SlideShare a Scribd company logo

DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observability Upwards and Downwards

Raphaël PINSON
Raphaël PINSON

eBPF (extended Berkeley Packet Filter) is a powerful and versatile technology that can be used to extend observability in Linux systems. In this talk, we will explore how eBPF can be used to bridge the gap between dev and ops by providing a deeper understanding of the kernel and OS internals as well as the applications running on top. We will discuss how eBPF can be used to extend observability downwards by enabling access to low-level system information and how it can be used to extend observability upwards by providing application-level tracing capabilities.

Technology
1 of 42
Download to read offline
Bridging Dev and Ops with eBPF Raphaël Pinson | @raphink | @raphink@mastodon.social Extending Observability Upwards and Downwards Solutions Architect, Isovalent
Dumb Monitoring Observability over the Wall @raphink | @raphink@mastodon.social
Who am I Raphaël Pinson Solutions Architect @ Isovalent | CNCF Ambassador @raphink | @raphink@mastodon.social
⬢ From Dumb to Expertise-Driven Observability Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards ⬢ The Bridge Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
⬢ From Dumb to Expertise-Driven Observability Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards Image: Unsplash / Wolfgang Hasselmann
Privilege-Driven Monitoring With Great Power comes great Responsibility @raphink | @raphink@mastodon.social
Expertise-Driven Responsibility The Ownership Principle @raphink | @raphink@mastodon.social
Platforms, Interfaces & Responsibilities (But DevOps is not dead) @raphink | @raphink@mastodon.social
Observability Ownership Developers ❤ Observability @raphink | @raphink@mastodon.social
Data Collection Services & Application Instrumentation @raphink | @raphink@mastodon.social
⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
Have you used eBPF? eBPF is already used in many places - Load balancing - DDOS protection on large Internet platforms - Kernel live-patching (5.7+ with LSM/eBPF) - Android (e.g. app data stats) @raphink | @raphink@mastodon.social
Makes the Linux kernel programmable in a secure and efficient way. “What JavaScript is to the browser, eBPF is to the Linux Kernel” @raphink | @raphink@mastodon.social
@raphink | @raphink@mastodon.social
@raphink | @raphink@mastodon.social Cloud Native Identities
⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
Cilium & Friends - performance gains (no need for iptables, bypass TCP/IP) - simpler architecture (e.g. no sidecar proxy for Service Mesh) Cilium @raphink | @raphink@mastodon.social
Cilium & Friends Hubble - fine-grained network observability - exports to SIEM - support for OpenTelemetry - performance gains (no need for iptables, bypass TCP/IP) - simpler architecture (e.g. no sidecar proxy for Service Mesh) Cilium @raphink | @raphink@mastodon.social
Cilium & Friends Tetragon - observe & export kernel events - act on events (e.g. SIGKILL) - performance gains (no need for iptables, bypass TCP/IP) - simpler architecture (e.g. no sidecar proxy for Service Mesh) Cilium Hubble - fine-grained network observability - exports to SIEM - support for OpenTelemetry @raphink | @raphink@mastodon.social
Deep Down in Kernel Space Observe directly in the kernel - Low-overhead tracing/observability - Example: network performance / SRTT / micro-bursts - HTTP / TLS in-kernel visibility - Troubleshooting prod on the fly (see bpftrace) @raphink | @raphink@mastodon.social
Deep Down in Kernel Space Example software - BCC - bpftrace - Pixie - Cilium (network) - Cilium Tetragon (system) @raphink | @raphink@mastodon.social Observe directly in the kernel - Low-overhead tracing/observability - Example: network performance / SRTT / micro-bursts - HTTP / TLS in-kernel visibility - Troubleshooting prod on the fly (see bpftrace)
Observability: bpftrace @raphink | @raphink@mastodon.social
Networking: Hubble (CLI) @raphink | @raphink@mastodon.social $ kubectl get pods NAME READY STATUS RESTARTS AGE tiefighter 1/1 Running 0 2m34s xwing 1/1 Running 0 2m34s deathstar-5b7489bc84-crlxh 1/1 Running 0 2m34s deathstar-5b7489bc84-j7qwq 1/1 Running 0 2m34s $ hubble observe --follow -l class=xwing # DNS lookup to coredns default/xwing:41391 (ID:16092) -> kube-system/coredns-66bff467f8-28dgp:53 (ID:453) to-proxy FORWARDED (UDP) kube-system/coredns-66bff467f8-28dgp:53 (ID:453) -> default/xwing:41391 (ID:16092) to-endpoint FORWARDED (UDP) # ... # Successful HTTPS request to www.disney.com default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: SYN) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: SYN, ACK) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: ACK, FIN) default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: RST) # ... # Blocked HTTP request to deathstar backend default/xwing:49610 (ID:16092) -> default/deathstar:80 (ID:16081) Policy denied DROPPED (TCP Flags: SYN)
Networking: Hubble (UI) @raphink | @raphink@mastodon.social
Observability: Cilium + Grafana ❤ @raphink | @raphink@mastodon.social
Network Metrics (Hubble) @raphink | @raphink@mastodon.social
HTTP Metrics (Hubble) @raphink | @raphink@mastodon.social
OpenTelemetry (Hubble OTEL) @raphink | @raphink@mastodon.social
Network Policy Verdicts @raphink | @raphink@mastodon.social
TLS (Tetragon) @raphink | @raphink@mastodon.social
Combined Network & Runtime @raphink | @raphink@mastodon.social
Continuous Profiling (Parca) @raphink | @raphink@mastodon.social https://www.parca.dev Continuous profiling of Cilium: https://www.youtube.com/watch?v=tScFlySdSAc
APM (groundcover) @raphink | @raphink@mastodon.social https://groundcover.com
⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards ⬢ The Bridge Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
To Infinity… … and beyond 🚀 - more integration (Grafana, etc.) - more links between sources (metrics, logs, traces) - APM @raphink | @raphink@mastodon.social
eBPF resources eCHO eBPF YouTube podcast: https://www.youtube.com/channel/UCJFUxkVQTBJh3LD1wYB WvuQ eBPF & Cilium Slack http://slack.cilium.io/ eCHO News Bi-weekly eBPF newsletter: https://cilium.io/newsletter/ @raphink | @raphink@mastodon.social
Practical Labs … to become a Cilium & eBPF Jedi @raphink | @raphink@mastodon.social isovalent.com/labs
Practical Labs … to become a Cilium & eBPF Jedi @raphink | @raphink@mastodon.social isovalent.com/labs
Thank you!

Recommended

KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfKCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfRaphaël PINSON
 
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersRaphaël PINSON
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...ContainerDay Security 2023
 
Révolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamiqueRévolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamiqueRaphaël PINSON
 
Terraform a gitlab ci
Terraform a gitlab ciTerraform a gitlab ci
Terraform a gitlab ciJuraj Hantak
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfRaphaël PINSON
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
 
Explore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPFExplore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPFRaphaël PINSON
 

Recommended

KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfKCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfRaphaël PINSON
 
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersRaphaël PINSON
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...ContainerDay Security 2023
 
Révolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamiqueRévolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamiqueRaphaël PINSON
 
Terraform a gitlab ci
Terraform a gitlab ciTerraform a gitlab ci
Terraform a gitlab ciJuraj Hantak
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfRaphaël PINSON
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
 
Explore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPFExplore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPFRaphaël PINSON
 
Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Steve Hoffman
 
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetes
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetesSpryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetes
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetesBernd Alter
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONAdrian Cockcroft
 
zebra & openconfigd Introduction
zebra & openconfigd Introductionzebra & openconfigd Introduction
zebra & openconfigd IntroductionKentaro Ebisawa
 
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...François-Guillaume Ribreau
 
The advantages of Arista/OVH configurations, and the technologies behind buil...
The advantages of Arista/OVH configurations, and the technologies behind buil...The advantages of Arista/OVH configurations, and the technologies behind buil...
The advantages of Arista/OVH configurations, and the technologies behind buil...OVHcloud
 
Thinking after that disaster in cloud
Thinking after that disaster in cloudThinking after that disaster in cloud
Thinking after that disaster in cloudAmazon Web Services
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesAidan Venn MSc
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018DevOpsDays Tel Aviv
 
What is Digital Rebar Provision (and how RackN extends)?
What is Digital Rebar Provision (and how RackN extends)?What is Digital Rebar Provision (and how RackN extends)?
What is Digital Rebar Provision (and how RackN extends)?rhirschfeld
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingAPNIC
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumWeaveworks
 
Observability
ObservabilityObservability
ObservabilityDiego Pacheco
 
ONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDXONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDXAPNIC
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Bangladesh Network Operators Group
 
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Databricks
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
4Developers 2015: Continuous Security in DevOps - Maciej Lasyk
4Developers 2015: Continuous Security in DevOps - Maciej Lasyk4Developers 2015: Continuous Security in DevOps - Maciej Lasyk
4Developers 2015: Continuous Security in DevOps - Maciej LasykPROIDEA
 
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...Raphaël PINSON
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 

More Related Content

Similar to DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observability Upwards and Downwards

Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Steve Hoffman
 
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetes
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetesSpryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetes
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetesBernd Alter
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONAdrian Cockcroft
 
zebra & openconfigd Introduction
zebra & openconfigd Introductionzebra & openconfigd Introduction
zebra & openconfigd IntroductionKentaro Ebisawa
 
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...François-Guillaume Ribreau
 
The advantages of Arista/OVH configurations, and the technologies behind buil...
The advantages of Arista/OVH configurations, and the technologies behind buil...The advantages of Arista/OVH configurations, and the technologies behind buil...
The advantages of Arista/OVH configurations, and the technologies behind buil...OVHcloud
 
Thinking after that disaster in cloud
Thinking after that disaster in cloudThinking after that disaster in cloud
Thinking after that disaster in cloudAmazon Web Services
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesAidan Venn MSc
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018DevOpsDays Tel Aviv
 
What is Digital Rebar Provision (and how RackN extends)?
What is Digital Rebar Provision (and how RackN extends)?What is Digital Rebar Provision (and how RackN extends)?
What is Digital Rebar Provision (and how RackN extends)?rhirschfeld
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingAPNIC
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumWeaveworks
 
ONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDXONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDXAPNIC
 
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Databricks
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
4Developers 2015: Continuous Security in DevOps - Maciej Lasyk
4Developers 2015: Continuous Security in DevOps - Maciej Lasyk4Developers 2015: Continuous Security in DevOps - Maciej Lasyk
4Developers 2015: Continuous Security in DevOps - Maciej LasykPROIDEA
 

Similar to DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observability Upwards and Downwards (20)

Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015
 
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetes
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetesSpryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetes
Spryker meetup-distribute-your-spryker-deployment-with-docker-and-kubernetes
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - Mediafly
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
 
zebra & openconfigd Introduction
zebra & openconfigd Introductionzebra & openconfigd Introduction
zebra & openconfigd Introduction
 
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
 
The advantages of Arista/OVH configurations, and the technologies behind buil...
The advantages of Arista/OVH configurations, and the technologies behind buil...The advantages of Arista/OVH configurations, and the technologies behind buil...
The advantages of Arista/OVH configurations, and the technologies behind buil...
 
Thinking after that disaster in cloud
Thinking after that disaster in cloudThinking after that disaster in cloud
Thinking after that disaster in cloud
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devices
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
 
What is Digital Rebar Provision (and how RackN extends)?
What is Digital Rebar Provision (and how RackN extends)?What is Digital Rebar Provision (and how RackN extends)?
What is Digital Rebar Provision (and how RackN extends)?
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet Routing
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
 
Observability
ObservabilityObservability
Observability
 
ONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDXONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDX
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networking
 
4Developers 2015: Continuous Security in DevOps - Maciej Lasyk
4Developers 2015: Continuous Security in DevOps - Maciej Lasyk4Developers 2015: Continuous Security in DevOps - Maciej Lasyk
4Developers 2015: Continuous Security in DevOps - Maciej Lasyk
 

More from Raphaël PINSON

Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...Raphaël PINSON
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
 
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdfRaphaël PINSON
 
The Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological DebtThe Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological DebtRaphaël PINSON
 
YAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmYAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmRaphaël PINSON
 
Container Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuildsContainer Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuildsRaphaël PINSON
 
K9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In StyleK9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In StyleRaphaël PINSON
 
Bivac - Container Volumes Backup
Bivac - Container Volumes BackupBivac - Container Volumes Backup
Bivac - Container Volumes BackupRaphaël PINSON
 
Automating Puppet Certificates Renewal
Automating Puppet Certificates RenewalAutomating Puppet Certificates Renewal
Automating Puppet Certificates RenewalRaphaël PINSON
 
Running the Puppet Stack in Containers
Running the Puppet Stack in ContainersRunning the Puppet Stack in Containers
Running the Puppet Stack in ContainersRaphaël PINSON
 
Automating Puppet Certificates Renewal
Automating Puppet Certificates RenewalAutomating Puppet Certificates Renewal
Automating Puppet Certificates RenewalRaphaël PINSON
 
Narcissus — mapping configs in Go
Narcissus — mapping configs in GoNarcissus — mapping configs in Go
Narcissus — mapping configs in GoRaphaël PINSON
 
FTTH Factory — an illustration of the "Everything as Code" paradigm
FTTH Factory — an illustration of the "Everything as Code" paradigmFTTH Factory — an illustration of the "Everything as Code" paradigm
FTTH Factory — an illustration of the "Everything as Code" paradigmRaphaël PINSON
 
Puppet Test Driven Development with Travis CI and Docker
Puppet Test Driven Development with Travis CI and DockerPuppet Test Driven Development with Travis CI and Docker
Puppet Test Driven Development with Travis CI and DockerRaphaël PINSON
 
Orchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and MspectatorOrchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and MspectatorRaphaël PINSON
 

More from Raphaël PINSON (20)

Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
 
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
 
SKS in git ops mode
SKS in git ops modeSKS in git ops mode
SKS in git ops mode
 
The Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological DebtThe Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological Debt
 
Devops stack
Devops stackDevops stack
Devops stack
 
YAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmYAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigm
 
Container Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuildsContainer Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuilds
 
K9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In StyleK9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In Style
 
Argocd up and running
Argocd up and runningArgocd up and running
Argocd up and running
 
Bivac - Container Volumes Backup
Bivac - Container Volumes BackupBivac - Container Volumes Backup
Bivac - Container Volumes Backup
 
Automating Puppet Certificates Renewal
Automating Puppet Certificates RenewalAutomating Puppet Certificates Renewal
Automating Puppet Certificates Renewal
 
Running the Puppet Stack in Containers
Running the Puppet Stack in ContainersRunning the Puppet Stack in Containers
Running the Puppet Stack in Containers
 
Automating Puppet Certificates Renewal
Automating Puppet Certificates RenewalAutomating Puppet Certificates Renewal
Automating Puppet Certificates Renewal
 
Narcissus — mapping configs in Go
Narcissus — mapping configs in GoNarcissus — mapping configs in Go
Narcissus — mapping configs in Go
 
FTTH Factory — an illustration of the "Everything as Code" paradigm
FTTH Factory — an illustration of the "Everything as Code" paradigmFTTH Factory — an illustration of the "Everything as Code" paradigm
FTTH Factory — an illustration of the "Everything as Code" paradigm
 
Puppet Test Driven Development with Travis CI and Docker
Puppet Test Driven Development with Travis CI and DockerPuppet Test Driven Development with Travis CI and Docker
Puppet Test Driven Development with Travis CI and Docker
 
Orchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and MspectatorOrchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and Mspectator
 
Augeas @RMLL 2012
Augeas @RMLL 2012Augeas @RMLL 2012
Augeas @RMLL 2012
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observability Upwards and Downwards

  • 1. Bridging Dev and Ops with eBPF Raphaël Pinson | @raphink | @raphink@mastodon.social Extending Observability Upwards and Downwards Solutions Architect, Isovalent
  • 2. Dumb Monitoring Observability over the Wall @raphink | @raphink@mastodon.social
  • 3. Who am I Raphaël Pinson Solutions Architect @ Isovalent | CNCF Ambassador @raphink | @raphink@mastodon.social
  • 4. ⬢ From Dumb to Expertise-Driven Observability Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
  • 5. ⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
  • 6. ⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
  • 7. ⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards ⬢ The Bridge Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
  • 8. ⬢ From Dumb to Expertise-Driven Observability Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards Image: Unsplash / Wolfgang Hasselmann
  • 9. Privilege-Driven Monitoring With Great Power comes great Responsibility @raphink | @raphink@mastodon.social
  • 11. Platforms, Interfaces & Responsibilities (But DevOps is not dead) @raphink | @raphink@mastodon.social
  • 12. Observability Ownership Developers ❤ Observability @raphink | @raphink@mastodon.social
  • 13. Data Collection Services & Application Instrumentation @raphink | @raphink@mastodon.social
  • 14. ⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
  • 15. Have you used eBPF? eBPF is already used in many places - Load balancing - DDOS protection on large Internet platforms - Kernel live-patching (5.7+ with LSM/eBPF) - Android (e.g. app data stats) @raphink | @raphink@mastodon.social
  • 16. Makes the Linux kernel programmable in a secure and efficient way. “What JavaScript is to the browser, eBPF is to the Linux Kernel” @raphink | @raphink@mastodon.social
  • 19. ⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
  • 20. Cilium & Friends - performance gains (no need for iptables, bypass TCP/IP) - simpler architecture (e.g. no sidecar proxy for Service Mesh) Cilium @raphink | @raphink@mastodon.social
  • 21. Cilium & Friends Hubble - fine-grained network observability - exports to SIEM - support for OpenTelemetry - performance gains (no need for iptables, bypass TCP/IP) - simpler architecture (e.g. no sidecar proxy for Service Mesh) Cilium @raphink | @raphink@mastodon.social
  • 22. Cilium & Friends Tetragon - observe & export kernel events - act on events (e.g. SIGKILL) - performance gains (no need for iptables, bypass TCP/IP) - simpler architecture (e.g. no sidecar proxy for Service Mesh) Cilium Hubble - fine-grained network observability - exports to SIEM - support for OpenTelemetry @raphink | @raphink@mastodon.social
  • 23. Deep Down in Kernel Space Observe directly in the kernel - Low-overhead tracing/observability - Example: network performance / SRTT / micro-bursts - HTTP / TLS in-kernel visibility - Troubleshooting prod on the fly (see bpftrace) @raphink | @raphink@mastodon.social
  • 24. Deep Down in Kernel Space Example software - BCC - bpftrace - Pixie - Cilium (network) - Cilium Tetragon (system) @raphink | @raphink@mastodon.social Observe directly in the kernel - Low-overhead tracing/observability - Example: network performance / SRTT / micro-bursts - HTTP / TLS in-kernel visibility - Troubleshooting prod on the fly (see bpftrace)
  • 25. Observability: bpftrace @raphink | @raphink@mastodon.social
  • 26. Networking: Hubble (CLI) @raphink | @raphink@mastodon.social $ kubectl get pods NAME READY STATUS RESTARTS AGE tiefighter 1/1 Running 0 2m34s xwing 1/1 Running 0 2m34s deathstar-5b7489bc84-crlxh 1/1 Running 0 2m34s deathstar-5b7489bc84-j7qwq 1/1 Running 0 2m34s $ hubble observe --follow -l class=xwing # DNS lookup to coredns default/xwing:41391 (ID:16092) -> kube-system/coredns-66bff467f8-28dgp:53 (ID:453) to-proxy FORWARDED (UDP) kube-system/coredns-66bff467f8-28dgp:53 (ID:453) -> default/xwing:41391 (ID:16092) to-endpoint FORWARDED (UDP) # ... # Successful HTTPS request to www.disney.com default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: SYN) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: SYN, ACK) www.disney.com:443 (world) -> default/xwing:37836 (ID:16092) to-endpoint FORWARDED (TCP Flags: ACK, FIN) default/xwing:37836 (ID:16092) -> www.disney.com:443 (world) to-stack FORWARDED (TCP Flags: RST) # ... # Blocked HTTP request to deathstar backend default/xwing:49610 (ID:16092) -> default/deathstar:80 (ID:16081) Policy denied DROPPED (TCP Flags: SYN)
  • 27. Networking: Hubble (UI) @raphink | @raphink@mastodon.social
  • 28. Observability: Cilium + Grafana ❤ @raphink | @raphink@mastodon.social
  • 29. Network Metrics (Hubble) @raphink | @raphink@mastodon.social
  • 30. HTTP Metrics (Hubble) @raphink | @raphink@mastodon.social
  • 31. OpenTelemetry (Hubble OTEL) @raphink | @raphink@mastodon.social
  • 32. Network Policy Verdicts @raphink | @raphink@mastodon.social
  • 33. TLS (Tetragon) @raphink | @raphink@mastodon.social
  • 34. Combined Network & Runtime @raphink | @raphink@mastodon.social
  • 35. Continuous Profiling (Parca) @raphink | @raphink@mastodon.social https://www.parca.dev Continuous profiling of Cilium: https://www.youtube.com/watch?v=tScFlySdSAc
  • 36. APM (groundcover) @raphink | @raphink@mastodon.social https://groundcover.com
  • 37. ⬢ From Dumb to Expertise-Driven Observability ⬢ eBPF ⬢ Observing Downwards & Upwards ⬢ The Bridge Bridging Dev and Ops with eBPF Extending Observability Upwards and Downwards
  • 38. To Infinity… … and beyond 🚀 - more integration (Grafana, etc.) - more links between sources (metrics, logs, traces) - APM @raphink | @raphink@mastodon.social
  • 39. eBPF resources eCHO eBPF YouTube podcast: https://www.youtube.com/channel/UCJFUxkVQTBJh3LD1wYB WvuQ eBPF & Cilium Slack http://slack.cilium.io/ eCHO News Bi-weekly eBPF newsletter: https://cilium.io/newsletter/ @raphink | @raphink@mastodon.social
  • 40. Practical Labs … to become a Cilium & eBPF Jedi @raphink | @raphink@mastodon.social isovalent.com/labs
  • 41. Practical Labs … to become a Cilium & eBPF Jedi @raphink | @raphink@mastodon.social isovalent.com/labs