Skip to content

eBPF

Overview

Instead of relying on static counters and gauges exposed by the operating system, eBPF enables the collection & in-kernel aggregation of custom metrics and generation of visibility events based on a wide range of possible sources.

Projects

Observability

  • Pixie, Kubernetes observability for developers, auto-instrumented, scriptable.
  • Coroot, Kubernetes Observability, implements service maps using eBPF.
  • Parca, Continuous Profiling
  • ebpf_exporter, Prometheus exporter for custom eBPF metrics
  • OpenTelemetry eBPF Collectors, low level kernel telemetry data on a host Kernel, from the cloud or within a Kubernetes cluster.

Security

Security PoCs:

  • Boopkit, Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access.

SRE/DevOps

  • Inspektor Gadget, A collection of eBPF-based gadgets to debug and inspect Kubernetes apps and resources
  • Caretta, instant Kubernetes service dependency map in Grafana, using VictoriaMetrics as backend.
  • BumbleBee, build, run and distribute eBPF programs using OCI images.
  • q, surface linux networking metrics with eBPF by Kris Nova.

Hot Topics

Learning Resources

Newsletters

Books and blog posts

Development

CO-RE (Compile Once, Run Everywhere)

Debugging Tips

eBPF Libraries

Platforms

Events

Meetups