Isovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity.
Tetragon can be used to perform security and runtime enforcement. It is Kubernetes-aware and understands Kubernetes concepts such as namespaces and pods. Tetragon can be deployed into Kubernetes clusters using Helm. Tetragron generates process_exec and process_exit events by default and can generate process_kprobe, process_tracepoint, and process_uprobe events for more advanced use cases.