Since the Linux kernel 4.x series, a lot of enhancements have reached the mainline of the extended Berkeley Packet Filter (eBPF) ecosystem, giving users the capability to do a lot more than just network stuff. But understanding the eBPF ecosystem can be hard.
Lorenzo Fontana and David Calavera offer an initial overview of eBPF programs and explain how to hook them to programs running inside Kubernetes clusters in order to answer targeted questions at the cluster level about very specific, fine-grained situations: Has that function in my program been called? For a given function, which arguments have been passed to it? What it did return? Which TCP packets are being retransmitted? Which queries are running slow? What are the insights on programming language events/GC? Has that file been opened?
Lorenzo Fontana is an open source software engineer at Sysdig, where he primarily works on Falco, a Cloud Native Computing Foundation (CNCF) project that does container runtime security and anomaly detection. He’s passionate about distributed systems, software-defined networking, the Linux kernel, and performance analysis. He’s the maintainer of the IO Visors Project’s kubectl-trace.
David Calavera is the CTO of Netlify, where he and his team are building the best platform for deploying and automating modern web projects. Previously, he was a core member of the Docker Engine project, where he helped developers build the container engine that started the container revolution. David also built enterprise tools for GitHub and has contributed to numerous open source projects such us Go, JRuby, and many others.
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org