search

kubeshark / tracer

The kernel tracer that attaches eBPF probes to containers for capturing TLS traffic
GNU General Public License v3.0
20 stars 6 forks source link

Extend eBPF packet capture code to support Cg V1 in addition to V2 #108

Open iluxa opened 3 weeks ago

iluxa commented 3 weeks ago

In case of Linux kernel running supports Cgroup V2 (since version 4.5), but cluster works in Cgroup V1 it is possible to maintain custom Cgroup V2 hierarchy

unified Cgroup V2 hierarchy is enough to target all pods, however for pod targeting custom Cgroup V2 hierarchy should be applied.

Implementation proposal:

cgroup_skb/* programs can be always attached to the same created on tracer start Cgroup V2 hierarchy.

In case of cluster event (pod targeting is changed or pod created/deleted) custom Cgroup V2 cgroup.procs should be modified to reflect current pod targeting.

alongir commented 1 week ago

Update, Nov 7 Stuck on some issues, however still optimistic. A PR is expected in a few days