What is eBPF?
A technology recently added to the Linux kernel (fully available since Linux 4.4)
It is a Highly efficient sandboxed VM in the Linux kernel, making the Linux kernel programmable at native execution speed.
It helps you extend Kernel capabilities without actually changing the kernel source code.
For example, where there is a read system call event, you can run a BPF program.
Following are the primary use cases for eBPF.
Security
Networking Tracing
Profiling
Observability
Monitoring
Companies like Google, Facebook, and Netflix have already implemented eBPF for various use cases for their production system.
When it comes to Kubernetes, the open source Network plugin Cilium uses BPF for Kubernetes networking.
Also, Linux kernel development community announced bpfilter, that will replac in-kernel iptables implementation with high-performance Linux-based BPF network filtering.
BPF Learning resources:
[1]. Getting Started With eBPF
[2]. How to Make Linux Microservice-Aware with Cilium and eBPF — [[Video]
[5]. How companies like Facebook and Google use BPF to patch 0-day exploits
[6] Cloudflare Production ready eBPF
[7]. Replacing iptables with eBPF in Kubernetes with Cilium
[8]. Cilium Kubernetes Network Plugin