Extended Berkeley Packet Filter (eBPF) is a core Linux technology with multiple applications in different computer domains like security, networking and tracing. For the containers and Kubernetes specific case, it’s used with networking projects like Cilium or Calico, debugging solutions like BCC, kubectl-trace and Inspektor Gadget, and security-related projects like tracee and Falco. eBPF is a very fast evolving technology: each new kernel release includes new features, and different Linux distributions rush to enable them for their users.

Continue reading »

Related Articles