Inspektor Gadget is a collection of tools (or gadgets) to debug and inspect Kubernetes applications. While it was originally designed for Lokomotive, Kinvolk's open-source Kubernetes distribution, it works just as well on other Kubernetes distributions.
Install Inspektor Gadget (client-side):
Use krew plugin manager to install:
kubectl krew install gadget
kubectl gadget --help
Install Inspektor Gadget on Kubernetes:
$ kubectl gadget deploy | kubectl apply -f -
Read the detailed install instructions to find more information.
kubectl gadget --help will provide you the list of supported commands and their
flags.
$ kubectl gadget --help
Usage:
kubectl gadget [command]
Available Commands:
bindsnoop Trace IPv4 and IPv6 bind() system calls
capabilities Trace capabilities security checks triggered by applications
completion generate the autocompletion script for the specified shell
deploy Deploy Inspektor Gadget on the worker nodes
dns Trace DNS requests
execsnoop Trace new processes
help Help about any command
network-policy Generate network policies based on recorded network activity
opensnoop Trace open() system calls
process-collector Gather information about running processes
profile Profile CPU usage by sampling stack traces
socket-collector Gather information about network sockets
tcpconnect Trace TCP connect() system calls
tcptop Show the TCP traffic in a pod
tcptracer Trace tcp connect, accept and close
traceloop Get strace-like logs of a pod from the past
version Show version
...
Specific documentation for the gadgets can be found in the following links:
Inspektor Gadget is deployed to each node as a privileged DaemonSet. It uses in-kernel BPF helper programs to monitor events mainly related to syscalls from userspace programs in a pod. The BPF programs are run by the kernel and gather the log data. Inspektor Gadget's userspace utilities fetch the log data from ring buffers and display it. What BPF programs are and how Inspektor Gadget uses them is briefly explained here:
You can read further details about the architecture here.
Contributions are welcome, see CONTRIBUTING.
Join the discussions on the #inspektor-gadget channel in the Kubernetes Slack.
- Inspektor Gadget and traceloop, FOSDEM 2020 - Brussels
- Traceloop for systemd and Kubernetes + Inspektor Gadget, All Systems Go 2019 - Berlin
- Using Inspektor Gadget with OpenShift, Openshift Commons 2020
- Using Inspektor Gadget and kubectl-trace, Open Source Summit EU 2020 (live version of the Cloud Native BPF workshop)
- Inspektor Gadget, introduction and demos, eCHO Livestream - September 2021
- BPF Compiler Collection (BCC): some of the gadgets are based on BCC tools.
- traceloop: the traceloop gadget uses the traceloop tool, which can be used independently of Kubernetes.
- gobpf: the traceloop gadget heavily uses gobpf.
- kubectl-trace: the Inspektor Gadget architecture was inspired from kubectl-trace.
- cilium/ebpf: the gadget tracer manager and some other gadgets use the cilium/ebpf library.
The Inspektor Gadget user space components are licensed under the Apache License, Version 2.0. The BPF code templates are licensed under the General Public License, Version 2.0, with the Linux-syscall-note.