eBPF is a powerful platform for building cloud native observability, networking, and security tools that allow for collecting performance and behavioral insights from across an entire system, relating observed data to Kubernetes objects, and reliably instrumenting workloads without making any changes to apps or configurations.
- eBPF allows for dynamically running custom programs in the kernel
- eBPF programs can be attached to events in the kernel, such as network packets arriving or user space applications making system calls
- eBPF-based tools enable cloud native observability, networking, and security
- eBPF-based tools do not require changes to application code and provide instant insight and control over cloud native applications running in the cluster
- eBPF is being created on Windows, extending its powerful tooling capability from Linux to Windows
The speaker provided a live-coding demo of a basic eBPF program that traced out 'Hello KCD Chennai' whenever triggered by the system call 'exec ve'.