Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Beyond the buzzword: BPF's unexpected role in Kubernetes

Andy Randall
November 19, 2020

Beyond the buzzword: BPF's unexpected role in Kubernetes

Presented jointly with Alban Crequy, Kinvolk co-founder and director of Kinvolk Labs, at KubeCon NA 2020.

Increasingly, cloud native tools are leveraging the Linux kernel’s Berkeley Packet Filter (BPF) capabilities for a range of applications, such as networking, security, observability, and troubleshooting. In recent Linux kernel releases, BPF has been significantly enhanced, resulting in this proliferation of BPF-powered cloud native projects. In this talk, we will go beyond the BPF buzzword, review the latest relevant developments in the Linux kernel and the rich ecosystem of cloud native tooling built on it. With live demos we will show how easy it is to deploy these BPF-based tools into your Kubernetes cluster, gaining greater visibility and control at the pod level of granularity.

Andy Randall

November 19, 2020

More Decks by Andy Randall

Other Decks in Technology


  1. What is (e)BPF? custom programs that run in the Linux

    kernel hooks and data structures (maps) restricted virtual machine sandbox + code verifier (extended) Berkeley Packet Filter
  2. Evolution of (e)BPF 2.1.75 first BPF support Dec 1997 3.15

    new JIT compiler → eBPF Jun 2014 IO Visor project established Aug 2015 4.8 eXpress Data Path (XDP) Oct 2016 4.11 BPF datastructures for improved packet filtering May 2017 May 2018 Katran announced by Facebook Nov 2017 4.14 fast intra- host networks (sockmap) 4.18 bpf filter by cgroups (containers) Aug 2018 Aug 2020 5.8 BPF ring buffers
  3. An eBPF OSS Landscape Low-level tools Security & Networking Visibility

    bcc bpftrace cilium falco katran llvm API Libraries gobpf ebpf libbpf libbpf-rs red-bpf calico polycube skydive hubble weave scope kubectl- trace kubectl- gadget kernel tools e.g. bpftool tcptracer-bpf Other ply pyebpf
  4. Enter: Inspektor Gadget a “swiss army knife” collection of various

    bpf tools (gadgets) some from bcc + some new ones developed by kinvolk
  5. What do we need for Kubernetes? granularity: “pod, not pid”

    aggregation by label selectors kubectl-like experience
  6. K8s integration My laptop $ kubectl gadget... kubectl-gadget Kubernetes Control

    Plane (API Server, scheduler, ...) exec client plugin worker node “gadget” pod exec traceloop & bcc kernel Install BPF program Deploy gadget pods Kubernetes cluster Create DaemonSet kubectl-exec
  7. Gadgets available today profile network policy advisor traceloop tcptop tcptracer

    opensnoop execsnoop bindsnoop capabilities kubectl-gadget