Part Two!
Did you miss part one? Get hold of it on page 60
Part Two!
QUICK TIPP
$ wget https://raw.githubusercontent.com/brendangregg/FlameGraph/master/flamegraph.pl
QUICK TIP
KPROBES, UPROBES AND TRACEPOINTS
QUICK TIP
CILIUM AND HUBBLE
Did you miss part one? Get hold of it on page 60
eBPF is both useful and powerful because it enables you to work with the kernel without either changing the kernel code or adding new kernel modules. You can find more information about eBPF at https://ebpf.io.
$ chmod 755 flamegraph.pl
perf_events is a software tool for Linux that’s used for profiling and tracing. The perf command, which was originally called Performance Counters for Linux (PCL), is now a collection of tools for profiling and tracing with the name Linux Performance Events (LPE). Each separate tool is used as a subcommand of perf.
A probe is a software or hardware instrumentation point. It can generate events that can be caught and therefore handled by bpftrace programs. There are two types of probes: kprobes and uprobes. A kprobe offers dynamic instrumentation for kernel space. As a result, kprobes offer events for all kernel functions without the need to reboot your Linux machine or put your system into any special mode. A uprobe offers dynamic instrumentation at user-space level and therefore works with user-level functions.
You can consider eBPF as a virtual machine located inside the Linux kernel, hence the ability to run eBPF programs without altering the kernel code. This enables you to execute BPF bytecode – all eBPF programs are compiled to bytecode – without requiring too many resources.
Cilium (https://cilium.io) is an open source program (https://github.com/cilium/cilium) developed by Isovalent (https://isovalent.com) that uses eBPF for monitoring containers and Kubernetes clusters for security. Hubble (https://github.com/cilium/hubble), which is built on top of Cilium, is a cloudnative distributed network, service and security observability platform. Hubble can be used for tasks such as network monitoring and alerting, application monitoring and security observability as well as discovering service dependencies (how services communicate with each other) and communication maps.
OUR EXPERT