Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Scheduling eBPF on K8S doesn't have to be difficult

Leonardo Di Donato
August 18, 2021
Technology
0
200

Scheduling eBPF on K8S doesn't have to be difficult

Indeed, there's kubectl-trace to help you do it!

The kubectl-trace project is a kubectl plugin that makes our lives easier, allowing us to use BPF programs against our Kubernetes clusters.

You are 5 minutes away from starting scheduling your bpftrace programs (or whatever BPF frontend language) against your clusters.

Join this talk to have some fun tracing the system calls happening on our Kubernetes nodes and pods.

Resources:
- https://github.com/iovisor/kubectl-trace
- https://github.com/iovisor/bpftrace
- https://github.com/iovisor/bcc
- Watch on YT: https://bit.ly/kubectl-trace-ebpf-summit-2021

Ask questions:
- https://twitter.com/leodido
- https://kubernetes.slack.com/messages/kubectl-trace

Leonardo Di Donato

August 18, 2021
Tweet

More Decks by Leonardo Di Donato

See All by Leonardo Di Donato
Coverage for eBPF programs
leodido
1
260
FalcOMG That's Awesome
leodido
0
180
Bypass Falco
leodido
0
130
Falco: runtime security analysis through syscalls
leodido
2
450
Going Beyond CI/CD with Prow
leodido
0
190
Designing a gRPC Interface for Kernel Tracing with eBPF
leodido
0
430
Falco, runtime security analysis through syscalls
leodido
0
190
Cloud Native eBPF Instrumentation
leodido
7
740
Go eBPF superpowers
leodido
0
300

Other Decks in Technology

See All in Technology
NeuralSeek_20230518
tkhresk
0
520
事業とプロダクト間のインターフェース作り
daikisuyama
0
410
AWSに関するOSS活動で得た貢献までの壁を越えるコツ
bun913
0
200
Technologists around the campfire: Social audio as a vector for engineering wisdom
bcantrill
0
270
SWEBOK V3からV4への改訂に見るソフトウェアエンジニアリングの発展とソフトウェア保守・進化
washizaki
0
200
『AWSではじめるクラウドセキュリティ』の裏側を。
ryohatanmonolog
2
170
Scrum Fest Niigata 2023 QAはチームの外から支援するのか?中から支援するのか?
moritamasami
1
180
ジェネレーティブAI実践入門/20230524
yoshidashingo
4
2.3k
[春のDojo祭り'23] データドリブンな時代に求められるプロセスマイニング入門
tkhresk
0
130
Start graceful degradation
line_developers
PRO
3
1k
点群SegmentationのためのTransformerサーベイ
takmin
1
460
Serverless Framework ユーザーが CDK に引っ越しして感じたハードルについて言語化してみる
hassaku63
0
710

Featured

See All Featured
Scaling GitHub
holman
453
140k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
35
9.5k
Atom: Resistance is Futile
akmur
256
24k
Rails Girls Zürich Keynote
gr2m
89
12k
Optimizing for Happiness
mojombo
366
66k
Side Projects
sachag
450
38k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
What the flash - Photography Introduction
edds
64
10k
The Brand Is Dead. Long Live the Brand.
mthomps
48
3.6k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
The Pragmatic Product Professional
lauravandoore
22
3.8k
Unsuck your backbone
ammeep
660
56k

Transcript

  1. Scheduling eBPF on K8S doesn’t have to be
    difficult
    There’s kubectl-trace to help you!

    Watch here! 📹
    Leonardo Di Donato


    gh:leodido


    @leodido

    View Slide

  2. Tracers
    Leonardo Di Donato


    gh:leodido


    @leodido
    1. bpftrace


    2. bcc


    3. rbspy


    4. more to come…

    View Slide

  3. Leonardo Di Donato


    gh:leodido


    @leodido

    View Slide

  4. Leonardo Di Donato


    gh:leodido


    @leodido
    Demos
    Run a bpftrace program that instruments the caturday binary with an uretprobe on the counterValue function:

    kubectl trace run \


    -
    e 'uretprobe:/proc/$container_pid/exe:"main.counterValue" { printf("%d\n", retval) }' \


    -
    a
    --
    fetch
    -
    headers \


    -
    n caturday pod/caturday-54998fcb5-fsbxk



    Visit the caturday page and check the bpftrace program outputs the same counter value like it does:

    curl
    -
    v 206.189.248.54
    :
    8080/raw


    View Slide

  5. Leonardo Di Donato


    gh:leodido


    @leodido
    Demos
    Run a bpftrace program to trace all the exec() family syscalls happening on a Kubernetes node:

    kubectl trace run
    -
    a \


    -
    e "tracepoint:syscalls:sys_enter_exec
    *
    { printf(\"%-10u %-5d \", elapsed / 1e6, pid); join(args
    ->
    argv); }" \


    node/pool
    -
    dido22h-8hom3
    - -
    fetch
    -
    headers



    Observe the output arguments…

    View Slide

  6. Leonardo Di Donato


    gh:leodido


    @leodido
    Homeworks
    Do the same as before but with BCC tools. Have fun!


    kubectl trace —tracer=bcc …

    View Slide

  7. Thank you!
    Leonardo Di Donato


    gh:leodido


    @leodido
    github.com/iovisor/kubectl-trace


    #kubectl-trace (k8s slack)
    👋

    View Slide