Drawing Lines in the Sand - Running Unprivileged eBPF in Kubernetes
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the intricacies of running unprivileged eBPF in Kubernetes in this 25-minute conference talk by Nikola Grcevski from Grafana Labs. Delve into the powerful capabilities of eBPF for gaining insights on connectivity, networking, security, and performance with minimal code. Examine the challenges of elevated permissions required for eBPF probes and learn strategies to avoid using 'privileged:true' in Kubernetes securityContext. Investigate the relationship between Linux security capabilities and eBPF capabilities, understanding when CAP_SYS_ADMIN is insufficient and how to circumvent it. Gain detailed knowledge about the specific capabilities required for common eBPF features and discover scenarios where CAP_BPF is adequate. Uncover the additional privileges needed for various types of instrumentation to avoid relying on CAP_SYS_ADMIN.
Syllabus
Drawing Lines in the Sand, or Running Unprivileged eBPF in Kubernetes - Nikola Grcevski
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Fundamentals of Containers, Kubernetes, and Red Hat OpenShiftRed Hat via edX Configuration Management for Containerized Delivery
Microsoft via edX Getting Started with Google Kubernetes Engine - Español
Google Cloud via Coursera Getting Started with Google Kubernetes Engine - 日本語版
Google Cloud via Coursera Architecting with Google Kubernetes Engine: Foundations en Español
Google Cloud via Coursera