The Rise of AI Coding Agents: Impact on Platform Engineering Teams
How AI coding agents like GitHub Copilot Workspace and Cursor are reshaping platform engineering. What teams need to prepare for and how to leverage these tools.
Platform Engineering
eBPF for Kubernetes Security: Beyond Traditional Network Policies
Luca Berton • • 1 min read
#kubernetes#ebpf#security#cilium#cloud-native
\n## 🐝 eBPF: Security at the Kernel Level
Traditional Kubernetes security operates at the API level — network policies, RBAC, admission webhooks. eBPF operates at the kernel level, giving you visibility and enforcement that higher-level tools simply can’t provide.
What eBPF Enables
- Runtime process monitoring: See every process execution, even inside containers
- Network flow visibility: L3/L4/L7 traffic without sidecars
- File access auditing: Track every file open/read/write in real-time
- Syscall filtering: Block specific system calls per workload
Cilium Tetragon: Runtime Security
Tetragon provides kernel-level security observability:
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: detect-privilege-escalation
spec:
kprobes:
- call: "security_file_open"
syscall: false
args:
- index: 0
type: "file"
selectors:
- matchArgs:
- index: 0
operator: "Prefix"
values:
- "/etc/shadow"
- "/etc/passwd"
- matchActions:
- action: Sigkill # Kill the process immediately
- action: NotifyEnforcer
- call: "__x64_sys_setuid"
syscall: true
selectors:
- matchActions:
- action: Post
rateLimit: "1m"This policy detects and kills any container process trying to read /etc/shadow — something network policies can’t do.
Beyond Network Policies
Traditional NetworkPolicy:
# Can only filter by IP/port
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-policy
spec:
podSelector:
matchLabels:
app: api
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- port: 8080Cilium Network Policy (L7-aware):
# Can filter by HTTP method, path, headers
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: api-l7-policy
spec:
endpointSelector:
matchLabels:
app: api
ingress:
- fromEndpoints:
- matchLabels:
app: frontend
toPorts:
- ports:
- port: "8080"
protocol: TCP
rules:
http:
- method: "GET"
path: "/api/v1/.*"
- method: "POST"
path: "/api/v1/orders"
headers:
- 'X-Auth-Token: .*'Practical Use Cases
- Detect cryptominer processes: Monitor for suspicious CPU-intensive processes in containers
- Prevent container escapes: Block mount syscalls and privilege escalation attempts
- DNS monitoring: Track all DNS queries from pods without modifying applications
- Forensics: Complete audit trail of all process executions and network connections
Getting Started
# Install Cilium with Tetragon
cilium install --version 1.16 --set tetragon.enabled=true
# View security events
kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | \
tetra getevents -o compacteBPF-based security is no longer experimental. If you’re running Kubernetes in production, it should be part of your security stack.
Want to implement eBPF-based security? I help teams design defense-in-depth strategies for Kubernetes. Let’s connect.\n
📌 Need expert help with this topic?
Luca Berton
AI & Cloud Advisor with 18+ years experience. Author of 8 technical books, creator of Ansible Pilot, and instructor at CopyPasteLearn Academy. Speaker at KubeCon EU & Red Hat Summit 2026.
Related Articles
Internal Developer Portals with Backstage and AI: The 2026 Playbook
Backstage is the de facto IDP. Adding AI makes it transformative — auto-generated docs, intelligent search, and self-service infrastructure. Here's the architecture.
Sustainable IT: Carbon-Aware Kubernetes Scheduling
Schedule Kubernetes workloads when and where the grid is greenest. How carbon-aware scheduling works, the tools available, and the business case for sustainable compute.