際際滷

際際滷Share a Scribd company logo

Prometheus as exposition format for eBPF programs running on Kubernetes

Leonardo Di Donato
Leonardo Di Donato

The kernel knows more than our programs. Stop bloating our applications with copy-and-paste instrumentation code for metrics. Let's go look under the hoods! Nowadays every application exposes their metrics via an HTTP endpoint readable by using Prometheus. Nevertheless, this very common pattern, by definition only exposes metrics regarding the specific applications being observed. This talk, and its companion slides, wants to expose the idea, and a reference implementation (https://github.com/bpftools/kube-bpf), of using eBPF programs to collect and automatically expose applications and kernel metrics via a Prometheus endpoint. It walks through the architecture of the proposed reference implementation - a Kubernetes operator with a custom resource for eBPF programs - and finally links to a simple demo showing how to use it to grab and present some metrics without having touched any application running on the demo cluster. --- Talk given at Cloud_Native Rejekts EU - Barcelona, Spain - on May 18th, 2019

1 of 24
Download to read offline
Prometheus as exposition format for eBPF programs running on k8s Leonardo Di Donato. Open Source Software Engineer @ Sysdig. 2019.05.18 - Cloud_Native Rejekts EU - Barcelona, Spain
whoami Leonardo Di Donato. Maintainer of Falco. Creator of kubectl-trace and go-syslog. Reach me out @leodido.
@leodido Old buzzword. Is this SNMP? Focus on collecting, persisting, and alerting on just any data! It might also become simply garbage. Data lake. Doing it well requires a strategy. Uninformed monitoring equals hope. Monitoring The missing buzzwords Wait, another really cool buzzword is Tracing! Ability of a system to give to humans insights. Humans can observe, understand, and act on the presented state of an observable system. Ability to make deductions about internal state only looking at boundaries (inputs vs outputs). Never truly achieved. Ongoing process and mindset. Avoid black box data. Extract fine-grained and meaningful data. Observability
@leodido Monitoring landscape very fragmented Many solutions with ancient tech Proprietary data formats often not completely impl. or undocumented or ... Hierarchical data models Metrics? W00t? Before Prometheus But theres a thing ... De-facto standard Cloud-native metric monitoring Ease of use Explosion of /metrics endpoints After Prometheus The journey so far
What if we could exploit Prometheus (or OpenMetrics) exposition formats awesomeness without having to punctually instrument applications? Can we avoid to clog our applications through eBPF superpowers? eBFP superpowers @leodido
What eBPF is You can now write mini programs that run on events like disk I/O which are run in a safe virtual machine in the kernel. In-kernel verifier refuses to load eBPF programs with invalid pointer dereferences, exceeding maximum call stack, or with loop without an upper bound. Imposes a stable Application Binary Interface (ABI). BPF on steroids A core part of the Linux kernel. @leodido
@leodido userspace program bpf() syscall eBPF program ... user-space kernel eBPF map BPF_MAP_CREATE BPF_MAP_LOOKUP_ELEM BPF_MAP_UPDATE_ELEM BPF_MAP_DELETE_ELEM BPF_MAP_GET_NEXT_KEY http://bit.ly/bpf_map_types BPF_PROG_TYPE_SOCKET_FILTER BPF_PROG_TYPE_KPROBE BPF_PROG_TYPE_TRACEPOINT BPF_PROG_TYPE_RAW_TRACEPOINT BPF_PROG_TYPE_XDP BPF_PROG_TYPE_PERF_EVENT BPF_PROG_TYPE_CGROUP_SKB BPF_PROG_TYPE_CGROUP_SOCK BPF_PROG_TYPE_SOCK_OPS BPF_PROG_TYPE_SK_SKB BPF_PROG_TYPE_SK_MSG BPF_PROG_TYPE_SCHED_CLS BPF_PROG_TYPE_SCHED_ACT http://bit.ly/bpf_prog_types eBPF program How does eBFP work?
fully programmable can trace everything in a system not limited to a specific application unified tracing interface for both kernel and userspace [k,u]probes, (dtrace)tracepoints and so on are also used by other tools minimal (negligible) performance impact attach JIT native compiled instrumentation code no long suspensions of execution Advantages requires a fairly recent kernel definitely not for debugging no knowledge of the calling higher level language implementation not fully running in user space kernel-user context (usually negligible) switch when eBPF instrument a user process still not portable as other tracers VM primarily developer in the Linux kernel (work-in-progress portings btw) Disadvantages Why use eBPF at all to trace userspace processes?
@leodido BFP operator for Kubernetes Why dont we make eBPF programs look more YAML
http://bit.ly/k8s_crd An extension of the K8S API that let you store and retrieve structured data. Custom resources http://bit.ly/k8s_shared_informers The actual control loop that watches the shared state using the workqueue. Shared informers http://bit.ly/k8s_custom_controllers It declares and specifies the desired state of your resource continuously trying to match it with the actual state. Controllers Customize all the things
@leodido BPF runner bpf() syscall eBPF program ... user-space kernel eBPF map eBPF program ... BPF runner bpf() syscall eBPF program ... user-space kernel eBPF map eBPF program BPF CRD Heres the evil plan :9387/metrics :9387/metrics
@leodido Did yall say YAML?! lets put some ELF magic in it... く
@leodido Count packets by protocol Count sys_enter_write by process ID macro to generate sections inside the object file (later interpreted by the ELF BPF loader)
@leodido Compile and inspect This is important because communicates to set the current running kernel version! Tricky and controversial legal thing about licenses ... The bpf_prog_load() wrapper also has a license parameter to provide the license that applies to the eBPF program being loaded. Not GPL-compatible license? Kernel wont load you eBPF! Exceptions applies... eBPF Maps
@leodido
@leodido
@leodido Demo time Doing all the BPF things, with YAML
@leodido asciinema
@leodido # HELP test_packets No. of packets per protocol (key), node # TYPE test_packets counter test_packets{key="00001",node="127.0.0.1"} 8 test_packets{key="00002",node="127.0.0.1"} 1 test_packets{key="00006",node="127.0.0.1"} 551 test_packets{key="00008",node="127.0.0.1"} 1 test_packets{key="00017",node="127.0.0.1"} 15930 test_packets{key="00089",node="127.0.0.1"} 9 test_packets{key="00233",node="127.0.0.1"} 1 # EOF It is a WIP project but already open source! コ Check it out @ gh:bfptools/kube-bpf ip-10-12-0-136.ec2.internal:9387/metrics # <- ICMP # <- IGMP # <- TCP # <- EGP # <- UDP # <- OSPF # <- ?
@leodido # HELP test_dummy No. sys_enter_write calls per PID (key), node # TYPE test_dummy counter test_dummy{key="00001",node="127.0.0.1"} ... test_dummy{key="00001",node="127.0.0.1"} 8 test_dummy{key="00295",node="127.0.0.1"} 1 test_dummy{key="01278",node="127.0.0.1"} 1158 test_dummy{key="04690",node="127.0.0.1"} 209 test_dummy{key="04691",node="127.0.0.1"} 889 # EOF It is a WIP project but already open source! コ Check it out @ gh:bfptools/kube-bpf ip-10-12-0-122.ec2.internal:9387/metrics
@leodido It is a WIP project but already open source! コ Check it out @ gh:bfptools/kube-bpf
@leodido kubectl-trace More eBPF + k8s Run bpftrace program (from file) Ctrl-C tells the program to plot the results using hist() The output histogram Maps
@leodido Prometheus exposition format is here to stay given how simple it is OpenMetrics will introduce improvements on such giant shoulders We cannot monitor and observe everything from inside our applications ッ We might want to have a look at the orchestrator (context) our apps live and die in Kubernetes can be extended to achieve such levels of integrations ELF is cool We look for better tools (eBPF) for grabbing our metrics and even more Almost nullify footprint Enable a wider range of available data Do not touch our applications directly There is a PoC doing some magic at gh:bfptools/kube-bpf Key takeaways
Thanks. Reach me out @leodido on twitter & github! SEE YALL AROUND AT KUBECON http://bit.ly/prometheus_ebpf_k8s

Recommended

Open metrics: Prometheus Unbound?
Open metrics: Prometheus Unbound?Open metrics: Prometheus Unbound?
Open metrics: Prometheus Unbound?
Leonardo Di Donato
xlwings - For Python Quants Conference (London 2014)
xlwings - For Python Quants Conference (London 2014)xlwings - For Python Quants Conference (London 2014)
xlwings - For Python Quants Conference (London 2014)
xlwings
An Execution-Semantic and Content-and-Context-Based Code-Clone Detection and ...
An Execution-Semantic and Content-and-Context-Based Code-Clone Detection and ...An Execution-Semantic and Content-and-Context-Based Code-Clone Detection and ...
An Execution-Semantic and Content-and-Context-Based Code-Clone Detection and ...
Kamiya Toshihiro
Introduction to Python and Matplotlib
Introduction to Python and MatplotlibIntroduction to Python and Matplotlib
Introduction to Python and Matplotlib
Fran巽ois Bianco
D辿velopper un moteur d'ex辿cution symbolique en partant de rien
D辿velopper un moteur d'ex辿cution symbolique en partant de rienD辿velopper un moteur d'ex辿cution symbolique en partant de rien
D辿velopper un moteur d'ex辿cution symbolique en partant de rien
JUG Lausanne
Performance #5 cpu and battery
Performance #5 cpu and batteryPerformance #5 cpu and battery
Performance #5 cpu and battery
Vitali Pekelis
Beyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic AnalysisBeyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic Analysis
C4Media
Detecting Data Exfiltration on the Edge with Pixie
Detecting Data Exfiltration on the Edge with PixieDetecting Data Exfiltration on the Edge with Pixie
Detecting Data Exfiltration on the Edge with Pixie
Zain Asgar
Cats And Dogs Living Together: Langsec Is Also About Usability
Cats And Dogs Living Together: Langsec Is Also About UsabilityCats And Dogs Living Together: Langsec Is Also About Usability
Cats And Dogs Living Together: Langsec Is Also About Usability
Meredith Patterson
Audit
AuditAudit
Audit
Mark Ellzey Thomas
Programando o ESP8266 com Python
Programando o ESP8266 com PythonProgramando o ESP8266 com Python
Programando o ESP8266 com Python
Relsi Maron
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
P担le Systematic Paris-Region
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocketDEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
Felipe Prado
Overview Of Parallel Development - Ericnel
Overview Of Parallel Development - EricnelOverview Of Parallel Development - Ericnel
Overview Of Parallel Development - Ericnel
ukdpe
Who pulls the strings?
Who pulls the strings?Who pulls the strings?
Who pulls the strings?
Ronny
Writing Fast Code (JP) - PyCon JP 2015
Writing Fast Code (JP) - PyCon JP 2015Writing Fast Code (JP) - PyCon JP 2015
Writing Fast Code (JP) - PyCon JP 2015
Younggun Kim
Performance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Performance Optimization of SPH Algorithms for Multi/Many-Core ArchitecturesPerformance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Performance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Dr. Fabio Baruffa
Practicing Python 3
Practicing Python 3Practicing Python 3
Practicing Python 3
Mosky Liu
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineering
jtdudley
Big data made easy with a Spark
Big data made easy with a SparkBig data made easy with a Spark
Big data made easy with a Spark
Jean-Georges Perrin
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_en
Sunghun Kim
Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01
Hajime Tazaki
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
Jakub "Kuba" Sendor
Surge2012
Surge2012Surge2012
Surge2012
davidapacheco
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
Linaro
Python and Zope: An introduction (May 2004)
Python and Zope: An introduction (May 2004)Python and Zope: An introduction (May 2004)
Python and Zope: An introduction (May 2004)
Kiran Jonnalagadda
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
Mike Harris
From logs to metrics
From logs to metricsFrom logs to metrics
From logs to metrics
Leonardo Di Donato
Continuous Time Bayesian Network Classifiers, M.Sc Thesis
Continuous Time Bayesian Network Classifiers, M.Sc ThesisContinuous Time Bayesian Network Classifiers, M.Sc Thesis
Continuous Time Bayesian Network Classifiers, M.Sc Thesis
Leonardo Di Donato

More Related Content

Similar to Prometheus as exposition format for eBPF programs running on Kubernetes (20)

Cats And Dogs Living Together: Langsec Is Also About Usability
Cats And Dogs Living Together: Langsec Is Also About UsabilityCats And Dogs Living Together: Langsec Is Also About Usability
Cats And Dogs Living Together: Langsec Is Also About Usability
Meredith Patterson
Audit
AuditAudit
Audit
Mark Ellzey Thomas
Programando o ESP8266 com Python
Programando o ESP8266 com PythonProgramando o ESP8266 com Python
Programando o ESP8266 com Python
Relsi Maron
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
P担le Systematic Paris-Region
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocketDEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
Felipe Prado
Overview Of Parallel Development - Ericnel
Overview Of Parallel Development - EricnelOverview Of Parallel Development - Ericnel
Overview Of Parallel Development - Ericnel
ukdpe
Who pulls the strings?
Who pulls the strings?Who pulls the strings?
Who pulls the strings?
Ronny
Writing Fast Code (JP) - PyCon JP 2015
Writing Fast Code (JP) - PyCon JP 2015Writing Fast Code (JP) - PyCon JP 2015
Writing Fast Code (JP) - PyCon JP 2015
Younggun Kim
Performance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Performance Optimization of SPH Algorithms for Multi/Many-Core ArchitecturesPerformance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Performance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Dr. Fabio Baruffa
Practicing Python 3
Practicing Python 3Practicing Python 3
Practicing Python 3
Mosky Liu
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineering
jtdudley
Big data made easy with a Spark
Big data made easy with a SparkBig data made easy with a Spark
Big data made easy with a Spark
Jean-Georges Perrin
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_en
Sunghun Kim
Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01
Hajime Tazaki
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
Jakub "Kuba" Sendor
Surge2012
Surge2012Surge2012
Surge2012
davidapacheco
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
Linaro
Python and Zope: An introduction (May 2004)
Python and Zope: An introduction (May 2004)Python and Zope: An introduction (May 2004)
Python and Zope: An introduction (May 2004)
Kiran Jonnalagadda
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
Mike Harris
Cats And Dogs Living Together: Langsec Is Also About Usability
Cats And Dogs Living Together: Langsec Is Also About UsabilityCats And Dogs Living Together: Langsec Is Also About Usability
Cats And Dogs Living Together: Langsec Is Also About Usability
Meredith Patterson
Audit
AuditAudit
Audit
Mark Ellzey Thomas
Programando o ESP8266 com Python
Programando o ESP8266 com PythonProgramando o ESP8266 com Python
Programando o ESP8266 com Python
Relsi Maron
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
PyParis 2017 / Writing a C Python extension in 2017, Jean-Baptiste Aviat
P担le Systematic Paris-Region
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocketDEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
DEF CON 27- BRIZENDINE STROSCHEIN - the jop rocket
Felipe Prado
Overview Of Parallel Development - Ericnel
Overview Of Parallel Development - EricnelOverview Of Parallel Development - Ericnel
Overview Of Parallel Development - Ericnel
ukdpe
Who pulls the strings?
Who pulls the strings?Who pulls the strings?
Who pulls the strings?
Ronny
Writing Fast Code (JP) - PyCon JP 2015
Writing Fast Code (JP) - PyCon JP 2015Writing Fast Code (JP) - PyCon JP 2015
Writing Fast Code (JP) - PyCon JP 2015
Younggun Kim
Performance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Performance Optimization of SPH Algorithms for Multi/Many-Core ArchitecturesPerformance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Performance Optimization of SPH Algorithms for Multi/Many-Core Architectures
Dr. Fabio Baruffa
Practicing Python 3
Practicing Python 3Practicing Python 3
Practicing Python 3
Mosky Liu
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineering
jtdudley
Big data made easy with a Spark
Big data made easy with a SparkBig data made easy with a Spark
Big data made easy with a Spark
Jean-Georges Perrin
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_en
Sunghun Kim
Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01
Hajime Tazaki
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...
Jakub "Kuba" Sendor
Surge2012
Surge2012Surge2012
Surge2012
davidapacheco
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
Linaro
Python and Zope: An introduction (May 2004)
Python and Zope: An introduction (May 2004)Python and Zope: An introduction (May 2004)
Python and Zope: An introduction (May 2004)
Kiran Jonnalagadda
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
Mike Harris

More from Leonardo Di Donato (8)

From logs to metrics
From logs to metricsFrom logs to metrics
From logs to metrics
Leonardo Di Donato
Continuous Time Bayesian Network Classifiers, M.Sc Thesis
Continuous Time Bayesian Network Classifiers, M.Sc ThesisContinuous Time Bayesian Network Classifiers, M.Sc Thesis
Continuous Time Bayesian Network Classifiers, M.Sc Thesis
Leonardo Di Donato
Topic Modeling for Information Retrieval and Word Sense Disambiguation tasks
Topic Modeling for Information Retrieval and Word Sense Disambiguation tasksTopic Modeling for Information Retrieval and Word Sense Disambiguation tasks
Topic Modeling for Information Retrieval and Word Sense Disambiguation tasks
Leonardo Di Donato
Guida all'estrazione di dati dai Social Network
Guida all'estrazione di dati dai Social NetworkGuida all'estrazione di dati dai Social Network
Guida all'estrazione di dati dai Social Network
Leonardo Di Donato
Virtual Worlds
Virtual WorldsVirtual Worlds
Virtual Worlds
Leonardo Di Donato
A Location Based Mobile Social Network
A Location Based Mobile Social NetworkA Location Based Mobile Social Network
A Location Based Mobile Social Network
Leonardo Di Donato
Sistema Rilevamento Transiti (SRT) - Software Analysis and Design
Sistema Rilevamento Transiti (SRT) - Software Analysis and DesignSistema Rilevamento Transiti (SRT) - Software Analysis and Design
Sistema Rilevamento Transiti (SRT) - Software Analysis and Design
Leonardo Di Donato
CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...
CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...
CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...
Leonardo Di Donato
From logs to metrics
From logs to metricsFrom logs to metrics
From logs to metrics
Leonardo Di Donato
Continuous Time Bayesian Network Classifiers, M.Sc Thesis
Continuous Time Bayesian Network Classifiers, M.Sc ThesisContinuous Time Bayesian Network Classifiers, M.Sc Thesis
Continuous Time Bayesian Network Classifiers, M.Sc Thesis
Leonardo Di Donato
Topic Modeling for Information Retrieval and Word Sense Disambiguation tasks
Topic Modeling for Information Retrieval and Word Sense Disambiguation tasksTopic Modeling for Information Retrieval and Word Sense Disambiguation tasks
Topic Modeling for Information Retrieval and Word Sense Disambiguation tasks
Leonardo Di Donato
Guida all'estrazione di dati dai Social Network
Guida all'estrazione di dati dai Social NetworkGuida all'estrazione di dati dai Social Network
Guida all'estrazione di dati dai Social Network
Leonardo Di Donato
Virtual Worlds
Virtual WorldsVirtual Worlds
Virtual Worlds
Leonardo Di Donato
A Location Based Mobile Social Network
A Location Based Mobile Social NetworkA Location Based Mobile Social Network
A Location Based Mobile Social Network
Leonardo Di Donato
Sistema Rilevamento Transiti (SRT) - Software Analysis and Design
Sistema Rilevamento Transiti (SRT) - Software Analysis and DesignSistema Rilevamento Transiti (SRT) - Software Analysis and Design
Sistema Rilevamento Transiti (SRT) - Software Analysis and Design
Leonardo Di Donato
CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...
CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...
CRADLE: Clustering by RAndom minimization Dispersion based LEarning - Un algo...
Leonardo Di Donato

Recently uploaded (20)

537116365-Domain-6-Presentation-New.pptx
537116365-Domain-6-Presentation-New.pptx537116365-Domain-6-Presentation-New.pptx
537116365-Domain-6-Presentation-New.pptx
PorshaAbril1
High-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdf
High-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdfHigh-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdf
High-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdf
vinay salarite
STS-5 ----------------------------------
STS-5 ----------------------------------STS-5 ----------------------------------
STS-5 ----------------------------------
leihlynnperegrin
BSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docx
BSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docxBSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docx
BSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docx
JohnMark171
networkmonitoringtools-200615094423.pptx
networkmonitoringtools-200615094423.pptxnetworkmonitoringtools-200615094423.pptx
networkmonitoringtools-200615094423.pptx
kelvinzallan5
Quantitative Presentation_Final.....pptx
Quantitative Presentation_Final.....pptxQuantitative Presentation_Final.....pptx
Quantitative Presentation_Final.....pptx
lenny lopez
AI-Powered Contact Centre Virtual Assistant DS
AI-Powered Contact Centre Virtual Assistant DSAI-Powered Contact Centre Virtual Assistant DS
AI-Powered Contact Centre Virtual Assistant DS
Srinivasan N
LITERATURE-MODEL.pptxddddddddddddddddddddddddddddddddd
LITERATURE-MODEL.pptxdddddddddddddddddddddddddddddddddLITERATURE-MODEL.pptxddddddddddddddddddddddddddddddddd
LITERATURE-MODEL.pptxddddddddddddddddddddddddddddddddd
Maimai708843
Chat Bots - An Analytical study including Indian players
Chat Bots - An Analytical study including Indian playersChat Bots - An Analytical study including Indian players
Chat Bots - An Analytical study including Indian players
DR. Ram Kumar Pathak
chap2_nnejjejehhehehhhhhhhhhehslides.ppt
chap2_nnejjejehhehehhhhhhhhhehslides.pptchap2_nnejjejehhehehhhhhhhhhehslides.ppt
chap2_nnejjejehhehehhhhhhhhhehslides.ppt
Nikhil620181
Digital Marketing Canvas for Charlotte Hornets
Digital Marketing Canvas for Charlotte HornetsDigital Marketing Canvas for Charlotte Hornets
Digital Marketing Canvas for Charlotte Hornets
DylanLee69
PostGIS Workshop: a comprehensive tutorial.ppt
PostGIS Workshop: a comprehensive tutorial.pptPostGIS Workshop: a comprehensive tutorial.ppt
PostGIS Workshop: a comprehensive tutorial.ppt
LonJames2
22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx
22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx
22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx
Edward252793
FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...
FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...
FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...
FinanceGPT Labs
ARCH 2025: New Mexico Respite Provider Registry
ARCH 2025: New Mexico Respite Provider RegistryARCH 2025: New Mexico Respite Provider Registry
ARCH 2025: New Mexico Respite Provider Registry
Allen Shaw
Presentation_DM_applications for another services
Presentation_DM_applications for another servicesPresentation_DM_applications for another services
Presentation_DM_applications for another services
aldowilmeryapita
STS-PRELIM-2025.pptxtyyfddjugggfssghghihf
STS-PRELIM-2025.pptxtyyfddjugggfssghghihfSTS-PRELIM-2025.pptxtyyfddjugggfssghghihf
STS-PRELIM-2025.pptxtyyfddjugggfssghghihf
TristanEvasco
Pr辿sentation did辿e id辿e pour faire un projet
Pr辿sentation did辿e id辿e pour faire un projetPr辿sentation did辿e id辿e pour faire un projet
Pr辿sentation did辿e id辿e pour faire un projet
tahatraval88
Capital market of Nigeria and its economic values
Capital market of Nigeria and its economic valuesCapital market of Nigeria and its economic values
Capital market of Nigeria and its economic values
ezehnelson104
data compression.ppt tree structure vector
data compression.ppt tree structure vectordata compression.ppt tree structure vector
data compression.ppt tree structure vector
vidhyaminnalveeran29
537116365-Domain-6-Presentation-New.pptx
537116365-Domain-6-Presentation-New.pptx537116365-Domain-6-Presentation-New.pptx
537116365-Domain-6-Presentation-New.pptx
PorshaAbril1
High-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdf
High-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdfHigh-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdf
High-Paying Data Analytics Opportunities in Jaipur and Boost Your Career.pdf
vinay salarite
STS-5 ----------------------------------
STS-5 ----------------------------------STS-5 ----------------------------------
STS-5 ----------------------------------
leihlynnperegrin
BSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docx
BSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docxBSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docx
BSCS_IASN21C-24-25-Information-Assurance-and-Security-1 (1).docx
JohnMark171
networkmonitoringtools-200615094423.pptx
networkmonitoringtools-200615094423.pptxnetworkmonitoringtools-200615094423.pptx
networkmonitoringtools-200615094423.pptx
kelvinzallan5
Quantitative Presentation_Final.....pptx
Quantitative Presentation_Final.....pptxQuantitative Presentation_Final.....pptx
Quantitative Presentation_Final.....pptx
lenny lopez
AI-Powered Contact Centre Virtual Assistant DS
AI-Powered Contact Centre Virtual Assistant DSAI-Powered Contact Centre Virtual Assistant DS
AI-Powered Contact Centre Virtual Assistant DS
Srinivasan N
LITERATURE-MODEL.pptxddddddddddddddddddddddddddddddddd
LITERATURE-MODEL.pptxdddddddddddddddddddddddddddddddddLITERATURE-MODEL.pptxddddddddddddddddddddddddddddddddd
LITERATURE-MODEL.pptxddddddddddddddddddddddddddddddddd
Maimai708843
Chat Bots - An Analytical study including Indian players
Chat Bots - An Analytical study including Indian playersChat Bots - An Analytical study including Indian players
Chat Bots - An Analytical study including Indian players
DR. Ram Kumar Pathak
chap2_nnejjejehhehehhhhhhhhhehslides.ppt
chap2_nnejjejehhehehhhhhhhhhehslides.pptchap2_nnejjejehhehehhhhhhhhhehslides.ppt
chap2_nnejjejehhehehhhhhhhhhehslides.ppt
Nikhil620181
Digital Marketing Canvas for Charlotte Hornets
Digital Marketing Canvas for Charlotte HornetsDigital Marketing Canvas for Charlotte Hornets
Digital Marketing Canvas for Charlotte Hornets
DylanLee69
PostGIS Workshop: a comprehensive tutorial.ppt
PostGIS Workshop: a comprehensive tutorial.pptPostGIS Workshop: a comprehensive tutorial.ppt
PostGIS Workshop: a comprehensive tutorial.ppt
LonJames2
22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx
22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx
22 Nov RECSA AFRICA REGIONAL SECURITY ANALYSIS.pptx
Edward252793
FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...
FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...
FinanceGPT Labs Whitepaper - Risks of Large Quantitative Models in Financial ...
FinanceGPT Labs
ARCH 2025: New Mexico Respite Provider Registry
ARCH 2025: New Mexico Respite Provider RegistryARCH 2025: New Mexico Respite Provider Registry
ARCH 2025: New Mexico Respite Provider Registry
Allen Shaw
Presentation_DM_applications for another services
Presentation_DM_applications for another servicesPresentation_DM_applications for another services
Presentation_DM_applications for another services
aldowilmeryapita
STS-PRELIM-2025.pptxtyyfddjugggfssghghihf
STS-PRELIM-2025.pptxtyyfddjugggfssghghihfSTS-PRELIM-2025.pptxtyyfddjugggfssghghihf
STS-PRELIM-2025.pptxtyyfddjugggfssghghihf
TristanEvasco
Pr辿sentation did辿e id辿e pour faire un projet
Pr辿sentation did辿e id辿e pour faire un projetPr辿sentation did辿e id辿e pour faire un projet
Pr辿sentation did辿e id辿e pour faire un projet
tahatraval88
Capital market of Nigeria and its economic values
Capital market of Nigeria and its economic valuesCapital market of Nigeria and its economic values
Capital market of Nigeria and its economic values
ezehnelson104
data compression.ppt tree structure vector
data compression.ppt tree structure vectordata compression.ppt tree structure vector
data compression.ppt tree structure vector
vidhyaminnalveeran29

Prometheus as exposition format for eBPF programs running on Kubernetes

  • 1. Prometheus as exposition format for eBPF programs running on k8s Leonardo Di Donato. Open Source Software Engineer @ Sysdig. 2019.05.18 - Cloud_Native Rejekts EU - Barcelona, Spain
  • 2. whoami Leonardo Di Donato. Maintainer of Falco. Creator of kubectl-trace and go-syslog. Reach me out @leodido.
  • 3. @leodido Old buzzword. Is this SNMP? Focus on collecting, persisting, and alerting on just any data! It might also become simply garbage. Data lake. Doing it well requires a strategy. Uninformed monitoring equals hope. Monitoring The missing buzzwords Wait, another really cool buzzword is Tracing! Ability of a system to give to humans insights. Humans can observe, understand, and act on the presented state of an observable system. Ability to make deductions about internal state only looking at boundaries (inputs vs outputs). Never truly achieved. Ongoing process and mindset. Avoid black box data. Extract fine-grained and meaningful data. Observability
  • 4. @leodido Monitoring landscape very fragmented Many solutions with ancient tech Proprietary data formats often not completely impl. or undocumented or ... Hierarchical data models Metrics? W00t? Before Prometheus But theres a thing ... De-facto standard Cloud-native metric monitoring Ease of use Explosion of /metrics endpoints After Prometheus The journey so far
  • 5. What if we could exploit Prometheus (or OpenMetrics) exposition formats awesomeness without having to punctually instrument applications? Can we avoid to clog our applications through eBPF superpowers? eBFP superpowers @leodido
  • 6. What eBPF is You can now write mini programs that run on events like disk I/O which are run in a safe virtual machine in the kernel. In-kernel verifier refuses to load eBPF programs with invalid pointer dereferences, exceeding maximum call stack, or with loop without an upper bound. Imposes a stable Application Binary Interface (ABI). BPF on steroids A core part of the Linux kernel. @leodido
  • 7. @leodido userspace program bpf() syscall eBPF program ... user-space kernel eBPF map BPF_MAP_CREATE BPF_MAP_LOOKUP_ELEM BPF_MAP_UPDATE_ELEM BPF_MAP_DELETE_ELEM BPF_MAP_GET_NEXT_KEY http://bit.ly/bpf_map_types BPF_PROG_TYPE_SOCKET_FILTER BPF_PROG_TYPE_KPROBE BPF_PROG_TYPE_TRACEPOINT BPF_PROG_TYPE_RAW_TRACEPOINT BPF_PROG_TYPE_XDP BPF_PROG_TYPE_PERF_EVENT BPF_PROG_TYPE_CGROUP_SKB BPF_PROG_TYPE_CGROUP_SOCK BPF_PROG_TYPE_SOCK_OPS BPF_PROG_TYPE_SK_SKB BPF_PROG_TYPE_SK_MSG BPF_PROG_TYPE_SCHED_CLS BPF_PROG_TYPE_SCHED_ACT http://bit.ly/bpf_prog_types eBPF program How does eBFP work?
  • 8. fully programmable can trace everything in a system not limited to a specific application unified tracing interface for both kernel and userspace [k,u]probes, (dtrace)tracepoints and so on are also used by other tools minimal (negligible) performance impact attach JIT native compiled instrumentation code no long suspensions of execution Advantages requires a fairly recent kernel definitely not for debugging no knowledge of the calling higher level language implementation not fully running in user space kernel-user context (usually negligible) switch when eBPF instrument a user process still not portable as other tracers VM primarily developer in the Linux kernel (work-in-progress portings btw) Disadvantages Why use eBPF at all to trace userspace processes?
  • 9. @leodido BFP operator for Kubernetes Why dont we make eBPF programs look more YAML
  • 10. http://bit.ly/k8s_crd An extension of the K8S API that let you store and retrieve structured data. Custom resources http://bit.ly/k8s_shared_informers The actual control loop that watches the shared state using the workqueue. Shared informers http://bit.ly/k8s_custom_controllers It declares and specifies the desired state of your resource continuously trying to match it with the actual state. Controllers Customize all the things
  • 12. @leodido Did yall say YAML?! lets put some ELF magic in it... く
  • 13. @leodido Count packets by protocol Count sys_enter_write by process ID macro to generate sections inside the object file (later interpreted by the ELF BPF loader)
  • 14. @leodido Compile and inspect This is important because communicates to set the current running kernel version! Tricky and controversial legal thing about licenses ... The bpf_prog_load() wrapper also has a license parameter to provide the license that applies to the eBPF program being loaded. Not GPL-compatible license? Kernel wont load you eBPF! Exceptions applies... eBPF Maps
  • 17. @leodido Demo time Doing all the BPF things, with YAML
  • 19. @leodido # HELP test_packets No. of packets per protocol (key), node # TYPE test_packets counter test_packets{key="00001",node="127.0.0.1"} 8 test_packets{key="00002",node="127.0.0.1"} 1 test_packets{key="00006",node="127.0.0.1"} 551 test_packets{key="00008",node="127.0.0.1"} 1 test_packets{key="00017",node="127.0.0.1"} 15930 test_packets{key="00089",node="127.0.0.1"} 9 test_packets{key="00233",node="127.0.0.1"} 1 # EOF It is a WIP project but already open source! コ Check it out @ gh:bfptools/kube-bpf ip-10-12-0-136.ec2.internal:9387/metrics # <- ICMP # <- IGMP # <- TCP # <- EGP # <- UDP # <- OSPF # <- ?
  • 20. @leodido # HELP test_dummy No. sys_enter_write calls per PID (key), node # TYPE test_dummy counter test_dummy{key="00001",node="127.0.0.1"} ... test_dummy{key="00001",node="127.0.0.1"} 8 test_dummy{key="00295",node="127.0.0.1"} 1 test_dummy{key="01278",node="127.0.0.1"} 1158 test_dummy{key="04690",node="127.0.0.1"} 209 test_dummy{key="04691",node="127.0.0.1"} 889 # EOF It is a WIP project but already open source! コ Check it out @ gh:bfptools/kube-bpf ip-10-12-0-122.ec2.internal:9387/metrics
  • 21. @leodido It is a WIP project but already open source! コ Check it out @ gh:bfptools/kube-bpf
  • 22. @leodido kubectl-trace More eBPF + k8s Run bpftrace program (from file) Ctrl-C tells the program to plot the results using hist() The output histogram Maps
  • 23. @leodido Prometheus exposition format is here to stay given how simple it is OpenMetrics will introduce improvements on such giant shoulders We cannot monitor and observe everything from inside our applications ッ We might want to have a look at the orchestrator (context) our apps live and die in Kubernetes can be extended to achieve such levels of integrations ELF is cool We look for better tools (eBPF) for grabbing our metrics and even more Almost nullify footprint Enable a wider range of available data Do not touch our applications directly There is a PoC doing some magic at gh:bfptools/kube-bpf Key takeaways
  • 24. Thanks. Reach me out @leodido on twitter & github! SEE YALL AROUND AT KUBECON http://bit.ly/prometheus_ebpf_k8s
AboutCopyright
息 2025 際際滷