hashnao/inspektor-gadget

Collection of gadgets for debugging and introspecting Kubernetes applications using BPF

Inspektor Gadget

Inspektor Gadget is a collection of tools (or gadgets) for developers of Kubernetes applications. While it is primarily designed for Lokomotive, Kinvolk's open-source Kubernetes distribution, it can be used on other Kubernetes distributions.

Installation

Install Inspektor Gadget (client-side):

Use krew plugin manager to install:

kubectl krew install gadget
kubectl gadget --help

Install Inspektor Gadget on Kubernetes:

$ kubectl gadget deploy | kubectl apply -f -

Read the detailed install instructions to find more information.

How to use

$ kubectl gadget
Collection of gadgets for Kubernetes developers

Usage:
  kubectl gadget [command]

Available Commands:
  bindsnoop      Trace IPv4 and IPv6 bind() system calls
  capabilities   Suggest Security Capabilities for securityContext
  deploy         Deploy Inspektor Gadget on the worker nodes
  execsnoop      Trace new processes
  help           Help about any command
  network-policy Generate network policies based on recorded network activity
  opensnoop      Trace files
  profile        Profile CPU usage by sampling stack traces
  tcpconnect     Suggest Kubernetes Network Policies
  tcptop         Show the TCP traffic in a pod
  tcptracer      Trace tcp connect, accept and close
  traceloop      Get strace-like logs of a pod from the past
  version        Show version

Flags:
  -h, --help                help for kubectl gadget
      --kubeconfig string   Path to kubeconfig file (default "/home/alban/.kube/config")

Use "kubectl gadget [command] --help" for more information about a command.

• Demo: the "bindsnoop" gadget
• Demo: the "execsnoop" gadget – watch it as GIF
• Demo: the "opensnoop" gadget – watch it as GIF
• Demo: the "traceloop" gadget – watch it as GIF
• Demo: the "capabilities" gadget – watch is as GIF
• Demo: the "tcptop" gadget – watch it as GIF
• Demo: the "tcpconnect" gadget — watch it as GIF
• Demo: the "network-policy" gadget
• Demo: the "profile" gadget

As preview for the above demos, here is the opensnoop demo:

How does it work?

Inspektor Gadget is deployed to each node as a privileged DaemonSet. It uses in-kernel BPF helper programs to monitor events mainly related to syscalls from userspace programs in a pod. The BPF programs are run by the kernel and gather the log data. Inspektor Gadget's userspace utilities fetch the log data from ring buffers and display it. What BPF programs are and how Inspektor Gadget uses them is briefly explained here:

Read more about the architecture

Contributing

Contributions are welcome, see CONTRIBUTING.

Discussions

Join the discussions on the #inspektor-gadget channel in the Kubernetes Slack.

Talks

• Inspektor Gadget and traceloop, FOSDEM 2020 - Brussels
• Traceloop for systemd and Kubernetes + Inspektor Gadget, All Systems Go 2019 - Berlin

Thanks

• BPF Compiler Collection (BCC): some of the gadgets are based on BCC tools.
• traceloop: the traceloop gadget uses the traceloop tool, which can be used independenly of Kubernetes.
• gobpf: the traceloop gadget heavily uses gobpf.
• kubectl-trace: the Inspektor Gadget architecture was inspired from kubectl-trace.