Cloud Native Superpowers with eBPF

eBPF is a powerful platform for building cloud native observability, networking, and security tools that allow for collecting performance and behavioral insights from across an entire system, relating observed data to Kubernetes objects, and reliably instrumenting workloads without making any changes to apps or configurations.

• eBPF allows for dynamically running custom programs in the kernel
• eBPF programs can be attached to events in the kernel, such as network packets arriving or user space applications making system calls
• eBPF-based tools enable cloud native observability, networking, and security
• eBPF-based tools do not require changes to application code and provide instant insight and control over cloud native applications running in the cluster
• eBPF is being created on Windows, extending its powerful tooling capability from Linux to Windows

The speaker provided a live-coding demo of a basic eBPF program that traced out 'Hello KCD Chennai' whenever triggered by the system call 'exec ve'.

Netflix’s Brendan Gregg coined the term “Superpowers for Linux” to describe eBPF back in 2016. Today there are a whole crop of eBPF-based tools for cloud native observability, networking and security, such as Falco, Pixie and Cilium. What makes eBPF such a powerful platform for building this new generation of tools? This talk uses live-coding & demos from across the cloud native ecosystem to illustrate how eBPF programs can - Collect performance & behavioral insights from across an entire system - Relate observed data to Kubernetes objects - Reliably instrument workloads without making any changes to apps or configurations But eBPF isn't a magic wand. We’ll look at its limitations and potential misconceptions that are emerging from the use of this powerful new technology. Even if you’re not a Linux kernel aficionado you’ll leave this talk with an understanding of how eBPF enables high-performance tools that help you manage, debug and secure applications in the cloud.