Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Scheduling eBPF on K8S doesn't have to be difficult

Scheduling eBPF on K8S doesn't have to be difficult

Indeed, there's kubectl-trace to help you do it!

The kubectl-trace project is a kubectl plugin that makes our lives easier, allowing us to use BPF programs against our Kubernetes clusters.

You are 5 minutes away from starting scheduling your bpftrace programs (or whatever BPF frontend language) against your clusters.

Join this talk to have some fun tracing the system calls happening on our Kubernetes nodes and pods.

- https://github.com/iovisor/kubectl-trace
- https://github.com/iovisor/bpftrace
- https://github.com/iovisor/bcc
- Watch on YT: https://bit.ly/kubectl-trace-ebpf-summit-2021

Ask questions:
- https://twitter.com/leodido
- https://kubernetes.slack.com/messages/kubectl-trace

Leonardo Di Donato

August 18, 2021

More Decks by Leonardo Di Donato

Other Decks in Technology


  1. Scheduling eBPF on K8S doesn’t have to be difficult There’s

    kubectl-trace to help you! 
 Watch here! 📹 Leonardo Di Donato gh:leodido @leodido
  2. Leonardo Di Donato gh:leodido @leodido Demos Run a bpftrace program

    that instruments the caturday binary with an uretprobe on the counterValue function: 
 kubectl trace run \ - e 'uretprobe:/proc/$container_pid/exe:"main.counterValue" { printf("%d\n", retval) }' \ - a -- fetch - headers \ - n caturday pod/caturday-54998fcb5-fsbxk 
 Visit the caturday page and check the bpftrace program outputs the same counter value like it does: 
 curl - v : 8080/raw
  3. Leonardo Di Donato gh:leodido @leodido Demos Run a bpftrace program

    to trace all the exec() family syscalls happening on a Kubernetes node: 
 kubectl trace run - a \ - e "tracepoint:syscalls:sys_enter_exec * { printf(\"%-10u %-5d \", elapsed / 1e6, pid); join(args -> argv); }" \ node/pool - dido22h-8hom3 - - fetch - headers 
 Observe the output arguments… 

  4. Leonardo Di Donato gh:leodido @leodido Homeworks Do the same as

    before but with BCC tools. Have fun! 
 kubectl trace —tracer=bcc …