On this week’s episode of the Kubelist podcast, we talked with Michelle Nguyen and Natalie Serrino from CNCF sandbox project Pixie. They taught us all about eBPF and the codeless observability Pixie brings to a cluster. Pixie was so impressive that the day after recording this we implemented Pixie on our clusters and haven’t looked back! I know I say this every time but I learned so much and was just blown away by their product, a must listen episode!

Let’s go on to the newsletter links! We are going to focus on observability / telemetry and how to gather those things with an eBPF bias for this week, let's dig in.

Issue #152

This is a great introductory article into eBPF and it gives a great TLDR; on the topic. It highlights when to use them (XDP, observability) and when not to use them (application layer policy, packet filtering). Very good place to start when trying to understand the power and functionality that eBPF has. 🏁

The folks over at Pixie are constantly adding to their repertoire of crazy things you can do with eBPF and this one is no different. They dig into using uprobes to read SSL/TLS connections before it's encrypted! While this is both fascinating, it makes me appreciate the choice to keep all Pixie data in the cluster itself!

This robust article walks us through the decision making process of why Falco chose to implement eBPF. Our friends over at Sysdig dive deep on eBPF, how to write them, the architecture decisions they choose and what the benefits are. After reading this one you begin to have an idea on the power of eBPF and why everyone won't stop talking about it! 🏗️

While “goodbye sidecars” might be a bit hyperbolic, this article dives into the promise of eBPF and how it COULD replace them. Clearly there are real security, complexity, and speed gains to be had, we will let you read this article and make your own decision, but definitely makes quite a compelling case for the future of networking in k8s land. 🏎️

The folks over at New Relic (they bought Pixie as a FYI) dig into eBPF and what it means for the greater observability picture. While it lightly touches on the architecture it does a great job highlighting some of the major benefits (Unified tracing, Security, Programmability) of eBPF and of course some of the downsides.

Our friends over at Cilium have been all over eBPF in the Kubernetes landscape for a long while (in CNCF time). This article is a dense resource on the history of kubernetes, networking, and the rise of eBPF as a solution to a lot of the biggest problems we face as k8s engineers. 🌐

@lizrice is giving a talk Jan 20 on eBPF, it's too timely not to mention, officially making Liz Rice the first person to have back to back kubelist tweet of the week appearances!