Drawing Lines in the Sand - Running Unprivileged eBPF in Kubernetes

Explore the intricacies of running unprivileged eBPF in Kubernetes in this 25-minute conference talk by Nikola Grcevski from Grafana Labs. Delve into the powerful capabilities of eBPF for gaining insights on connectivity, networking, security, and performance with minimal code. Examine the challenges of elevated permissions required for eBPF probes and learn strategies to avoid using 'privileged:true' in Kubernetes securityContext. Investigate the relationship between Linux security capabilities and eBPF capabilities, understanding when CAP_SYS_ADMIN is insufficient and how to circumvent it. Gain detailed knowledge about the specific capabilities required for common eBPF features and discover scenarios where CAP_BPF is adequate. Uncover the additional privileges needed for various types of instrumentation to avoid relying on CAP_SYS_ADMIN.

Drawing Lines in the Sand, or Running Unprivileged eBPF in Kubernetes - Nikola Grcevski