/ From PIDs to Pods: our journey to connect eBPF and Kubernetes

Description

eBPF allows to safely attach small programs in the Linux Kernel and inspect the runtime memory of the Kernel and userspace programs at runtime. This opens a wide range of possibilities for observability applications. However, the low-level approach of eBPF often difficults matching the inspected data with high-level concepts, such as the entities in your Kubernetes cluster. This talk describes our journey to make Kubernetes a first-class citizen in Grafana Beyla, an eBPF-based instrumentation tool that can run as a simple operating-system process but lets its users to keep talking about Pods, Deployments and Services. From a hacker perspective, we will describe how we did to match the low-level abstractions from eBPF with the high-level Kubernetes information, in order to provide a unified experience by fuzzing the barriers between application, platform and infrastructure.

Session 🗣 Introductory and overview ⭐ Track: DevOps, Kubernetes & Cloud (VMs, Docker, Security, ...)