, utilizing userspace proxies that increase connection hops and introduce single points of failure, with encryption occurring only between proxy links. In this session, we aim to demonstrate how eBPF and programmable kernel modules can significantly address these challenges.
We believe that offloading traffic to eBPF and leveraging kernel innovations to achieve end-to-end secure encryption capabilities is the future direction for sidecarless service mesh. We will discuss how this approach can provide a more efficient and secure network architecture without the need for sidecar proxies.
Finally, we will present use cases and discuss how to maintain encryption capabilities and minimize the impact on applications during scenarios such as failures.
