SlideShare a Scribd company logo

Kubernetes Debugging with Mirrord and Kubernetes

Konrad Ferdinand Heimel
Konrad Ferdinand Heimel

Presentation about two tools: - mirrord Transfer your IDE into the - inspector gadget Cloud-native debugging using eBPF

Technology
1 of 18
Download to read offline
Kubernetes Debugging Tools mirrord and Inspector Gadget Konrad F. Heimel, 2023-08-17 1
Agenda mirrord Transfer your IDE into the Kubernetes cluster inspector gadget Cloud-native debugging using eBPF Konrad F. Heimel, 2023-08-17 2
What is mirrord? Connects a local process to your Kubernetes cluster. Comes with CLI & plugins for IntelliJ and VS Code. Debug in the cloud, without deploying. Test locally in cloud conditions: Without local deployment Without CI/CD Without deploying untested code Konrad F. Heimel, 2023-08-17 3
🎥Live Demo Konrad F. Heimel, 2023-08-17 4
How does it work? 1. Creates a mirrord-agent in the cluster: Clones/steals & forwards traffic 2. Overrides local process' syscalls to: Listen to agent's incoming traffic. Send out traffic from remote pod. Access remote file system. Merge pod's environment with local. Konrad F. Heimel, 2023-08-17 5
Language/Framework Support Hooks libc , supporting: Rust Node Python Java Kotlin Ruby ... and others! Also supports Go, not using libc . Konrad F. Heimel, 2023-08-17 6
Installation on Cluster? Nothing persistent. Short-lived pod/container for proxy. Only needs kubectl configured. Incompatible with Pod Security Standards. apiVersion: v1 kind: Pod metadata: name: mirrord-agent-lgfcl4ujer-mxbgp spec: containers: - image: ghcr.io/metalbear-co/mirrord:3.56.1 name: mirrord-agent securityContext: capabilities: add: - SYS_ADMIN - SYS_PTRACE - NET_RAW - NET_ADMIN runAsGroup: 7318 volumeMounts: - mountPath: /host/run name: hostrun - mountPath: /host/var name: hostvar hostPID: true volumes: - hostPath: path: /run name: hostrun - hostPath: path: /var name: hostvar Konrad F. Heimel, 2023-08-17 7
Configuration target : Pod/group you connect to. env : Merge pod's and local's environment. networking.mode : steal : Capture incoming mirror : Sniff & forward a copy fs.mode : localwithoverrides : Read Kubelet- generated files. { "kube_context": "my-cluster", "accept_invalid_certificates": false, "target": { "path": "deploy/spring-demo-chart", "namespace": "mirrord-demo" }, "feature": { "network": { "incoming": { "mode": "mirror", "outgoing": true }, "dns": true }, "fs": { "mode": "localwithoverrides" }, "env": true }, "telemetry": false } Konrad F. Heimel, 2023-08-17 8
Advantages of mirrord Mirrors traffic ensuring safety. Flexibly manage traffic and file operations. Superior to local clusters: Handles complex environments. No installation of infrastructure on cluster required. No cluster deployments: Stable code remains. Connects specific services to the cloud. Konrad F. Heimel, 2023-08-17 9
mirrord vs. Telepresence Process-level operation (no daemons). Run multiple services concurrently. No cluster installation needed. Duplicates traffic by default. IDE extensions available! vs Konrad F. Heimel, 2023-08-17 10
Collection of eBPF-based tools for Kubernetes apps. Collects low-level kernel data. Enriches with Kubernetes metadata. Mechanism to deploy eBPF tools to Kubernetes clusters. CLI tool ig for tracing containers. Prometheus metrics endpoint. Konrad F. Heimel, 2023-08-17 11
Linux kernel technology. Restricted C subset programs. Compiled to special bytecode. Validated before kernel execution. from __future__ import print_function from bcc import BPF from bcc.utils import printb # load BPF program b = BPF(text=""" TRACEPOINT_PROBE(random, urandom_read) { // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format bpf_trace_printk("%dn", args->got_bits); return 0; } """) # header print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) # format output while 1: try: (task, pid, cpu, flags, ts, msg) = b.trace_fields() except ValueError: continue except KeyboardInterrupt: exit() printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) Konrad F. Heimel, 2023-08-17 12
eBPF Overview Source: https://www.brendangregg.com/ebpf.html 13
Inspektor Gadget Overview Provides a trace Custom Resource Definition (CRD) for control. Interaction through kubectl gadget CLI. Gadget pod has a Kubernetes controller to perform CR actions. eBPF program installation via tracers from trace CRD. eBPF: Inbuilt kernel VM allowing userspace scripts in kernel space. Konrad F. Heimel, 2023-08-17 14
🎥Live Demo Konrad F. Heimel, 2023-08-17 15
The Gadgets Konrad F. Heimel, 2023-08-17 16
Installing Inspector Gadget Install Inspector Gadget using Krew kubectl plugin manager: $ kubectl krew install gadget Deploy Inspector Gadget on Kubernetes: $ kubectl gadget deploy Creating Namespace/gadget... ... Creating DaemonSet/gadget... ... Inspektor Gadget successfully deployed Konrad F. Heimel, 2023-08-17 17
Further Resources mirrord inspector gadget eBPF Basics Related Tools Krew kubectl Plugin Manager BPF Compiler Collection (BCC) Konrad F. Heimel, 2023-08-17 18

Recommended

Tools for kubernetes network debugging
Tools for kubernetes network debuggingTools for kubernetes network debugging
Tools for kubernetes network debuggingKonrad Ferdinand Heimel
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayJohannes Brännström
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinDjalal Harouni
 
Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & Codefresh Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & CodefreshCodefresh
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Open Source Technology Center MeetUps
 
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Michael Hofmann
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)佑介 九岡
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout
 

Recommended

Tools for kubernetes network debugging
Tools for kubernetes network debuggingTools for kubernetes network debugging
Tools for kubernetes network debuggingKonrad Ferdinand Heimel
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayJohannes Brännström
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinDjalal Harouni
 
Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & Codefresh Hybrid CI/CD with Kubernetes & Codefresh
Hybrid CI/CD with Kubernetes & CodefreshCodefresh
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Open Source Technology Center MeetUps
 
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Michael Hofmann
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)佑介 九岡
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるKohei Tokunaga
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Continuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsContinuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsB1 Systems GmbH
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsBCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsXavier Hallade
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthScyllaDB
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesQAware GmbH
 
Hybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshHybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshDevOps.com
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortGabriel Bechara
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiumShifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiuminside-BigData.com
 
Deep Learning Edge
Deep Learning Edge Deep Learning Edge
Deep Learning Edge Ganesan Narayanasamy
 
Deploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerDeploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerSander van der Burg
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudTian-Jian Wu
 
introduction to .net
introduction to .netintroduction to .net
introduction to .netbantamlak dejene
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 
WIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsWIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsMirco Vanini
 
Deploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmDeploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmJessica Deen
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summits
 
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkRed Hat Developers
 
developer-experience.pdf
developer-experience.pdfdeveloper-experience.pdf
developer-experience.pdfKonrad Ferdinand Heimel
 
Das Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsDas Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsKonrad Ferdinand Heimel
 

More Related Content

Similar to Kubernetes Debugging with Mirrord and Kubernetes

DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるKohei Tokunaga
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Continuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsContinuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsB1 Systems GmbH
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsBCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsXavier Hallade
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthScyllaDB
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesQAware GmbH
 
Hybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshHybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshDevOps.com
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortGabriel Bechara
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiumShifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiuminside-BigData.com
 
Deploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerDeploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerSander van der Burg
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudTian-Jian Wu
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 
WIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsWIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsMirco Vanini
 
Deploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmDeploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmJessica Deen
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summits
 
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkRed Hat Developers
 

Similar to Kubernetes Debugging with Mirrord and Kubernetes (20)

DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐる
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et Rancher
 
Continuous Integration using Docker & Jenkins
Continuous Integration using Docker & JenkinsContinuous Integration using Docker & Jenkins
Continuous Integration using Docker & Jenkins
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et Rancher
 
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUsBCON22: oneAPI backend - Blender Cycles on Intel GPUs
BCON22: oneAPI backend - Blender Cycles on Intel GPUs
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster Health
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT Devices
 
Hybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and CodefreshHybrid CI/CD with Kubernetes and Codefresh
Hybrid CI/CD with Kubernetes and Codefresh
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-short
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiumShifter singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposium
 
Deep Learning Edge
Deep Learning Edge Deep Learning Edge
Deep Learning Edge
 
Deploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package managerDeploying .NET applications with the Nix package manager
Deploying .NET applications with the Nix package manager
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloud
 
introduction to .net
introduction to .netintroduction to .net
introduction to .net
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
 
WIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s newsWIndows Embedded Compact 2013 – What’s news
WIndows Embedded Compact 2013 – What’s news
 
Deploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmDeploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and Helm
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
 
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech TalkArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
ArgoCD and Tekton: Match made in Kubernetes heaven | DevNation Tech Talk
 

More from Konrad Ferdinand Heimel

Konfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonrad Ferdinand Heimel
 
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonrad Ferdinand Heimel
 

More from Konrad Ferdinand Heimel (6)

developer-experience.pdf
developer-experience.pdfdeveloper-experience.pdf
developer-experience.pdf
 
Das Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsDas Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOps
 
Konfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode Chef
 
NETCONF & YANG
NETCONF & YANGNETCONF & YANG
NETCONF & YANG
 
SNMP - Eine kurze Einführung
SNMP - Eine kurze Einführung SNMP - Eine kurze Einführung
SNMP - Eine kurze Einführung
 
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Kubernetes Debugging with Mirrord and Kubernetes

  • 1. Kubernetes Debugging Tools mirrord and Inspector Gadget Konrad F. Heimel, 2023-08-17 1
  • 2. Agenda mirrord Transfer your IDE into the Kubernetes cluster inspector gadget Cloud-native debugging using eBPF Konrad F. Heimel, 2023-08-17 2
  • 3. What is mirrord? Connects a local process to your Kubernetes cluster. Comes with CLI & plugins for IntelliJ and VS Code. Debug in the cloud, without deploying. Test locally in cloud conditions: Without local deployment Without CI/CD Without deploying untested code Konrad F. Heimel, 2023-08-17 3
  • 4. 🎥Live Demo Konrad F. Heimel, 2023-08-17 4
  • 5. How does it work? 1. Creates a mirrord-agent in the cluster: Clones/steals & forwards traffic 2. Overrides local process' syscalls to: Listen to agent's incoming traffic. Send out traffic from remote pod. Access remote file system. Merge pod's environment with local. Konrad F. Heimel, 2023-08-17 5
  • 6. Language/Framework Support Hooks libc , supporting: Rust Node Python Java Kotlin Ruby ... and others! Also supports Go, not using libc . Konrad F. Heimel, 2023-08-17 6
  • 7. Installation on Cluster? Nothing persistent. Short-lived pod/container for proxy. Only needs kubectl configured. Incompatible with Pod Security Standards. apiVersion: v1 kind: Pod metadata: name: mirrord-agent-lgfcl4ujer-mxbgp spec: containers: - image: ghcr.io/metalbear-co/mirrord:3.56.1 name: mirrord-agent securityContext: capabilities: add: - SYS_ADMIN - SYS_PTRACE - NET_RAW - NET_ADMIN runAsGroup: 7318 volumeMounts: - mountPath: /host/run name: hostrun - mountPath: /host/var name: hostvar hostPID: true volumes: - hostPath: path: /run name: hostrun - hostPath: path: /var name: hostvar Konrad F. Heimel, 2023-08-17 7
  • 8. Configuration target : Pod/group you connect to. env : Merge pod's and local's environment. networking.mode : steal : Capture incoming mirror : Sniff & forward a copy fs.mode : localwithoverrides : Read Kubelet- generated files. { "kube_context": "my-cluster", "accept_invalid_certificates": false, "target": { "path": "deploy/spring-demo-chart", "namespace": "mirrord-demo" }, "feature": { "network": { "incoming": { "mode": "mirror", "outgoing": true }, "dns": true }, "fs": { "mode": "localwithoverrides" }, "env": true }, "telemetry": false } Konrad F. Heimel, 2023-08-17 8
  • 9. Advantages of mirrord Mirrors traffic ensuring safety. Flexibly manage traffic and file operations. Superior to local clusters: Handles complex environments. No installation of infrastructure on cluster required. No cluster deployments: Stable code remains. Connects specific services to the cloud. Konrad F. Heimel, 2023-08-17 9
  • 10. mirrord vs. Telepresence Process-level operation (no daemons). Run multiple services concurrently. No cluster installation needed. Duplicates traffic by default. IDE extensions available! vs Konrad F. Heimel, 2023-08-17 10
  • 11. Collection of eBPF-based tools for Kubernetes apps. Collects low-level kernel data. Enriches with Kubernetes metadata. Mechanism to deploy eBPF tools to Kubernetes clusters. CLI tool ig for tracing containers. Prometheus metrics endpoint. Konrad F. Heimel, 2023-08-17 11
  • 12. Linux kernel technology. Restricted C subset programs. Compiled to special bytecode. Validated before kernel execution. from __future__ import print_function from bcc import BPF from bcc.utils import printb # load BPF program b = BPF(text=""" TRACEPOINT_PROBE(random, urandom_read) { // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format bpf_trace_printk("%dn", args->got_bits); return 0; } """) # header print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) # format output while 1: try: (task, pid, cpu, flags, ts, msg) = b.trace_fields() except ValueError: continue except KeyboardInterrupt: exit() printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) Konrad F. Heimel, 2023-08-17 12
  • 14. Inspektor Gadget Overview Provides a trace Custom Resource Definition (CRD) for control. Interaction through kubectl gadget CLI. Gadget pod has a Kubernetes controller to perform CR actions. eBPF program installation via tracers from trace CRD. eBPF: Inbuilt kernel VM allowing userspace scripts in kernel space. Konrad F. Heimel, 2023-08-17 14
  • 15. 🎥Live Demo Konrad F. Heimel, 2023-08-17 15
  • 16. The Gadgets Konrad F. Heimel, 2023-08-17 16
  • 17. Installing Inspector Gadget Install Inspector Gadget using Krew kubectl plugin manager: $ kubectl krew install gadget Deploy Inspector Gadget on Kubernetes: $ kubectl gadget deploy Creating Namespace/gadget... ... Creating DaemonSet/gadget... ... Inspektor Gadget successfully deployed Konrad F. Heimel, 2023-08-17 17
  • 18. Further Resources mirrord inspector gadget eBPF Basics Related Tools Krew kubectl Plugin Manager BPF Compiler Collection (BCC) Konrad F. Heimel, 2023-08-17 18