Instead of relying on static counters and gauges exposed by the operating system, eBPF enables the collection & in-kernel aggregation of custom metrics and generation of visibility events based on a wide range of possible sources.
- Pixie, Kubernetes observability for developers, auto-instrumented, scriptable.
- Coroot, Kubernetes Observability, implements service maps using eBPF.
- Parca, Continuous Profiling
- ebpf_exporter, Prometheus exporter for custom eBPF metrics
- Cilium, network connectivity security and observability
- Tracee, Runtime Security and Forensics
- Falco, Kubernetes threat detection engine. Use case example: Package dependency scanning with GitLab Package Hunter
- Inspektor Gadget, A collection of eBPF-based gadgets to debug and inspect Kubernetes apps and resources
- BumbleBee, build, run and distribute eBPF programs using OCI images.
- The Power of eBPF for Cloud Native Systems is a comprehensive deep-dive into cloud-native, IoT and Edge computing, and ideas how to monetize eBPF. Suggest watching Hello eBPF! Goodbye Sidecars by Liz Rice as additional learning insight, and dive into eBPF and its capabilities.
- Learn how eBPF can help minimize "observability tax"
- eBPF: Why now, introduction and deep dive
- eBPF report by Liz Rice
Books and blog posts¶
- Learning eBPF by Liz Rice, will be published in June 2023.
- BPF Performance Tools (Book)
- How we diagnosed and resolved Redis latency spikes with BPF and other tools is a thorough learning walkthrough from a problem, analysis, attempts, to final solutions.
- Learning eBPF Tracing: Tutorials and Examples (2019) recommended
- bcc (BPF Compiler Collection)´
- libbpf-bootstrap: Examples that provide different use cases, for example traffic monitoring using XDP, written in Rust.
- An eBPF tutorial to try out the bpftrace framework
- The art of writing eBPF programs: a primer.
- cilium/ebpf-go (Go) - Use case examples
- aquasecurity/libbpfgo (Go)
- libbpf (C/C++)
- libbpf-rs (Rust)
- redbpf (Rust)
- aya-rs (Rust)
- Used by the Parca Agent to rewrite the in-Kernel C code in Rust for better memory safety. (PR, KubeCon EU recording, slides))
- eBPF Summit 2022 summary in the opsindev.news newsletter
- eBPF day at KubeCon EU 2022, summary in the opsindev.news newsletter
- 54. #EveryoneCanContribute Cafe: Pixie for Kubernetes Observability
- 52. #EveryoneCanContribute Cafe: Learned at KubeCon EU, feat. Cilium Tetragon first try
- 49. #EveryoneCanContribute Cafe: Aqua Security and Open Source
- 42. #EveryoneCanContribute cafe: Falco and GitLab Package Hunter
- 32. #EveryoneCanContribute cafe: Continuous Profiling with Polar Signals