Since the Linux kernel 4.x series, a lot of enhancements have reached the mainline of the extended Berkeley Packet Filter (eBPF) ecosystem, giving you the capability to do a lot more than just network stuff. But the eBPF ecosystem can be hard to wrap your mind around.
Lorenzo Fontana offers an initial understanding of what eBPF programs are and explains how to hook them to programs running inside Kubernetes clusters in order to answer targeted questions at the cluster level about very specific, fine-grained situations: Has that function in my program been called? For a given function, which arguments have been passed to it? What it did return? Which TCP packets are being retransmitted? Which queries are running slow? What are the insights on programming language events/GC? Has that file been opened?
Lorenzo Fontana is an open source software engineer at Sysdig, where he primarily works on Falco, a Cloud Native Computing Foundation (CNCF) project that does container runtime security and anomaly detection. He’s passionate about distributed systems, software-defined networking, the Linux kernel, and performance analysis. He’s the maintainer of the IO Visors Project’s kubectl-trace.
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com