SlideShare une entreprise Scribd logo

Kubernetes Debugging with Mirrord and Kubernetes

Konrad Ferdinand Heimel
Konrad Ferdinand Heimel

Presentation about two tools: - mirrord Transfer your IDE into the - inspector gadget Cloud-native debugging using eBPF

Technologie
1  sur  18
Télécharger pour lire hors ligne
Kubernetes Debugging Tools mirrord and Inspector Gadget Konrad F. Heimel, 2023-08-17 1
Agenda mirrord Transfer your IDE into the Kubernetes cluster inspector gadget Cloud-native debugging using eBPF Konrad F. Heimel, 2023-08-17 2
What is mirrord? Connects a local process to your Kubernetes cluster. Comes with CLI & plugins for IntelliJ and VS Code. Debug in the cloud, without deploying. Test locally in cloud conditions: Without local deployment Without CI/CD Without deploying untested code Konrad F. Heimel, 2023-08-17 3
🎥Live Demo Konrad F. Heimel, 2023-08-17 4
How does it work? 1. Creates a mirrord-agent in the cluster: Clones/steals & forwards traffic 2. Overrides local process' syscalls to: Listen to agent's incoming traffic. Send out traffic from remote pod. Access remote file system. Merge pod's environment with local. Konrad F. Heimel, 2023-08-17 5
Language/Framework Support Hooks libc , supporting: Rust Node Python Java Kotlin Ruby ... and others! Also supports Go, not using libc . Konrad F. Heimel, 2023-08-17 6
Installation on Cluster? Nothing persistent. Short-lived pod/container for proxy. Only needs kubectl configured. Incompatible with Pod Security Standards. apiVersion: v1 kind: Pod metadata: name: mirrord-agent-lgfcl4ujer-mxbgp spec: containers: - image: ghcr.io/metalbear-co/mirrord:3.56.1 name: mirrord-agent securityContext: capabilities: add: - SYS_ADMIN - SYS_PTRACE - NET_RAW - NET_ADMIN runAsGroup: 7318 volumeMounts: - mountPath: /host/run name: hostrun - mountPath: /host/var name: hostvar hostPID: true volumes: - hostPath: path: /run name: hostrun - hostPath: path: /var name: hostvar Konrad F. Heimel, 2023-08-17 7
Configuration target : Pod/group you connect to. env : Merge pod's and local's environment. networking.mode : steal : Capture incoming mirror : Sniff & forward a copy fs.mode : localwithoverrides : Read Kubelet- generated files. { "kube_context": "my-cluster", "accept_invalid_certificates": false, "target": { "path": "deploy/spring-demo-chart", "namespace": "mirrord-demo" }, "feature": { "network": { "incoming": { "mode": "mirror", "outgoing": true }, "dns": true }, "fs": { "mode": "localwithoverrides" }, "env": true }, "telemetry": false } Konrad F. Heimel, 2023-08-17 8
Advantages of mirrord Mirrors traffic ensuring safety. Flexibly manage traffic and file operations. Superior to local clusters: Handles complex environments. No installation of infrastructure on cluster required. No cluster deployments: Stable code remains. Connects specific services to the cloud. Konrad F. Heimel, 2023-08-17 9
mirrord vs. Telepresence Process-level operation (no daemons). Run multiple services concurrently. No cluster installation needed. Duplicates traffic by default. IDE extensions available! vs Konrad F. Heimel, 2023-08-17 10
Collection of eBPF-based tools for Kubernetes apps. Collects low-level kernel data. Enriches with Kubernetes metadata. Mechanism to deploy eBPF tools to Kubernetes clusters. CLI tool ig for tracing containers. Prometheus metrics endpoint. Konrad F. Heimel, 2023-08-17 11
Linux kernel technology. Restricted C subset programs. Compiled to special bytecode. Validated before kernel execution. from __future__ import print_function from bcc import BPF from bcc.utils import printb # load BPF program b = BPF(text=""" TRACEPOINT_PROBE(random, urandom_read) { // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format bpf_trace_printk("%dn", args->got_bits); return 0; } """) # header print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) # format output while 1: try: (task, pid, cpu, flags, ts, msg) = b.trace_fields() except ValueError: continue except KeyboardInterrupt: exit() printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) Konrad F. Heimel, 2023-08-17 12
eBPF Overview Source: https://www.brendangregg.com/ebpf.html 13
Inspektor Gadget Overview Provides a trace Custom Resource Definition (CRD) for control. Interaction through kubectl gadget CLI. Gadget pod has a Kubernetes controller to perform CR actions. eBPF program installation via tracers from trace CRD. eBPF: Inbuilt kernel VM allowing userspace scripts in kernel space. Konrad F. Heimel, 2023-08-17 14
🎥Live Demo Konrad F. Heimel, 2023-08-17 15
The Gadgets Konrad F. Heimel, 2023-08-17 16
Installing Inspector Gadget Install Inspector Gadget using Krew kubectl plugin manager: $ kubectl krew install gadget Deploy Inspector Gadget on Kubernetes: $ kubectl gadget deploy Creating Namespace/gadget... ... Creating DaemonSet/gadget... ... Inspektor Gadget successfully deployed Konrad F. Heimel, 2023-08-17 17
Further Resources mirrord inspector gadget eBPF Basics Related Tools Krew kubectl Plugin Manager BPF Compiler Collection (BCC) Konrad F. Heimel, 2023-08-17 18

Recommandé

Tools for kubernetes network debugging
Tools for kubernetes network debuggingTools for kubernetes network debugging
Tools for kubernetes network debuggingKonrad Ferdinand Heimel
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayJohannes Brännström
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinDjalal Harouni
 
Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & Codefresh Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & CodefreshCodefresh
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Open Source Technology Center MeetUps
 
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Michael Hofmann
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)佑介 九岡
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout
 

Recommandé

Tools for kubernetes network debugging
Tools for kubernetes network debuggingTools for kubernetes network debugging
Tools for kubernetes network debuggingKonrad Ferdinand Heimel
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayJohannes Brännström
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinDjalal Harouni
 
Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & Codefresh Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & CodefreshCodefresh
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Open Source Technology Center MeetUps
 
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Michael Hofmann
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)佑介 九岡
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるKohei Tokunaga
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Continuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsContinuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsB1 Systems GmbH
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsBCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsXavier Hallade
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthScyllaDB
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesQAware GmbH
 
Hybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshHybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshDevOps.com
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortGabriel Bechara
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiumShifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiuminside-BigData.com
 
Deep Learning Edge
Deep Learning Edge Deep Learning Edge
Deep Learning Edge Ganesan Narayanasamy
 
Deploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerDeploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerSander van der Burg
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudTian-Jian Wu
 
introduction to .net
introduction to .netintroduction to .net
introduction to .netbantamlak dejene
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 
WIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsWIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsMirco Vanini
 
Deploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmDeploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmJessica Deen
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summits
 
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkRed Hat Developers
 
developer-experience.pdf
developer-experience.pdfdeveloper-experience.pdf
developer-experience.pdfKonrad Ferdinand Heimel
 
Das Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsDas Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsKonrad Ferdinand Heimel
 

Contenu connexe

Similaire à Kubernetes Debugging with Mirrord and Kubernetes

DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるKohei Tokunaga
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Continuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsContinuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsB1 Systems GmbH
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsBCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsXavier Hallade
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthScyllaDB
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesQAware GmbH
 
Hybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshHybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshDevOps.com
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortGabriel Bechara
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiumShifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiuminside-BigData.com
 
Deploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerDeploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerSander van der Burg
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudTian-Jian Wu
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 
WIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsWIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsMirco Vanini
 
Deploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmDeploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmJessica Deen
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summits
 
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkRed Hat Developers
 

Similaire à Kubernetes Debugging with Mirrord and Kubernetes (20)

DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐる
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et Rancher
 
Continuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsContinuous Integration using Docker & Jenkins
Continuous Integration using Docker & Jenkins
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et Rancher
 
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsBCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster Health
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT Devices
 
Hybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshHybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and Codefresh
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-short
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiumShifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposium
 
Deep Learning Edge
Deep Learning Edge Deep Learning Edge
Deep Learning Edge
 
Deploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerDeploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package manager
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloud
 
introduction to .net
introduction to .netintroduction to .net
introduction to .net
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
 
WIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsWIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s news
 
Deploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmDeploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and Helm
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
 
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
 

Plus de Konrad Ferdinand Heimel

Konfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonrad Ferdinand Heimel
 
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonrad Ferdinand Heimel
 

Plus de Konrad Ferdinand Heimel (6)

developer-experience.pdf
developer-experience.pdfdeveloper-experience.pdf
developer-experience.pdf
 
Das Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsDas Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOps
 
Konfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode Chef
 
NETCONF & YANG
NETCONF & YANGNETCONF & YANG
NETCONF & YANG
 
SNMP - Eine kurze Einführung
SNMP - Eine kurze Einführung SNMP - Eine kurze Einführung
SNMP - Eine kurze Einführung
 
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
 

Dernier

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideStefan Dietze
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?Paolo Missier
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 

Dernier (20)

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 

Kubernetes Debugging with Mirrord and Kubernetes

  • 1. Kubernetes Debugging Tools mirrord and Inspector Gadget Konrad F. Heimel, 2023-08-17 1
  • 2. Agenda mirrord Transfer your IDE into the Kubernetes cluster inspector gadget Cloud-native debugging using eBPF Konrad F. Heimel, 2023-08-17 2
  • 3. What is mirrord? Connects a local process to your Kubernetes cluster. Comes with CLI & plugins for IntelliJ and VS Code. Debug in the cloud, without deploying. Test locally in cloud conditions: Without local deployment Without CI/CD Without deploying untested code Konrad F. Heimel, 2023-08-17 3
  • 4. 🎥Live Demo Konrad F. Heimel, 2023-08-17 4
  • 5. How does it work? 1. Creates a mirrord-agent in the cluster: Clones/steals & forwards traffic 2. Overrides local process' syscalls to: Listen to agent's incoming traffic. Send out traffic from remote pod. Access remote file system. Merge pod's environment with local. Konrad F. Heimel, 2023-08-17 5
  • 6. Language/Framework Support Hooks libc , supporting: Rust Node Python Java Kotlin Ruby ... and others! Also supports Go, not using libc . Konrad F. Heimel, 2023-08-17 6
  • 7. Installation on Cluster? Nothing persistent. Short-lived pod/container for proxy. Only needs kubectl configured. Incompatible with Pod Security Standards. apiVersion: v1 kind: Pod metadata: name: mirrord-agent-lgfcl4ujer-mxbgp spec: containers: - image: ghcr.io/metalbear-co/mirrord:3.56.1 name: mirrord-agent securityContext: capabilities: add: - SYS_ADMIN - SYS_PTRACE - NET_RAW - NET_ADMIN runAsGroup: 7318 volumeMounts: - mountPath: /host/run name: hostrun - mountPath: /host/var name: hostvar hostPID: true volumes: - hostPath: path: /run name: hostrun - hostPath: path: /var name: hostvar Konrad F. Heimel, 2023-08-17 7
  • 8. Configuration target : Pod/group you connect to. env : Merge pod's and local's environment. networking.mode : steal : Capture incoming mirror : Sniff & forward a copy fs.mode : localwithoverrides : Read Kubelet- generated files. { "kube_context": "my-cluster", "accept_invalid_certificates": false, "target": { "path": "deploy/spring-demo-chart", "namespace": "mirrord-demo" }, "feature": { "network": { "incoming": { "mode": "mirror", "outgoing": true }, "dns": true }, "fs": { "mode": "localwithoverrides" }, "env": true }, "telemetry": false } Konrad F. Heimel, 2023-08-17 8
  • 9. Advantages of mirrord Mirrors traffic ensuring safety. Flexibly manage traffic and file operations. Superior to local clusters: Handles complex environments. No installation of infrastructure on cluster required. No cluster deployments: Stable code remains. Connects specific services to the cloud. Konrad F. Heimel, 2023-08-17 9
  • 10. mirrord vs. Telepresence Process-level operation (no daemons). Run multiple services concurrently. No cluster installation needed. Duplicates traffic by default. IDE extensions available! vs Konrad F. Heimel, 2023-08-17 10
  • 11. Collection of eBPF-based tools for Kubernetes apps. Collects low-level kernel data. Enriches with Kubernetes metadata. Mechanism to deploy eBPF tools to Kubernetes clusters. CLI tool ig for tracing containers. Prometheus metrics endpoint. Konrad F. Heimel, 2023-08-17 11
  • 12. Linux kernel technology. Restricted C subset programs. Compiled to special bytecode. Validated before kernel execution. from __future__ import print_function from bcc import BPF from bcc.utils import printb # load BPF program b = BPF(text=""" TRACEPOINT_PROBE(random, urandom_read) { // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format bpf_trace_printk("%dn", args->got_bits); return 0; } """) # header print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) # format output while 1: try: (task, pid, cpu, flags, ts, msg) = b.trace_fields() except ValueError: continue except KeyboardInterrupt: exit() printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) Konrad F. Heimel, 2023-08-17 12
  • 14. Inspektor Gadget Overview Provides a trace Custom Resource Definition (CRD) for control. Interaction through kubectl gadget CLI. Gadget pod has a Kubernetes controller to perform CR actions. eBPF program installation via tracers from trace CRD. eBPF: Inbuilt kernel VM allowing userspace scripts in kernel space. Konrad F. Heimel, 2023-08-17 14
  • 15. 🎥Live Demo Konrad F. Heimel, 2023-08-17 15
  • 16. The Gadgets Konrad F. Heimel, 2023-08-17 16
  • 17. Installing Inspector Gadget Install Inspector Gadget using Krew kubectl plugin manager: $ kubectl krew install gadget Deploy Inspector Gadget on Kubernetes: $ kubectl gadget deploy Creating Namespace/gadget... ... Creating DaemonSet/gadget... ... Inspektor Gadget successfully deployed Konrad F. Heimel, 2023-08-17 17
  • 18. Further Resources mirrord inspector gadget eBPF Basics Related Tools Krew kubectl Plugin Manager BPF Compiler Collection (BCC) Konrad F. Heimel, 2023-08-17 18