eBPF

Overview

Instead of relying on static counters and gauges exposed by the operating system, eBPF enables the collection & in-kernel aggregation of custom metrics and generation of visibility events based on a wide range of possible sources.

• ebpf.io
  • Infrastructure including the Linux Kernel, Compilers (LLVM, gcc), Libraries (Go, C/C++, Rust)
  • Applications

Projects

Observability

• Pixie, Kubernetes observability for developers, auto-instrumented, scriptable.
• Coroot, Kubernetes Observability, implements service maps using eBPF.
• Parca, Continuous Profiling
• ebpf_exporter, Prometheus exporter for custom eBPF metrics

Security

• Cilium, network connectivity security and observability
  • Tetragon
• Tracee, Runtime Security and Forensics
• Falco, Kubernetes threat detection engine. Use case example: Package dependency scanning with GitLab Package Hunter

SRE/DevOps

• Inspektor Gadget, A collection of eBPF-based gadgets to debug and inspect Kubernetes apps and resources
• BumbleBee, build, run and distribute eBPF programs using OCI images.

Hot Topics

• The Power of eBPF for Cloud Native Systems is a comprehensive deep-dive into cloud-native, IoT and Edge computing, and ideas how to monetize eBPF. Suggest watching Hello eBPF! Goodbye Sidecars by Liz Rice as additional learning insight, and dive into eBPF and its capabilities.
• Learn how eBPF can help minimize "observability tax"
• eBPF: Why now, introduction and deep dive
• eBPF report by Liz Rice

Learning Resources

Newsletters

• eCHO newsletter
• opsindev.news newsletter

Books and blog posts

• Learning eBPF by Liz Rice, will be published in June 2023.
• BPF Performance Tools (Book)
• How we diagnosed and resolved Redis latency spikes with BPF and other tools is a thorough learning walkthrough from a problem, analysis, attempts, to final solutions.

Development

• Learning eBPF Tracing: Tutorials and Examples (2019) recommended
• bpftrace
• bcc (BPF Compiler Collection)´
• libbpf-bootstrap: Examples that provide different use cases, for example traffic monitoring using XDP, written in Rust.
• An eBPF tutorial to try out the bpftrace framework
• The art of writing eBPF programs: a primer.

eBPF Libraries

• cilium/ebpf-go (Go) - Use case examples
• aquasecurity/libbpfgo (Go)
• libbpf (C/C++)
  • libbpf-rs (Rust)
• redbpf (Rust)
• aya-rs (Rust)
  • Used by the Parca Agent to rewrite the in-Kernel C code in Rust for better memory safety. (PR, KubeCon EU recording, slides))

Platforms

• Get started with eBPF using BumbleBee

Events

• eBPF Summit 2022 summary in the opsindev.news newsletter
• eBPF day at KubeCon EU 2022, summary in the opsindev.news newsletter

Meetups

• 54. #EveryoneCanContribute Cafe: Pixie for Kubernetes Observability
• 52. #EveryoneCanContribute Cafe: Learned at KubeCon EU, feat. Cilium Tetragon first try
• 49. #EveryoneCanContribute Cafe: Aqua Security and Open Source
• 42. #EveryoneCanContribute cafe: Falco and GitLab Package Hunter
• 32. #EveryoneCanContribute cafe: Continuous Profiling with Polar Signals