In the Kubernetes ecosystem, several projects are tracing containers using low-level Linux primitives such as eBPF, fanotify, processes, cgroups to name some projects we have Inspektor Gadget , lockc , Falco , etc. Those tools might detect a new container that has been started on a node, but then they need to determine if the container is part of a Kubernetes cluster and identify the pod to which it belongs. One way to get this information is to use Kubernetes API server and filter based on pod.

Continue reading »

Related Articles