eBPF Data Collection for Everyone – empowering the community to obtain Linux insights using Inspektor Gadget
Alban Crequy and Michael Friese
In this presentation we show how eBPF programmers can easily distribute their programs using Inspektor Gadget, a tool designed for the creation, deployment, and execution of eBPF programs (gadgets) across Kubernetes and Linux environments. Inspektor Gadget encapsulates eBPF programs into OCI containers, providing well-understood and easily distributable units. We then detail how an end user can use Inspektor Gadget to easily derive valuable systems insights.
We'll give a brief overview of Inspektor Gadget's automatic data enrichment process, transforming complex kernel information into high-level, understandable concepts tied to Kubernetes and container runtimes. This feature bridges the knowledge gap between raw, low-level data and more interpretable information, improving the understanding of system behavior.
We will explain how users can write their own gadgets and make use of different helper APIs provided by Inspektor Gadget for socket enricher, file path discovery and container filtering, etc.
We will show how to combine existing gadgets into a new one, add additional post-processing logic using WASM or Lua and export the resulting data to different targets, using for example OpenTelemetry.
Throughout the talk, we'll demonstrate more of Inspektor Gadget's features, its support across various environments, discuss its operational mechanics, and share insights into the future direction of the project.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/