Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Beyond the buzzword: BPF's unexpected role in Kubernetes

Andy Randall
November 19, 2020
Technology
1
790

Beyond the buzzword: BPF's unexpected role in Kubernetes

Presented jointly with Alban Crequy, Kinvolk co-founder and director of Kinvolk Labs, at KubeCon NA 2020.

Increasingly, cloud native tools are leveraging the Linux kernel’s Berkeley Packet Filter (BPF) capabilities for a range of applications, such as networking, security, observability, and troubleshooting. In recent Linux kernel releases, BPF has been significantly enhanced, resulting in this proliferation of BPF-powered cloud native projects. In this talk, we will go beyond the BPF buzzword, review the latest relevant developments in the Linux kernel and the rich ecosystem of cloud native tooling built on it. With live demos we will show how easy it is to deploy these BPF-based tools into your Kubernetes cluster, gaining greater visibility and control at the pod level of granularity.

Andy Randall

November 19, 2020
Tweet

More Decks by Andy Randall

See All by Andy Randall
56 dog years as a cloud native
ahrkrak
0
40
Hitching a ride on a flatcar: a community project update
ahrkrak
0
57
Business of Open Source: Oxymoron or Opportunity?
ahrkrak
0
9
Taking the Work out of Network Policy
ahrkrak
0
19
Unmask the ghouls that lurk in your cluster
ahrkrak
0
31
Software Circus Meetup: How to replace your engines mid-flight while maintaining a steady cruising altitude, or: how I learned to stop worrying and love Flatcar Container Linux
ahrkrak
0
76
CoreOS Through the Looking Glass - Software Circus 2020
ahrkrak
0
52
Enabling Multi-cloud across AWS & Packet with Kubernetes - Container Days 2019
ahrkrak
0
84
A DevSecOps Approach to Zero Trust Network Security - Container Days Hamburg 2018
ahrkrak
0
37

Other Decks in Technology

See All in Technology
フルComposeでTVアプリを作った話
sasakitomohiro
0
260
Hunting for macOS attack techniques. Part 1 – Initial Access, Execution, Credential Access, Persistence
heirhabarov
1
500
ジェネレーティブAI実践入門/20230524
yoshidashingo
5
2.6k
Mirror mirror... what am I typing next?
spinscale
0
150
Vault Secrets Operator と Dynamic Secrets で安全にシークレットを使おう / Vault Secrets Operator and Dynamic Secrets
nnstt1
2
290
Profiling a Java Application @DevDays 2023
victorrentea
1
560
20230525_経営者・マーケティング担当必見!ChatGPTがもたらすマーケティング革命(45min版)_v1.02_共有用・後半パート.pdf
doradora09
0
160
Vision.framework - 商品画像からのテキスト検出と並列化実装への試み
hcrane
0
200
Enabling Developers in a Multi-Cloud World :: GOTO Aarhus 2023
salaboy
0
130
Security-JAWS#29 AWS Summit Tokyo 2023 オンデマンド配信を楽しむためのセキュリティ関連トピックご紹介
kthrtty
1
220
株式会社オプティム_採用会社紹介資料 / optim-recruit
optim
0
9.5k
Google I/O 2023で話されたWeb MLの話を紹介したい! / IoTLT vol.99
you
0
110

Featured

See All Featured
The World Runs on Bad Software
bkeepers
PRO
59
5.9k
Rails Girls Zürich Keynote
gr2m
89
12k
The Mythical Team-Month
searls
211
41k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
1.4k
What the flash - Photography Introduction
edds
64
10k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.1k
[RailsConf 2023] Rails as a piece of cake
palkan
6
1.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
8.3k
KATA
mclloyd
13
10k
Visualization
eitanlees
130
12k
Web development in the modern age
philhawksworth
197
9.7k

Transcript

  1. Beyond the Buzzword:
    BPF’s unexpected role in
    Kubernetes
    November 19, 2020
    Andrew Randall
    Alban Crequy

    View Slide

  2. What is (e)BPF?
    custom programs
    that run in the
    Linux kernel
    hooks and data
    structures (maps)
    restricted virtual
    machine sandbox +
    code verifier
    (extended) Berkeley Packet Filter

    View Slide

  3. Why do you care?
    fast,
    customizable
    networking
    debugging /
    performance
    analysis
    application
    monitoring &
    security

    View Slide

  4. Evolution of (e)BPF
    2.1.75
    first BPF
    support
    Dec
    1997
    3.15 new JIT
    compiler →
    eBPF
    Jun
    2014
    IO Visor
    project
    established
    Aug
    2015
    4.8 eXpress
    Data Path
    (XDP)
    Oct
    2016
    4.11 BPF
    datastructures
    for improved
    packet
    filtering
    May
    2017
    May
    2018
    Katran
    announced
    by Facebook
    Nov
    2017
    4.14 fast intra-
    host networks
    (sockmap)
    4.18 bpf filter
    by cgroups
    (containers)
    Aug
    2018
    Aug
    2020
    5.8
    BPF ring
    buffers

    View Slide

  5. An eBPF OSS Landscape
    Low-level
    tools
    Security &
    Networking
    Visibility
    bcc bpftrace
    cilium falco
    katran
    llvm
    API Libraries
    gobpf ebpf libbpf libbpf-rs red-bpf
    calico polycube
    skydive hubble
    weave
    scope
    kubectl-
    trace
    kubectl-
    gadget
    kernel tools
    e.g. bpftool
    tcptracer-bpf
    Other
    ply
    pyebpf

    View Slide

  6. Hubble

    View Slide

  7. Hubble

    View Slide

  8. Weave Scope

    View Slide

  9. IOvisor BPF Compiler Collection (bcc)

    View Slide

  10. bpftrace

    View Slide

  11. View Slide

  12. Enter: Inspektor Gadget
    a “swiss army knife”
    collection of various
    bpf tools (gadgets)
    some from bcc + some new ones
    developed by
    kinvolk

    View Slide

  13. What do we need for Kubernetes?
    granularity:
    “pod, not pid”
    aggregation by label
    selectors
    kubectl-like
    experience

    View Slide

  14. K8s integration
    My laptop
    $ kubectl gadget...
    kubectl-gadget
    Kubernetes Control Plane
    (API Server, scheduler, ...)
    exec client plugin
    worker node
    “gadget” pod
    exec traceloop & bcc
    kernel
    Install
    BPF program
    Deploy
    gadget pods
    Kubernetes cluster
    Create DaemonSet
    kubectl-exec

    View Slide

  15. Gadgets available today
    profile
    network policy
    advisor
    traceloop
    tcptop
    tcptracer
    opensnoop
    execsnoop
    bindsnoop
    capabilities
    kubectl-gadget

    View Slide

  16. Demo
    kubectl
    demo

    View Slide

  17. View Slide