Kubernetes has become the de facto cloud operating system, making it a rich target for both passive and direct attackers. In fact, the largest concern most organizations have with Kubernetes is securing their production environments. But Kubernetes doesn't include observability or a default security configuration to discern if your pods or clusters have been attacked or compromised. With this report, authors Jed Salazar and Natalia Reka Ivanko help you discover how secure your Kubernetes environment actually is. Using the new eBPF security observability paradigm, security and DevOps teams, SREs, cloud engineers, and solution architects will gain real-time visibility into Kubernetes security. You'll learn how eBPF provides historical and current metrics to help you track improvements and degradations over time.

Build your expertise in the BPF virtual machine in the Linux kernel with this practical guide for systems engineers. You’ll not only dive into the BPF program lifecycle but also learn to write applications that observe and modify the kernel’s behavior; inject code to monitor, trace, and securely observe events in the kernel; and more. Authors David Calavera and Lorenzo Fontana help you harness the power of BPF to make any computing system more observable. Familiarize yourself with the essential concepts you’ll use on a day-to-day basis and augment your knowledge about performance optimization, networking, and security. Then see how it all comes together with code examples in C, Go, and Python. Write applications that use BPF to observe and modify the Linux kernel’s behavior on demand Inject code to monitor, trace, and observe events in the kernel in a secure way—no need to recompile the kernel or reboot the system Explore code examples in C, Go, and Python Gain a more thorough understanding of the BPF program lifecycle

Use BPF Tools to Optimize Performance, Fix Problems, and See Inside Running Systems BPF-based performance tools give you unprecedented visibility into systems and applications, so you can optimize performance, troubleshoot code, strengthen security, and reduce costs. BPF Performance Tools: Linux System and Application Observability is the definitive guide to using these tools for observability. Pioneering BPF expert Brendan Gregg presents more than 150 ready-to-run analysis and debugging tools, expert guidance on applying them, and step-by-step tutorials on developing your own. You’ll learn how to analyze CPUs, memory, disks, file systems, networking, languages, applications, containers, hypervisors, security, and the kernel. Gregg guides you from basic to advanced tools, helping you generate deeper, more useful technical insights for improving virtually any Linux system or application. • Learn essential tracing concepts and both core BPF front-ends: BCC and bpftrace • Master 150+ powerful BPF tools, including dozens created just for this book, and available for download • Discover practical strategies, tips, and tricks for more effective analysis • Analyze compiled, JIT-compiled, and interpreted code in multiple languages: C, Java, bash shell, and more • Generate metrics, stack traces, and custom latency histograms • Use complementary tools when they offer quick, easy wins • Explore advanced tools built on BPF: PCP and Grafana for remote monitoring, eBPF Exporter, and kubectl-trace for tracing Kubernetes • Foreword by Alexei Starovoitov, creator of the new BPF BPF Performance Tools will be an indispensable resource for all administrators, developers, support staff, and other IT professionals working with any recent Linux distribution in any enterprise or cloud environment.

What is eBPF? With this revolutionary technology, you can write custom code that dynamically changes the way the kernel behaves. It's an extraordinary platform for building a whole new generation of security, observability, and networking tools. This practical book is ideal for developers, system administrators, operators, and students who are curious about eBPF and want to know how it works. Author Liz Rice, chief open source officer with cloud native networking and security specialists Isovalent, also provides a foundation for those who want to explore writing eBPF programs themselves. With this book, you will: Learn why eBPF has become so important in the past couple of years Write basic eBPF code, and manipulate eBPF programs and attach them to events Explore how eBPF components interact with Linux to dynamically change the operating system's behavior Learn how tools based on eBPF can instrument applications without changes to the apps or their configuration Discover how this technology enables new tools for observability, security, and networking

Securing, observing, and troubleshooting containerized workloads on Kubernetes can be daunting. It requires a range of considerations, from infrastructure choices and cluster configuration to deployment controls and runtime and network security. With this practical book, you'll learn how to adopt a holistic security and observability strategy for building and securing cloud native applications running on Kubernetes. Whether you're already working on cloud native applications or are in the process of migrating to its architecture, this guide introduces key security and observability concepts and best practices to help you unleash the power of cloud native applications. Authors Brendan Creane and Amit Gupta from Tigera take you through the full breadth of new cloud native approaches for establishing security and observability for applications running on Kubernetes. Learn why you need a security and observability strategy for cloud native applications and determine your scope of coverage Understand key concepts behind the book's security and observability approach Explore the technology choices available to support this strategy Discover how to share security responsibilities across multiple teams or roles Learn how to architect Kubernetes security and observability for multicloud and hybrid environments

Systems Performance, Second Edition, covers concepts, strategy, tools, and tuning for operating systems and applications, using Linux-based operating systems as the primary example. A deep understanding of these tools and techniques is critical for developers today. Implementing the strategies described in this thoroughly revised and updated edition can lead to a better end-user experience and lower costs, especially for cloud computing environments that charge by the OS instance. Systems performance expert and best-selling author Brendan Gregg summarizes relevant operating system, hardware, and application theory to quickly get professionals up to speed even if they have never analyzed performance before. Gregg then provides in-depth explanations of the latest tools and techniques, including extended BPF, and shows how to get the most out of cloud, web, and large-scale enterprise systems. Key topics covered include Hardware, kernel, and application internals, and how they perform Methodologies for rapid performance analysis of complex systems Optimizing CPU, memory, file system, disk, and networking usage Sophisticated profiling and tracing with perf, Ftrace, and BPF (BCC and bpftrace) Performance challenges associated with cloud computing hypervisors Benchmarking more effectively Featuring up-to-date coverage of Linux operating systems and environments, Systems Performance, Second Edition, also addresses issues that apply to any computer system. The book will be a go-to reference for many years to come and, like the first edition, required reading at leading tech companies. Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions. Author Liz Rice, Chief Open Source Officer at Isovalent, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started. Explore attack vectors that affect container deployments Dive into the Linux constructs that underpin containers Examine measures for hardening containers Understand how misconfigurations can compromise container isolation Learn best practices for building container images Identify container images that have known software vulnerabilities Leverage secure connections between containers Use security tooling to prevent attacks on your deployment