From 40eff4ec52664237d53a336535a519ccd1acda54 Mon Sep 17 00:00:00 2001
From: Nicholas Dille <nicholas.dille@mailbox.org>
Date: Wed, 3 May 2023 00:10:26 +0200
Subject: [PATCH] Final slides for 20230503

---
 120_kubernetes/cilium/agents.drawio.svg       |  81 +++++++++
 120_kubernetes/cilium/hubble.drawio.svg       | 155 ++++++++++++++++
 120_kubernetes/cilium/hubble.md               |  18 +-
 120_kubernetes/cilium/monitoring.demo         |   4 -
 120_kubernetes/cilium/monitoring.md           |   4 +-
 120_kubernetes/cilium/network_policy.demo     |  15 +-
 .../cilium/network_policy.drawio.svg          | 169 ++++++++++++++++++
 120_kubernetes/cilium/network_policy.md       |  26 ++-
 120_kubernetes/cilium/slides.md               |  30 +++-
 120_kubernetes/dns/slides.md                  |   6 -
 120_kubernetes/network/overlay.md             |   6 +-
 .../network_policy/network_policy.demo        |  22 ++-
 .../network_policy/network_policy.drawio.svg  |  55 +-----
 120_kubernetes/network_policy/slides.md       |  14 +-
 ...ise-Webinar-KubernetesNetworkPolicies.html |  15 ++
 15 files changed, 532 insertions(+), 88 deletions(-)
 create mode 100644 120_kubernetes/cilium/agents.drawio.svg
 create mode 100644 120_kubernetes/cilium/hubble.drawio.svg
 delete mode 100644 120_kubernetes/cilium/monitoring.demo
 create mode 100644 120_kubernetes/cilium/network_policy.drawio.svg

diff --git a/120_kubernetes/cilium/agents.drawio.svg b/120_kubernetes/cilium/agents.drawio.svg
new file mode 100644
index 0000000..e6ac31b
--- /dev/null
+++ b/120_kubernetes/cilium/agents.drawio.svg
@@ -0,0 +1,81 @@
+<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="301px" height="131px" viewBox="-0.5 -0.5 301 131" content="&lt;mxfile&gt;&lt;diagram id=&quot;xNol6O7zdSbiQs5Yi2Bn&quot; name=&quot;Page-1&quot;&gt;5ZU9b4MwEIZ/DWMlsIGkY0uTdmmXDJ0tcMCq4ZAxgfTX9whHCA2ROkRtpDIg7rk7f7yvkR0e5e2zEWX2ConUDnOT1uFPDmNBGOK7A/seLJZ+D1Kjkh55I9ioT0nQJVqrRFaTQgugrSqnMIaikLGdMGEMNNOyLejprKVI5RnYxEKf03eV2Kyny8Ad+YtUaTbM7LmUycVQTKDKRALNCeIrh0cGwPZfeRtJ3Wk36NL3rS9kjwszsrA/aWB9w07omvb2hmbRMJXdDzs2UBeJ7Jo8hz82mbJyU4q4yzZoMbLM5prSW6V1BBoMxgUUWPRYWQMfcoAO4+vD0xVDYS9xct4LMRYmprCLdtJYhYY8aJUWyCx0a6DNYE62FwXxjjLj8ZSQS2v2WEINSzKGTiYbnGtGnz2fWHbqMSco6Gylx6FH+fGDHJh3g8+6wW7QjXn9R48W13GD+X9ph39mR6y0qvM7/L9x/bfnyhUUv/8meDgjOJsRPLyC3sE/1JsFvyc4huPNcsidXM989QU=&lt;/diagram&gt;&lt;/mxfile&gt;">
+    <defs/>
+    <g>
+        <rect x="0" y="0" width="140" height="130" rx="7.8" ry="7.8" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 7px; margin-left: 1px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Node1
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="70" y="23" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Node1
+                </text>
+            </switch>
+        </g>
+        <rect x="160" y="0" width="140" height="130" rx="9.1" ry="9.1" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 7px; margin-left: 161px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Node2
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="230" y="23" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Node2
+                </text>
+            </switch>
+        </g>
+        <rect x="10" y="60" width="120" height="60" rx="9" ry="9" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 11px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                cilium-agent
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="70" y="95" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    cilium-agent
+                </text>
+            </switch>
+        </g>
+        <rect x="170" y="60" width="120" height="60" rx="9" ry="9" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 171px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                cilium-agent
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="230" y="95" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    cilium-agent
+                </text>
+            </switch>
+        </g>
+    </g>
+    <switch>
+        <g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/>
+        <a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank">
+            <text text-anchor="middle" font-size="10px" x="50%" y="100%">
+                Text is not SVG - cannot display
+            </text>
+        </a>
+    </switch>
+</svg>
\ No newline at end of file
diff --git a/120_kubernetes/cilium/hubble.drawio.svg b/120_kubernetes/cilium/hubble.drawio.svg
new file mode 100644
index 0000000..e697362
--- /dev/null
+++ b/120_kubernetes/cilium/hubble.drawio.svg
@@ -0,0 +1,155 @@
+<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="301px" height="281px" viewBox="-0.5 -0.5 301 281" content="&lt;mxfile&gt;&lt;diagram id=&quot;xNol6O7zdSbiQs5Yi2Bn&quot; name=&quot;Page-1&quot;&gt;7VhLc5swEP41HNPhacixcR69tBcf2hwVUEBTgTyysE1/fVdhxcOITmbs2u6kPni83+6C9vtWi4wTLMv9kyTr4qvIKHd8N9s7wb3j+9FiAd8aaFogTsIWyCXLWsjrgRX7RRF0Ea1ZRjejQCUEV2w9BlNRVTRVI4xIKXbjsFfBx3ddk5xOgFVK+BT9zjJVtGgSuT3+hbK8MHf2XPSUxAQjsClIJnYDKHhwgqUUQrW/yv2Scs2d4aXNe5zxdguTtFLvSfDbhC3hNdb2DcTCy2xUYyqWoq4yqpM8J7jbFUzR1Zqk2rsDiQErVMnR/co4XwouJNiVqCDobqOk+EkN6PjB49tHB4tKzeGovLcAm8gUTW1tqVQMBPnMWV4BpoRew7R6rESH0/0AQjaeqCipkg2EoDdBYbAzfaPcrtfZCxErBhp3iQR7K+8u3dMPP1ABuxqBVQ3/CtWw899rFJ9GDT+8pBzhRI6UcVaXN7C/oaR/TxWYnyeR5fZAlYVFFd+iSjcHj1El+q/KzGaJLinLYiJLUb+8gAqgBpVQxRUqM8OwRYdZ0jvukPTAMqFiC+fRCSiPPyblXV9fgPLbCaU0g6MhmsjSgEMoSTY/wHA/RcZ8HvrudVFuZzXG2jPVpvkRms8DV5+lDZM0r067ar3UP3MOlYlaphiVtJAiMqdqsMunykjKiWLb8dWP4dmc9M9IdHxVRMdnIjqZmSE3+k7NFQ6Qw6dpybJMr87+QD1q0Bwcc0Lb4dP2PI1PMGi86an/nRvAG7b/YDfMbIBT97Jn/pAPmjk519QwZ6ZJN9fsY7fy4dnwb/YymP0LjDff4C1Q8PAb&lt;/diagram&gt;&lt;/mxfile&gt;">
+    <defs/>
+    <g>
+        <rect x="0" y="0" width="140" height="280" rx="8.4" ry="8.4" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 7px; margin-left: 1px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Node1
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="70" y="23" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Node1
+                </text>
+            </switch>
+        </g>
+        <rect x="160" y="0" width="140" height="280" rx="9.8" ry="9.8" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 7px; margin-left: 161px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Node2
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="230" y="23" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Node2
+                </text>
+            </switch>
+        </g>
+        <rect x="10" y="60" width="120" height="100" rx="10" ry="10" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 67px; margin-left: 11px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                cilium-agent
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="70" y="83" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    cilium-agent
+                </text>
+            </switch>
+        </g>
+        <rect x="170" y="60" width="120" height="100" rx="10" ry="10" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 67px; margin-left: 171px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                cilium-agent
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="230" y="83" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    cilium-agent
+                </text>
+            </switch>
+        </g>
+        <rect x="20" y="100" width="70" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 68px; height: 1px; padding-top: 125px; margin-left: 21px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                hubble server
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="55" y="130" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    hubble se...
+                </text>
+            </switch>
+        </g>
+        <rect x="180" y="100" width="70" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 68px; height: 1px; padding-top: 125px; margin-left: 181px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                hubble server
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="215" y="130" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    hubble se...
+                </text>
+            </switch>
+        </g>
+        <path d="M 40 200 L 53.17 156.1" fill="none" stroke="#ffffff" stroke-miterlimit="10" pointer-events="stroke"/>
+        <path d="M 54.68 151.07 L 56.02 158.78 L 53.17 156.1 L 49.31 156.77 Z" fill="#ffffff" stroke="#ffffff" stroke-miterlimit="10" pointer-events="all"/>
+        <path d="M 100 200 L 209.16 152.54" fill="none" stroke="#ffffff" stroke-miterlimit="10" pointer-events="stroke"/>
+        <path d="M 213.97 150.45 L 208.95 156.45 L 209.16 152.54 L 206.16 150.03 Z" fill="#ffffff" stroke="#ffffff" stroke-miterlimit="10" pointer-events="all"/>
+        <rect x="10" y="200" width="120" height="70" rx="7" ry="7" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 235px; margin-left: 11px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                hubble-relay
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="70" y="240" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    hubble-relay
+                </text>
+            </switch>
+        </g>
+        <path d="M 170 235 L 136.37 235" fill="none" stroke="#ffffff" stroke-miterlimit="10" pointer-events="stroke"/>
+        <path d="M 131.12 235 L 138.12 231.5 L 136.37 235 L 138.12 238.5 Z" fill="#ffffff" stroke="#ffffff" stroke-miterlimit="10" pointer-events="all"/>
+        <rect x="170" y="200" width="120" height="70" rx="7" ry="7" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 235px; margin-left: 171px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                hubble-ui
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="230" y="240" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    hubble-ui
+                </text>
+            </switch>
+        </g>
+    </g>
+    <switch>
+        <g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/>
+        <a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank">
+            <text text-anchor="middle" font-size="10px" x="50%" y="100%">
+                Text is not SVG - cannot display
+            </text>
+        </a>
+    </switch>
+</svg>
\ No newline at end of file
diff --git a/120_kubernetes/cilium/hubble.md b/120_kubernetes/cilium/hubble.md
index 391c1b4..4110587 100644
--- a/120_kubernetes/cilium/hubble.md
+++ b/120_kubernetes/cilium/hubble.md
@@ -1,9 +1,23 @@
 ## Hubble
 
+![](120_kubernetes/cilium/hubble.drawio.svg) <!-- .element: style="float: right; width: 50%;" -->
+
 Observability for network flows [](https://docs.cilium.io/en/stable/gettingstarted/hubble/)
 
+Agents include Hubble server
+
+Hubble relay collects flow info from agents
+
 Trace flows on the console using `hubble` CLI
 
-Trace flows in the web UI
+Trace flows in the Hubble (web) UI
+
+Costs up to 15% performance
+
+### Demo [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/cilium/hubble.demo "hubble.demo")
+
+Check flows from previous demos
+
+Check service map
 
-### Demo [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/cilium/hubble.demo "hubble.demo")
\ No newline at end of file
+Filter flows
\ No newline at end of file
diff --git a/120_kubernetes/cilium/monitoring.demo b/120_kubernetes/cilium/monitoring.demo
deleted file mode 100644
index 1730c10..0000000
--- a/120_kubernetes/cilium/monitoring.demo
+++ /dev/null
@@ -1,4 +0,0 @@
-# Cilium Monitoring
-
-# XXX
-#
\ No newline at end of file
diff --git a/120_kubernetes/cilium/monitoring.md b/120_kubernetes/cilium/monitoring.md
index 637759e..e7a4ee3 100644
--- a/120_kubernetes/cilium/monitoring.md
+++ b/120_kubernetes/cilium/monitoring.md
@@ -2,7 +2,9 @@
 
 OpenMetrics are exposed
 
-Several dashboard for Grafana are offers [](https://grafana.com/grafana/dashboards/?search=Cilium)
+Several dashboard for Grafana are offered [](https://grafana.com/grafana/dashboards/?search=Cilium)
+
+Metrics reference [](https://docs.cilium.io/en/stable/observability/metrics/#metrics-reference)
 
 ### Demo [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/cilium/monitoring.demo "monitoring.demo")
 
diff --git a/120_kubernetes/cilium/network_policy.demo b/120_kubernetes/cilium/network_policy.demo
index fe137a8..d1f54f6 100644
--- a/120_kubernetes/cilium/network_policy.demo
+++ b/120_kubernetes/cilium/network_policy.demo
@@ -96,16 +96,26 @@ EOF
 # Check pods and services
 kubectl --namespace test1 get all
 kubectl --namespace test2 get all
+kubectl --namespace test3 get all
 
 # Test IP connectivity between test1 and test2
 TEST1_IP="$(kubectl --namespace test1 get pod web -o json | jq --raw-output '.status.podIP')"
 TEST2_IP="$(kubectl --namespace test2 get pod web -o json | jq --raw-output '.status.podIP')"
+TEST3_IP="$(kubectl --namespace test3 get pod web -o json | jq --raw-output '.status.podIP')"
 kubectl --namespace test1 exec -it web -- curl -s "http://${TEST2_IP}"
+kubectl --namespace test1 exec -it web -- curl -s "http://${TEST3_IP}"
 kubectl --namespace test2 exec -it web -- curl -s "http://${TEST1_IP}"
+kubectl --namespace test2 exec -it web -- curl -s "http://${TEST3_IP}"
+kubectl --namespace test3 exec -it web -- curl -s "http://${TEST1_IP}"
+kubectl --namespace test3 exec -it web -- curl -s "http://${TEST2_IP}"
 
 # Test connectivity using DNS between test1 and test2
 kubectl --namespace test1 exec -it web -- curl -s http://web.test2
+kubectl --namespace test1 exec -it web -- curl -s http://web.test3
 kubectl --namespace test2 exec -it web -- curl -s http://web.test1
+kubectl --namespace test2 exec -it web -- curl -s http://web.test3
+kubectl --namespace test3 exec -it web -- curl -s http://web.test1
+kubectl --namespace test3 exec -it web -- curl -s http://web.test2
 
 # Check correct cilium-agent
 NODE="$(kubectl --namespace test1 get pod web --output json | jq --raw-output '.spec.nodeName')"
@@ -260,7 +270,4 @@ spec:
     - ports:
       - port: "80"
         protocol: TCP
-EOF
-
-# XXX cluster-wide
-#
\ No newline at end of file
+EOF
\ No newline at end of file
diff --git a/120_kubernetes/cilium/network_policy.drawio.svg b/120_kubernetes/cilium/network_policy.drawio.svg
new file mode 100644
index 0000000..5df7ff2
--- /dev/null
+++ b/120_kubernetes/cilium/network_policy.drawio.svg
@@ -0,0 +1,169 @@
+<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="381px" height="421px" viewBox="-0.5 -0.5 381 421" content="&lt;mxfile&gt;&lt;diagram id=&quot;bYERvNNB6rujW1lK567g&quot; name=&quot;Page-1&quot;&gt;7VhNc9owEP01vmZsCRs4JpC0l3Yyw6HJUbWFramwqCyw3V9fCUv+kpkQSoFM4MBon3bl1b7n9UgOnK2KLxytk28swtQBblQ4cO4AEIyA/FdAqQHfr4CYk6iCvAZYkD9Yg65GNyTCWcdRMEYFWXfBkKUpDkUHQ5yzvOu2ZLT71DWKsQUsQkRt9AeJRFKhE99t8K+YxIl5sufqmRUyzhrIEhSxvAXBRwfOOGOiGq2KGaaqdqYuVdzTntk6MY5TcUjAqArYIrrRe/uOVjhboxA7KjT4vVGpPAicCa8xdfKiNBXhbJNGWC3qyek8IQIvdovAeS4lILFErKieXhJKZ4wyLu2UpdLpIROc/cIGdAB82v2UM0vFPlwrwwukjXiozbG0tpgLIgm7pyROJSaYyiFCWVInqXcuHXGxt3pezYnUMmYrLHgpXXQA1CxqGU+0mTea8AKNJW09GEekdRjXKzdUyYFma5g5YDH3zKIOZzn+edWMnYAAv0uABwYYAAMM+CcgAFoELLbhZydgekYC/Hf0LnDVRFyid/WpO2vzCm7NSzIwvmD3Gt+61wAD52xfk3e0L3jVTFyifXmjLnVw6OX5b/1reutfrfIaCoIzvj3mKPi5G1ifghE8JwWeRYFVZXm+XavhkuLiXp285b5xGunhPKQoy0i4KyfiwobbHPTKt6/M+4mRReXliwRdY7wq427sG3tetGfnpbEKIl50GmrcDpNmE6UME1TVAkfWVUKPXFkvtuGh9tIHclmNGBuuhiXQptgdanQG5JgiQbbdNIaI1894ZkQm2Ghs4nc0ZmmnSl9Hte8aegsB/42Fqk1bC+10WG/8MGnap+OPIs074LfV6R0ozZYcX9tqPKE0J1cnzfoazXyB3GOlOX1joRNK0743+DDSHB8pTXABaY4uLM3e0QLCI6VZS7HsLfzP0pRmc9FcuTe39fDxLw==&lt;/diagram&gt;&lt;/mxfile&gt;">
+    <defs/>
+    <g>
+        <rect x="0" y="0" width="160" height="180" rx="11.2" ry="11.2" fill="none" stroke="#ffffff" stroke-dasharray="3 3" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 7px; margin-left: 1px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Namespace "test1"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="80" y="23" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Namespace "test1"
+                </text>
+            </switch>
+        </g>
+        <rect x="20" y="40" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 65px; margin-left: 21px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Pod "web"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="80" y="70" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Pod "web"
+                </text>
+            </switch>
+        </g>
+        <rect x="20" y="110" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 135px; margin-left: 21px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Svc "web"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="80" y="140" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Svc "web"
+                </text>
+            </switch>
+        </g>
+        <rect x="220" y="0" width="160" height="180" rx="11.2" ry="11.2" fill="none" stroke="#ffffff" stroke-dasharray="3 3" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 7px; margin-left: 221px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Namespace "test2"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="300" y="23" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Namespace "test2"
+                </text>
+            </switch>
+        </g>
+        <rect x="240" y="40" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 65px; margin-left: 241px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Pod "web"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="300" y="70" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Pod "web"
+                </text>
+            </switch>
+        </g>
+        <rect x="240" y="110" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 135px; margin-left: 241px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Svc "web"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="300" y="140" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Svc "web"
+                </text>
+            </switch>
+        </g>
+        <rect x="110" y="240" width="160" height="180" rx="11.2" ry="11.2" fill="none" stroke="#ffffff" stroke-dasharray="3 3" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 247px; margin-left: 111px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Namespace "test3"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="190" y="263" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Namespace "test3"
+                </text>
+            </switch>
+        </g>
+        <rect x="130" y="280" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 305px; margin-left: 131px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Pod "web"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="190" y="310" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Pod "web"
+                </text>
+            </switch>
+        </g>
+        <rect x="130" y="350" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 375px; margin-left: 131px;">
+                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                Svc "web"
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="190" y="380" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
+                    Svc "web"
+                </text>
+            </switch>
+        </g>
+        <path d="M 179.5 140 L 179.5 150.5 L 160.5 135 L 179.5 119.5 L 179.5 130 L 200.5 130 L 200.5 119.5 L 219.5 135 L 200.5 150.5 L 200.5 140 Z" fill="none" stroke="#ffffff" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/>
+        <path d="M 243.19 224.79 L 252.58 229.49 L 230.22 239.55 L 224.86 215.63 L 234.25 220.32 L 246.81 195.21 L 237.42 190.51 L 259.78 180.45 L 265.14 204.37 L 255.75 199.68 Z" fill="none" stroke="#ffffff" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/>
+        <path d="M 145.75 220.32 L 155.14 215.63 L 149.78 239.55 L 127.42 229.49 L 136.81 224.79 L 124.25 199.68 L 114.86 204.37 L 120.22 180.45 L 142.58 190.51 L 133.19 195.21 Z" fill="none" stroke="#ffffff" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/>
+    </g>
+    <switch>
+        <g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/>
+        <a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank">
+            <text text-anchor="middle" font-size="10px" x="50%" y="100%">
+                Text is not SVG - cannot display
+            </text>
+        </a>
+    </switch>
+</svg>
\ No newline at end of file
diff --git a/120_kubernetes/cilium/network_policy.md b/120_kubernetes/cilium/network_policy.md
index 56550c9..03b6874 100644
--- a/120_kubernetes/cilium/network_policy.md
+++ b/120_kubernetes/cilium/network_policy.md
@@ -12,4 +12,28 @@ Deny policies [](https://docs.cilium.io/en/stable/security/policy/language/#deny
 
 Host policies [](https://docs.cilium.io/en/stable/security/policy/language/#host-policies)
 
-### Demo [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/cilium/network_policy.demo "network_policy.demo")
\ No newline at end of file
+---
+
+### Demo [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/cilium/network_policy.demo "network_policy.demo")
+
+![](120_kubernetes/cilium/network_policy.drawio.svg) <!-- .element: style="float: right; width: 50%;" -->
+
+Check endpoints in cilium agent
+
+Check dropped packets
+
+### Egress
+
+Allow DNS from `test1`
+
+Allow HTTP from `test1` to `test2`
+
+### Ingress
+
+Allow HTTP from `test2` to `test3`
+
+Filter based on HTTP info
+
+### Other
+
+Filter DNS requests
\ No newline at end of file
diff --git a/120_kubernetes/cilium/slides.md b/120_kubernetes/cilium/slides.md
index 52ad8e7..1e14616 100644
--- a/120_kubernetes/cilium/slides.md
+++ b/120_kubernetes/cilium/slides.md
@@ -1,21 +1,37 @@
 ## Cilium
 
-CNI plugin
+![](images/cilium.svg) <!-- .element: style="float: right; width: 25%;" -->
 
-Based on eBPF [](https://ebpf.io/)
+CNI plugin based on eBPF [](https://ebpf.io/)
 
 CNCF incubation project [](https://www.cncf.io/projects/cilium/)
 
-### Features
-
-Ingress Controller (using Envoy [](https://www.envoyproxy.io/))
+### Additional Features
 
 Network Policy
 
 kube-proxy replacement
 
-Hubble for observability
+Hubble for visibility
+
+Metrics for observability
 
 Multi-cluster connectivity
 
-Service Mesh
\ No newline at end of file
+Service Mesh
+
+CNI chaining for policy features on top of other CNI plugins, e.g. AWS VPC CNI
+
+---
+
+## Cilium Internals
+
+![](120_kubernetes/cilium/agents.drawio.svg) <!-- .element: style="float: right; width: 45%;" -->
+
+Cilium agent manages the network
+
+All pods are an endpoint
+
+Endpoints are assigned an identity
+
+Identities have labels to describe them
\ No newline at end of file
diff --git a/120_kubernetes/dns/slides.md b/120_kubernetes/dns/slides.md
index 4159e81..36bb17d 100644
--- a/120_kubernetes/dns/slides.md
+++ b/120_kubernetes/dns/slides.md
@@ -14,12 +14,6 @@ Add DNS server for custom domains [](https://coredns.io/2017/05/08/custom-dns-en
 
 ---
 
-## Demo
-
-XXX https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
-
----
-
 ## Services Internals 1/
 
 Services hide infrastructure
diff --git a/120_kubernetes/network/overlay.md b/120_kubernetes/network/overlay.md
index 32f35ca..562f56b 100644
--- a/120_kubernetes/network/overlay.md
+++ b/120_kubernetes/network/overlay.md
@@ -16,4 +16,8 @@ Host uses source network address translation (SNAT)
 
 Source IP is replaced by host IP
 
-New source port is selected for mapping to pod
\ No newline at end of file
+New source port is selected for mapping to pod
+
+Mapping table for connections is maintained
+
+Response packets are translated back
\ No newline at end of file
diff --git a/120_kubernetes/network_policy/network_policy.demo b/120_kubernetes/network_policy/network_policy.demo
index 8682a88..2eabf2e 100644
--- a/120_kubernetes/network_policy/network_policy.demo
+++ b/120_kubernetes/network_policy/network_policy.demo
@@ -78,19 +78,30 @@ kubectl --namespace test2 exec -it web -- curl -s "http://${TEST1_IP}"
 kubectl --namespace test1 exec -it web -- curl -s http://web.test2
 kubectl --namespace test2 exec -it web -- curl -s http://web.test1
 
-# Create network policy
+# Create deny network policy
 cat <<EOF | kubectl apply -f -
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: test1-deny-ingress
+  name: test1-deny
   namespace: test1
 spec:
   podSelector: {}
   policyTypes:
   - Egress
   - Ingress
----
+EOF
+
+# Test connectivity between test1 and test2
+TEST1_IP="$(kubectl --namespace test1 get pod web -o json | jq --raw-output '.status.podIP')"
+TEST2_IP="$(kubectl --namespace test2 get pod web -o json | jq --raw-output '.status.podIP')"
+kubectl --namespace test1 exec -it web -- curl -s "http://${TEST2_IP}"
+kubectl --namespace test2 exec -it web -- curl -s "http://${TEST1_IP}"
+kubectl --namespace test1 exec -it web -- curl -s http://web.test2
+kubectl --namespace test2 exec -it web -- curl -s http://web.test1
+
+# Create bi-directional allow network policy
+cat <<EOF | kubectl apply -f -
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -157,6 +168,9 @@ kubectl --namespace test2 exec -it web -- curl -s "http://${TEST1_IP}"
 kubectl --namespace test1 exec -it web -- curl -s http://web.test2
 kubectl --namespace test2 exec -it web -- curl -s http://web.test1
 
+# Test connectivity to k8s API
+kubectl --namespace test1 exec -it web -- bash -c 'curl -sv https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}'
+
 # Allow Kubernetes API
 cat <<EOF | kubectl apply -f -
 apiVersion: networking.k8s.io/v1
@@ -176,5 +190,5 @@ spec:
       port: 6443
 EOF
 
-# Test connectivity between test1 and test2
+# Test connectivity to k8s API
 kubectl --namespace test1 exec -it web -- bash -c 'curl -sv https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}'
\ No newline at end of file
diff --git a/120_kubernetes/network_policy/network_policy.drawio.svg b/120_kubernetes/network_policy/network_policy.drawio.svg
index 5df7ff2..e4a5015 100644
--- a/120_kubernetes/network_policy/network_policy.drawio.svg
+++ b/120_kubernetes/network_policy/network_policy.drawio.svg
@@ -1,4 +1,4 @@
-<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="381px" height="421px" viewBox="-0.5 -0.5 381 421" content="&lt;mxfile&gt;&lt;diagram id=&quot;bYERvNNB6rujW1lK567g&quot; name=&quot;Page-1&quot;&gt;7VhNc9owEP01vmZsCRs4JpC0l3Yyw6HJUbWFramwqCyw3V9fCUv+kpkQSoFM4MBon3bl1b7n9UgOnK2KLxytk28swtQBblQ4cO4AEIyA/FdAqQHfr4CYk6iCvAZYkD9Yg65GNyTCWcdRMEYFWXfBkKUpDkUHQ5yzvOu2ZLT71DWKsQUsQkRt9AeJRFKhE99t8K+YxIl5sufqmRUyzhrIEhSxvAXBRwfOOGOiGq2KGaaqdqYuVdzTntk6MY5TcUjAqArYIrrRe/uOVjhboxA7KjT4vVGpPAicCa8xdfKiNBXhbJNGWC3qyek8IQIvdovAeS4lILFErKieXhJKZ4wyLu2UpdLpIROc/cIGdAB82v2UM0vFPlwrwwukjXiozbG0tpgLIgm7pyROJSaYyiFCWVInqXcuHXGxt3pezYnUMmYrLHgpXXQA1CxqGU+0mTea8AKNJW09GEekdRjXKzdUyYFma5g5YDH3zKIOZzn+edWMnYAAv0uABwYYAAMM+CcgAFoELLbhZydgekYC/Hf0LnDVRFyid/WpO2vzCm7NSzIwvmD3Gt+61wAD52xfk3e0L3jVTFyifXmjLnVw6OX5b/1reutfrfIaCoIzvj3mKPi5G1ifghE8JwWeRYFVZXm+XavhkuLiXp285b5xGunhPKQoy0i4KyfiwobbHPTKt6/M+4mRReXliwRdY7wq427sG3tetGfnpbEKIl50GmrcDpNmE6UME1TVAkfWVUKPXFkvtuGh9tIHclmNGBuuhiXQptgdanQG5JgiQbbdNIaI1894ZkQm2Ghs4nc0ZmmnSl9Hte8aegsB/42Fqk1bC+10WG/8MGnap+OPIs074LfV6R0ozZYcX9tqPKE0J1cnzfoazXyB3GOlOX1joRNK0743+DDSHB8pTXABaY4uLM3e0QLCI6VZS7HsLfzP0pRmc9FcuTe39fDxLw==&lt;/diagram&gt;&lt;/mxfile&gt;">
+<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="381px" height="181px" viewBox="-0.5 -0.5 381 181" content="&lt;mxfile&gt;&lt;diagram id=&quot;bYERvNNB6rujW1lK567g&quot; name=&quot;Page-1&quot;&gt;7ZdNb9swDIZ/ja+DP2YnO7Zx2102FMhh3VGzGFuYbGWyEjv79ZNiKrYiB92AIi2w5hCIr0h98CEIOUhWdf8gybb6IijwIA5pHyR5EMdplul/IxwGYbH8OAilZHSQolFYs9+AYojqjlFoHUclBFds64qFaBoolKMRKUXnum0Ed3fdkhI8YV0Q7qvfGFXVoC7TcNQ/Aysru3MU4kxNrDMKbUWo6CZSchckKymEGkZ1vwJucmfzMsTdX5g9HUxCo/4mAPO+J3yHd/tKami3pIDAhGa/duYotwpaFY0mHl4dbEak2DUUzKKRnu4qpmB9XCTJO10CWqtUzXF6wzhfCS6kthvRaKfbVknxE6wYxMn98WecRaMu6VgZUaZtIgs0F9rag1RMA7vhrGy0poQ5AyVtdTqknyrMnomFfiJh6h5A1KDkQbvgbIIUsYyXaHZjTUQZatW0HqwjwTosTyuPqPQAac2Tiz1yj4I6zDr48aaJvQCA1AUQxTME4hkC6QsASDwA633xvwP4dEUA6T/0rvhNg3iN3nWO7qrNK3tvXprA4hW71+K9e80QuGb7iiIPgZdl/TzcmuGGQ39jHq763tBQHOYFJ23LimM6iVS+PGVwlr5Lab4MRudZHp60GFrjuzE+LFJr5/10Nj9Yq2fqCY9hxtMwbY5RxrBBF/G2YicLcJ6v+vIlWDSDBNR5wvslMEUczvU5K0rgRLG9+/SfA497PAqmT3yqsWiZOjXm1c5wH4yaPtXPForTZxYasuAtdKzD08XnSlOb4xfH4D5+tiV3fwA=&lt;/diagram&gt;&lt;/mxfile&gt;">
     <defs/>
     <g>
         <rect x="0" y="0" width="160" height="180" rx="11.2" ry="11.2" fill="none" stroke="#ffffff" stroke-dasharray="3 3" pointer-events="all"/>
@@ -103,60 +103,7 @@
                 </text>
             </switch>
         </g>
-        <rect x="110" y="240" width="160" height="180" rx="11.2" ry="11.2" fill="none" stroke="#ffffff" stroke-dasharray="3 3" pointer-events="all"/>
-        <g transform="translate(-0.5 -0.5)">
-            <switch>
-                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
-                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 247px; margin-left: 111px;">
-                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
-                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
-                                Namespace "test3"
-                            </div>
-                        </div>
-                    </div>
-                </foreignObject>
-                <text x="190" y="263" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
-                    Namespace "test3"
-                </text>
-            </switch>
-        </g>
-        <rect x="130" y="280" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
-        <g transform="translate(-0.5 -0.5)">
-            <switch>
-                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
-                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 305px; margin-left: 131px;">
-                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
-                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
-                                Pod "web"
-                            </div>
-                        </div>
-                    </div>
-                </foreignObject>
-                <text x="190" y="310" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
-                    Pod "web"
-                </text>
-            </switch>
-        </g>
-        <rect x="130" y="350" width="120" height="50" rx="7.5" ry="7.5" fill="none" stroke="#ffffff" pointer-events="all"/>
-        <g transform="translate(-0.5 -0.5)">
-            <switch>
-                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
-                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 375px; margin-left: 131px;">
-                        <div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: center;">
-                            <div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
-                                Svc "web"
-                            </div>
-                        </div>
-                    </div>
-                </foreignObject>
-                <text x="190" y="380" fill="#FFFFFF" font-family="Helvetica" font-size="16px" text-anchor="middle">
-                    Svc "web"
-                </text>
-            </switch>
-        </g>
         <path d="M 179.5 140 L 179.5 150.5 L 160.5 135 L 179.5 119.5 L 179.5 130 L 200.5 130 L 200.5 119.5 L 219.5 135 L 200.5 150.5 L 200.5 140 Z" fill="none" stroke="#ffffff" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 243.19 224.79 L 252.58 229.49 L 230.22 239.55 L 224.86 215.63 L 234.25 220.32 L 246.81 195.21 L 237.42 190.51 L 259.78 180.45 L 265.14 204.37 L 255.75 199.68 Z" fill="none" stroke="#ffffff" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 145.75 220.32 L 155.14 215.63 L 149.78 239.55 L 127.42 229.49 L 136.81 224.79 L 124.25 199.68 L 114.86 204.37 L 120.22 180.45 L 142.58 190.51 L 133.19 195.21 Z" fill="none" stroke="#ffffff" stroke-linejoin="round" stroke-miterlimit="10" pointer-events="all"/>
     </g>
     <switch>
         <g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/>
diff --git a/120_kubernetes/network_policy/slides.md b/120_kubernetes/network_policy/slides.md
index c2a8d63..78b11bb 100644
--- a/120_kubernetes/network_policy/slides.md
+++ b/120_kubernetes/network_policy/slides.md
@@ -6,13 +6,13 @@ Must be implemented by CNI plugin
 
 ### Resource `NetworkPolicy`
 
-Allow all trafic without policies
+Allow all traffic without policies
 
 Deny by default when a policy exists
 
 Policies only allow traffic
 
-Supports layer 3 and 4
+Supports layer 3 and layer 4
 
 There is an editor [](https://editor.networkpolicy.io)
 
@@ -60,6 +60,12 @@ Based on eBPF [](https://ebpf.io/) with extended network policies [](https://doc
 
 ![](120_kubernetes/network_policy/network_policy.drawio.svg) <!-- .element: style="float: right; width: 50%;" -->
 
-Filter connections between them
+Filter connections between pods
 
-XXX
\ No newline at end of file
+### Egress
+
+Control HTTP from `test1` to `test2`
+
+Requires DNS to work
+
+Enable access to Kubernetes API
\ No newline at end of file
diff --git a/2023-05-03_heise-Webinar-KubernetesNetworkPolicies.html b/2023-05-03_heise-Webinar-KubernetesNetworkPolicies.html
index 2c0689b..8488864 100644
--- a/2023-05-03_heise-Webinar-KubernetesNetworkPolicies.html
+++ b/2023-05-03_heise-Webinar-KubernetesNetworkPolicies.html
@@ -85,6 +85,8 @@
 
 Isolate team resources
 
+Understand communication
+
 Prevent apps from calling home
 </textarea></section>
 
@@ -127,8 +129,21 @@
 - <span class="fa-li"><i class="fa-duotone fa-monitor-waveform"></i></span> No audit to understand network traffic
 - <span class="fa-li"><i class="fa-duotone fa-shield-check"></i></span> Network policies allow traffic explicitly
 - <span class="fa-li"><img src="images/cilium.svg" style="height: 1em; width: 1em; object-fit: cover; object-position: left top;" /></span> Cilium provides valuable features
+- <span class="fa-li"><i class="fa-duotone fa-rocket"></i></span> eBPF enables fast, low-overhead CNI plugin
+- <span class="fa-li"><i class="fa-duotone fa-chart-network"></i></span> Cross-node flow visualization with Hubble
+- <span class="fa-li"><i class="fa-duotone fa-magnifying-glass"></i></span> Integrated observability
 
 <!-- .element: class="fa-ul" -->
+
+Cilium Performance Benchmark [](https://docs.cilium.io/en/stable/operations/performance/benchmark/)
+</textarea></section>
+
+<section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
+## More topics
+
+Bandwidth management [](https://docs.cilium.io/en/stable/network/kubernetes/bandwidth-manager/)
+
+Tuning: eBPF-based host routing [](https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing)
 </textarea></section>
 
 </div>