Cloud Native London

Auditing with eBPF

Luke Addision

eBPF (extended Berkeley Packet Filter) is a powerful Linux Kernel technology that allows user space code to be run on an in-kernel virtual machine. This talk will introduce eBPF at a high level, some of its more common uses and go into detail on a specific eBPF program designed to record all shell sessions on a Linux machine. The talk will end with a demonstration of how this program can be deployed on Google Kubernetes Engine to replay container shell sessions and gain new insights into activity across the cluster.

Event Cloud Native London
Speaker Luke Addision
Video Watch Video
Slides Open Slides

Get started with Jetstack

Enquire about Subscription

Contact us