Explore the intricacies of running unprivileged eBPF in Kubernetes in this 25-minute conference talk by Nikola Grcevski from Grafana Labs. Delve into the powerful capabilities of eBPF for gaining insights on connectivity, networking, security, and performance with minimal code. Examine the challenges of elevated permissions required for eBPF probes and learn strategies to avoid using 'privileged:true' in Kubernetes securityContext. Investigate the relationship between Linux security capabilities and eBPF capabilities, understanding when CAP_SYS_ADMIN is insufficient and how to circumvent it. Gain detailed knowledge about the specific capabilities required for common eBPF features and discover scenarios where CAP_BPF is adequate. Uncover the additional privileges needed for various types of instrumentation to avoid relying on CAP_SYS_ADMIN.
Drawing Lines in the Sand - Running Unprivileged eBPF in Kubernetes
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Drawing Lines in the Sand, or Running Unprivileged eBPF in Kubernetes - Nikola Grcevski
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Kubernetes Observability with eBPF
-
Monitoring Kubernetes Network Traffic Using eBPF
-
BumbleBee - How to Start Using eBPF in Kubernetes
-
Exploring Process Capabilities with eBPF - Monitoring and Security in Cloud Native Applications
-
Hello eBPF! Goodbye Sidecars? - Revolutionizing Kubernetes Deployments
-
eBPF for Go Developers: Use Cases and Implementation
