The eBPF Approach to Container Monitoring

By ADMIN Team

eBPF offers a low-overhead approach to observability.

The extended Berkeley Packet Filter (or eBPF) is poised to upend conventional approaches to monitoring Docker and Kubernetes workloads, says Christopher Tozzi.

The Linux feature, introduced in 2015, offers a way to monitor containers without high resource consumption. “eBPF makes it possible to run programs directly in the Linux kernel – as opposed to running them in "userland," where they don't have direct access to kernel resources,” Tozzi explains.

For example, he says, “you could write an eBPF program that intercepts the processes associated with each container and use it to collect monitoring data. You'd end up with a monitoring solution that is much less resource-hungry than traditional sidecar containers.”

Learn more at ITProToday.

12/01/2022

Related content

A central access manager for SSH, Kubernetes, and others
Teleport centrally manages logins against various protocols, including SSH, Kubernetes, and databases. Functions such as two-factor authentication are included in the scope of delivery, as is management of your own certificates.

more »
A ptrace-based tracing mechanism for syscalls
The libiotrace library monitors running, static and dynamically linked programs and collects detailed data for many file-I/O-related function calls.

more »
Monitoring containers
A monitoring system helps avoid unpleasant surprises during operations, but admins need to modify existing solutions to fit a containerized world.

more »
Monitoring and service discovery with Consul
When dozens of new services and VMs emerge and disappear every day in dynamic cloud environments, conventional monitoring provides false alarms, not operational security.

more »
Writing PowerShell Output to a File

more »

comments powered by Disqus

Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs