Kubernetes provides a high-level abstraction layer that makes it easy to deploy distributed computing resources without knowing what’s happening in the kernel and applications. This is great when things work as expected, but when trying to root cause an issue, Kubernetes does not provide any help in inspecting these low-level details.
During this tutorial, we’ll look into how using tools based on eBPF functionality can help us better understand what’s going on inside our cluster. We’ll check out two tools that were specifically designed to run inside Kubernetes:
* Inspektor Gadget, which includes a few innovative gadgets as well as easy-to-use wrappers around BPF Compiler Collection (BCC)
* kubectl-trace, which allows to use the power of bpftrace on Kubernetes clusters
Using these tools, DevOps teams can answer debugging questions such as:
* What were the last system calls executed before the crash?
* What network policies do I need to apply in my cluster?
* What executables are being run on my cluster?
* What processes are reading to or writing to disk?
This is an interactive tutorial. To follow along, you'll need access to a test Kubernetes cluster. For simplicity, we recommend running a specific Minikube version, but other options are possible. Please check out the instructions at
https://github.com/kinvolk/cloud-native-bpf-workshop in advance. This will help you make the most out of the workshop.