The eBPF Approach to Container Monitoring
The extended Berkeley Packet Filter (or eBPF) is poised to upend conventional approaches to monitoring Docker and Kubernetes workloads, says Christopher Tozzi.
The Linux feature, introduced in 2015, offers a way to monitor containers without high resource consumption. “eBPF makes it possible to run programs directly in the Linux kernel – as opposed to running them in "userland," where they don't have direct access to kernel resources,” Tozzi explains.
For example, he says, “you could write an eBPF program that intercepts the processes associated with each container and use it to collect monitoring data. You'd end up with a monitoring solution that is much less resource-hungry than traditional sidecar containers.”
Learn more at ITProToday.
Related content
- Five Common Security Mistakes to Avoid
-
A central access manager for SSH, Kubernetes, and others
Teleport centrally manages logins against various protocols, including SSH, Kubernetes, and databases. Functions such as two-factor authentication are included in the scope of delivery, as is management of your own certificates. -
Sustainable Kubernetes with Project Kepler
Measure, predict, and optimize the carbon footprint of your containerized workloads. -
Kubernetes networking in the kernel
Cilium and eBPF put Kubernetes networking down in the kernel where it belongs. -
Artificial admin
AIOps brings artificial intelligence tools into everyday administrative work, with AI-supported automation of some admin responsibilities.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
