The talk discusses the use of eBPF in the cloud native ecosystem, its portability through the CO:RE initiative, and its combination with Go and Kubernetes for observability, security, and performance tuning.
- eBPF allows running programs in kernel space and attaching them to events or hooks for observability, security, and networking
- The CO:RE initiative aims to achieve portability through libbpf, a just-in-time compiler that transforms eBPF bytecode into executable code on the host
- eBPF can be combined with Go and Kubernetes to bridge low-level kernel features to higher-level Kubernetes concepts like Pods
- Real-life examples are shown to help measure and improve performance systematically
The speaker mentions that ebpf was necessary for observability, security, and networking in the kernel, but it used to be difficult to develop for because it required compiling kernel modules for a wide array of architectures and kernels. With ebpf, companies like Cystic were able to adopt it as a technology and supercharge the possibility of hot loading code into the kernel without having to load a kernel module. This is made possible through the CO:RE initiative and libbpf, which transforms ebpf bytecode into executable code on the host.