A talk I gave with Daniel Mellado at FOSDEM 2024 on deploying and managing eBPF applications with bpfd in Kubernetes and Fedora.
Video
Abstract
eBPF is a groundbreaking technology enabling the execution of programs in an isolated space within the kernel, operating with privileged access. It provides a safe and efficient way to extend kernel capabilities without modifying source code or loading additional modules, giving direct access to the Linux kernel space with notable performance improvements.
A key facilitator in this landscape is bpfd, a system daemon explicitly designed to streamline the deployment and management of eBPF applications. bpfd includes an operator for Kubernetes, allowing users to deploy eBPF programs using a Custom Resource (CR) within a cluster.
In this talk we trace bpfd's developmental journey from Aya, a Rust library for eBPF development, and cover practical aspects such as leveraging the operator, deploying applications, and how Fedora elevates the user experience as a host. We address security considerations for pods running eBPF applications in Kubernetes, outstanding integration challenges, and collaborative efforts within the eBPF sig-group in Fedora.
eBPF has already been adopted in production by Google, Netflix, Shopify, and Cloudflare — join us for an insightful discussion on the evolving landscape of eBPF orchestration in Kubernetes and Fedora.