eBPF (extended Berkeley Packet Filter) is a powerful Linux Kernel technology that allows user space code to be run on an in-kernel virtual machine. This talk will introduce eBPF at a high level, some of its more common uses and go into detail on a specific eBPF program designed to record all shell sessions on a Linux machine. The talk will end with a demonstration of how this program can be deployed on Google Kubernetes Engine to replay container shell sessions and gain new insights into activity across the cluster.
| Event | Cloud Native London |
|---|---|
| Speaker | Luke Addision |
| Video | Watch Video |
| Slides | Open Slides |