The eBPF Approach to Container Monitoring
The extended Berkeley Packet Filter (or eBPF) is poised to upend conventional approaches to monitoring Docker and Kubernetes workloads, says Christopher Tozzi.
The Linux feature, introduced in 2015, offers a way to monitor containers without high resource consumption. “eBPF makes it possible to run programs directly in the Linux kernel – as opposed to running them in "userland," where they don't have direct access to kernel resources,” Tozzi explains.
For example, he says, “you could write an eBPF program that intercepts the processes associated with each container and use it to collect monitoring data. You'd end up with a monitoring solution that is much less resource-hungry than traditional sidecar containers.”
Learn more at ITProToday.
Related content
- Five Common Security Mistakes to Avoid
-
A central access manager for SSH, Kubernetes, and others
Teleport centrally manages logins against various protocols, including SSH, Kubernetes, and databases. Functions such as two-factor authentication are included in the scope of delivery, as is management of your own certificates. - 8 Linux Tools for IT Pros
-
A ptrace-based tracing mechanism for syscalls
The libiotrace library monitors running, static and dynamically linked programs and collects detailed data for many file-I/O-related function calls. - IT Priorities for 2023
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.