All content for Platform Engineering Playbook Podcast is the property of vibesre and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
eBPF in Kubernetes: Kernel-Level Superpowers Without the Risk
Platform Engineering Playbook Podcast
31 minutes
1 week ago
eBPF in Kubernetes: Kernel-Level Superpowers Without the Risk
• eBPF enables safe kernel-level visibility with <5% overhead—no restarts, no kernel modules—through verifier-checked programs attached to thousands of kernel hooks (syscalls, network events, scheduler)
• Cilium processes 10M packets/sec vs iptables 1-2M packets/sec by replacing linear rule evaluation with eBPF hash table lookups and XDP programs at network driver level
• Pixie auto-instruments HTTP, gRPC, DNS, and database protocols by hooking syscalls in kernel space—sees application traffic without code changes or language agents
• Falco detects runtime threats (spawned shells, file access anomalies) through kernel-level syscall monitoring that catches attacks traditional application tools miss
• Start with low-risk tools (Parca for profiling, Falco for security alerts), verify Linux 5.0+ kernel version, avoid CNI replacement until you have specific network performance needs
