inspektor gadget and traceloop tracing containers
play

Inspektor Gadget and traceloop Tracing containers syscalls using - PowerPoint PPT Presentation

Mar 28, 2024 •116 likes •426 views

Inspektor Gadget and traceloop Tracing containers syscalls using BPF FOSDEM | 1 Feb 2020 https://tinyurl.com/fosdem-gadget Hi, Im Alban Alban Crequy CTO, Kinvolk Github: alban Twitter: albcr Email: alban@kinvolk.io Kinvolk Driving

  1. Inspektor Gadget and traceloop Tracing containers syscalls using BPF FOSDEM | 1 Feb 2020 https://tinyurl.com/fosdem-gadget

  2. Hi, I’m Alban Alban Crequy CTO, Kinvolk Github: alban Twitter: albcr Email: alban@kinvolk.io

  3. Kinvolk Driving Kubernetes Forward Engineering products + support services for Kubernetes, containers, process management and Linux user-space + kernel Blog: kinvolk.io/blog Github: kinvolk Twitter: kinvolkio Email: hello@kinvolk.io

  4. strace Kubernetes BPF

  5. Traceloop Tracing system calls in cgroups using BPF and overwritable ring buffers https://github.com/kinvolk/traceloop Inspektor Gadget Collection of gadgets for developers of Kubernetes applications https://github.com/kinvolk/inspektor-gadget Kubernetes Slack: #inspektor-gadget

  6. BPF in a nutshell

  7. Debugging with “strace” on Kubernetes - Strace is slow - cannot be used for all pods on prod - We need to know what’s going to crash - And start strace just before - Problem with unreproducible crashes - Idea: “flight recorder” - Capture syscalls with BPF instead of strace - Send the events to a per-pod ring buffer - Only read the ring buffer when the pod crashed

  8. Comparing strace and traceloop strace traceloop Capture method ptrace BPF on tracepoints Granularity process cgroup Speed slow fast Asynchronous Synchronous Reliability Can lose events Cannot lose events Can fail to read buffers (EFAULT)

  9. Debugging with “strace” on Kubernetes BPF program (tracepoint sys_enter) Pod 1: BPF program perf ring buffer (tail call) HashMap “cgrpTailcall” Key: cgroup_id Value: BPF program Pod 2: BPF program perf ring buffer (tail call) kernel userspace Only read the ring buffer when the pod crashes Daemon Set

  10. DEMO traceloop

  11. Adapting BPF tracing tools to Kubernetes

  12. What do we need for Kubernetes? ❏ Granularity of tracing: your pod Pids are not useful when we don’t know which container it is ❏ We don’t want to trace all the system processes on a node ❏ ❏ Aggregation Using Kubernetes labels ❏ ❏ kubectl-like UX experience Developers should not need to SSH ❏ Developers should not need to deploy a pod + kubectl-exec for each tracing ❏

  13. Tracing tools for Kubernetes Linux tracing tool Kubernetes tracing tool bpftrace https://github.com/iovisor/bpftrace https://github.com/iovisor/kubectl-trace BPF Compiler Collection (BCC) Inspektor Gadget https://github.com/iovisor/bcc https://github.com/kinvolk/inspektor-gadget traceloop https://github.com/kinvolk/traceloop

  14. Kubernetes Control Plane K8s integration (API Server, scheduler, ...) Deploy Create DaemonSet gadget pods kubectl-exec kubectl-gadget exec client plugin “gadget” pod exec traceloop & bcc $ kubectl gadget... Install BPF program kernel worker node My laptop Kubernetes cluster

  15. DEMO Inspektor Gadget +traceloop

  16. Stopgaps in traceloop

  17. Inspektor Gadget + traceloop - Works on: - Kinvolk’s Flatcar Container Linux + Lokomotive - Minikube (Linux 4.14) - GKE (Linux 4.14) - Without: - Linux >= 4.18 (for bpf_get_current_cgroup_id) - cgroup-v2 - runc without using OCI hooks

  18. No cgroup-v2 - bpf_get_current_cgroup_id not available - Detect new namespaces: struct task_struct -> struct nsproxy -> struct uts_namespace -> inode - Find out struct offsets at startup to support several kernel versions without recompiling the BPF program

  19. No OCI hooks - Cannot add a new “tailcall” module in the PreStart OCI hook - Cannot directly use the Kubernetes API - That would be too late to get the early syscalls

  20. No OCI hooks - Add a pool of “tailcall” modules for future containers - When detecting a new container from BPF, plug the prog map array from BPF - Reconcile with containers from the Kubernetes API

  21. Other gadgets

  22. Use cases - Debugging your app - ✅ traceloop - ✅ opensnoop, execsnoop - ❌ WIP: tcptop - Help writing Kubernetes network policies - ❌ TODO (tcpconnect) - Help writing Kubernetes PSP - ❌ WIP: capabilities

  23. DEMO Inspektor Gadget + execsnoop, opensnoop

  24. Gadget Tracer Manager

  25. Selecting containers $ kubectl gadget execsnoop \ --label k8s-app=myapp1,tier=bar \ --namespace default \ --podname myapp1-l9ttj \ --node ip-10-0-12-31 \ --containerindex 0

  26. Pods & tracers come and go Pod “myapp1-l9ttj” tracer 1 Pod “myapp1-1bis9j” tracer 2 Pod “myapp2-7fd9zx”

  27. Keeping track of containers & tracers Inspektor Gadget Add Add container OCI Hook tracer Gadget Tracer PreStart Manager Remove Remove bcc-wrapper.sh container (gRPC API) kubectl OCI Hook tracer exec PostStop Update BPF maps BPF program BCC’s execsnoop kprobe “syscall__execve” BPF Map /sys/fs/bpf/gadget/cgroupidset-1a16cf pseudo BPF code for tracer “1a16cf” (set of matching containers) u64 cgroupid = bpf_get_current_cgroup_id(); if (cgroupset.lookup(&cgroupid) == NULL) return 0;

  28. Contribute

  29. How to contribute - Join the Kubernetes Slack #inspektor-gadget - GitHub issues with label “good first issue”

  30. Thank you! Alban Crequy Github: alban Twitter: albcr Email: alban@kinvolk.io Kinvolk Blog: kinvolk.io/blog Github: kinvolk Twitter: kinvolkio Email: hello@kinvolk.io Kubernetes Slack: #inspektor-gadget Slides: https://tinyurl.com/fosdem-gadget

Recommend

Kernel USB Gadget Configfs Interface Matt Porter Linaro Overview Prereqs: understand USB

Kernel USB Gadget Configfs Interface Matt Porter Linaro Overview Prereqs: understand USB

Kernel USB Gadget Configfs Interface Matt Porter Linaro Overview Prereqs: understand USB Linux USB Terminology Brief history of USB gadget subsystem Other filesystem-based gadget interfaces Using USB gadget configfs

439 views • 21 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II Overview Last lecture Ray tracing I Basic ray tracing What is possible? Recursive ray tracing algorithm Intersection

873 views • 84 slides
Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows Acceleration Data Structures Antialiasing (getting rid of jaggies) for Ray Tracing Glossy reflection Motion blur Depth of field (focus)

940 views • 10 slides
Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why

Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why

Graphics (INFOGR), 2018-19, Block IV, lecture 1 Deb Panja Today: Vectors and vector algebra Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why vectors? you need to shoot a lot of such rays!

594 views • 47 slides
Ray Tracing Basics CSE 681 Autumn 11 Han-Wei Shen Forward Ray Tracing We shoot a large

Ray Tracing Basics CSE 681 Autumn 11 Han-Wei Shen Forward Ray Tracing We shoot a large

Ray Tracing Basics CSE 681 Autumn 11 Han-Wei Shen Forward Ray Tracing We shoot a large number of photons Problem? Backward Tracing For every pixel Construct a ray from the eye For every object in the scene Find intersection with the ray

695 views • 55 slides
Knowledge Tracing Machines: Factorization Machines for Knowledge Tracing Jill-Jnn Vie Hisashi

Knowledge Tracing Machines: Factorization Machines for Knowledge Tracing Jill-Jnn Vie Hisashi

Introduction Knowledge Tracing Encoding existing models Knowledge Tracing Machines Results Conclusion Knowledge Tracing Machines: Factorization Machines for Knowledge Tracing Jill-Jnn Vie Hisashi Kashima KJMLW, February 22, 2019

698 views • 51 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
Advanced Ray Tracing Stochastic ray tracing: distribute rays stochastically across pixel

Advanced Ray Tracing Stochastic ray tracing: distribute rays stochastically across pixel

Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Advanced Ray Tracing Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing: distribute

263 views • 3 slides
Computer Graphics - Ray Tracing I - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing I

Computer Graphics - Ray Tracing I - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing I

Computer Graphics - Ray Tracing I - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing I Overview Last Lecture Introduction Now Ray tracing I Background Basic ray tracing What is possible? Recursive

1.09k views • 56 slides
Relativistic Ray Tracing in Julia Ryan McKinnon November 30, 2015 Introduction Ray tracing is

Relativistic Ray Tracing in Julia Ryan McKinnon November 30, 2015 Introduction Ray tracing is

Relativistic Ray Tracing in Julia Ryan McKinnon November 30, 2015 Introduction Ray tracing is used in many scientific fields to visualize 3D data Relativistic ray tracing is needed to model a black holes warped spacetime under general

332 views • 9 slides
Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides

Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides

Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 3 4 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface

345 views • 10 slides
Logistics Paper summaries on Ray Tracing Any takers? Advanced Ray Tracing About the

Logistics Paper summaries on Ray Tracing Any takers? Advanced Ray Tracing About the

Logistics Paper summaries on Ray Tracing Any takers? Advanced Ray Tracing About the Animation Course Announcement 12-hour programming competition Tenatively scheduled for: Sponsored by Computer Science House & Redbull

491 views • 11 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides

More recommend