logo
allArticlesConferencesPresentations

Tutorial: Create Your First EBPF Program to Monitor Your System Using Bumblebee

Conference:  CloudOpen 2022

2022-06-23

Authors:   Adam Sayah

Summary

The presentation discusses the use of eBPF programs in cybersecurity and DevOps, specifically in collecting and analyzing metrics for monitoring purposes.
  • eBPF programs can be used to collect valuable data from traffic operating on a system
  • Bumblebee is an example of a service that provides metrics directly on the server once run
  • Prometheus can be used to collect and analyze metrics from various sources, including eBPF programs
  • eBPF programs can be reused and deployed on multiple clusters to collect data from traffic going from a service to another
  • The Book Info demo application is used as an example to demonstrate the deployment of Prometheus to collect metrics
The speaker gives an example of how eBPF programs can be used to monitor communication between services in a company with multiple clusters. By deploying the program on every cluster, data can be collected and analyzed to create a full graph of communication between services. The Book Info demo application is used to demonstrate the deployment of Prometheus to collect metrics.

Abstract

eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. BumbleBee (https://github.com/solo-io/bumblebee) is a new Open Source project which helps to build, run and distribute eBPF programs using OCI images. It allows you to focus on writing eBPF code, while taking care of the user space components - automatically exposing your data as metrics or logs. In this workshop, we're introducing eBPF and the different ways to create eBPF programs. Then, attendees are creating their first eBPF program using BCC and libbpf to have a better understanding of the main concepts. Finally, they are going through several labs to build and deploy an eBPF program with BumbleBee. They also deploy Prometheus and a web application on Kubernetes to display all the communications happening in the Kubernetes cluster.
Materials:
Tags:
eBPF
linux kernel
sandboxed programs
operating system kernel
kernel source code

Post a comment

Related work

Powering Observability with Simple, Sharable, EBPF Programs

Conference:  ContainerCon 2022
Authors: Lin Sun
2022-06-22

Alice in Kernel Land: Lessons Learned From the eBPF Rabbit Hole

Conference:  Black Hat Asia 2023
Authors: Simon Scannell, Valentina Palmiotti, Juan José López Jaimez
2023-05-11

Warping Reality - creating and countering the next generation of Linux rootkits using eBPF

Conference:  Defcon 29
Authors:
2021-08-01

With Friends Like eBPF, Who Needs Enemies?

Conference:  BlackHat USA 2021
Authors:
2021-08-05

eBPF 201: Supercharging Your eBPF Dev Process for Cloud Native Apps

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Sanjeev Rampal, Donald Hunter
2023-04-20

eBPF on the Rise - Getting Started

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Quentin Monnet