|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Cilium||17,166||23||an hour ago||780||November 13, 2023||1,098||apache-2.0||Go|
|eBPF-based Networking, Security, and Observability|
|Falco||6,496||19 hours ago||4||March 01, 2019||102||apache-2.0||C++|
|Cloud Native Runtime Security|
|Ntopng||5,636||2 hours ago||13||February 13, 2023||281||gpl-3.0||Lua|
|Web-based Traffic and Security Network Traffic Monitoring|
|Pixie||5,000||1||12 hours ago||15||September 29, 2022||246||apache-2.0||C++|
|Instant Kubernetes-Native Application Observability|
|Parca||3,512||8||2 hours ago||61||October 20, 2023||178||apache-2.0||TypeScript|
|Continuous profiling for analysis of CPU and memory usage, down to the line number and throughout time. Saving infrastructure cost, improving performance, and increasing reliability.|
|Hubble||2,972||6||6 hours ago||52||October 12, 2023||35||apache-2.0||Go|
|Hubble - Network, Service & Security Observability for Kubernetes using eBPF|
|Coroot||2,957||10 hours ago||33||November 20, 2023||20||apache-2.0||Go|
|Open-source observability for microservices. Thanks to eBPF you can gain comprehensive insights into your system within minutes.|
|Tetragon||2,935||4 hours ago||21||November 01, 2023||171||apache-2.0||Go|
|eBPF-based Security Observability and Runtime Enforcement|
|Odigos||2,549||1||10 hours ago||1||November 26, 2023||75||apache-2.0||Go|
|Distributed tracing without code changes. 🚀 Instantly monitor any application using OpenTelemetry and eBPF|
|Inspektor Gadget||1,666||3||2 hours ago||44||November 02, 2023||240||apache-2.0||C|
|The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts.|
Inspektor Gadget is a collection of tools (or gadgets) to debug and inspect Kubernetes resources and applications. It manages the packaging, deployment and execution of eBPF programs in a Kubernetes cluster, including many based on BCC tools, as well as some developed specifically for use in Inspektor Gadget. It automatically maps low-level kernel primitives to high-level Kubernetes resources, making it easier and quicker to find the relevant information.
Inspektor Gadget tools are known as gadgets. You can deploy one, two or many gadgets.
Explore the following documentation to find out which tools can help you in your investigations.
Install Inspektor Gadget (client-side):
Use krew plugin manager to install:
$ kubectl krew install gadget
Install Inspektor Gadget on Kubernetes:
$ kubectl gadget deploy
Read the detailed install instructions to find more information.
kubectl gadget --help will provide you the list of supported commands and their flags.
$ kubectl gadget --help Collection of gadgets for Kubernetes developers Usage: kubectl-gadget [command] Available Commands: advise Recommend system configurations based on collected information audit Audit a subsystem completion Generate the autocompletion script for the specified shell deploy Deploy Inspektor Gadget on the cluster help Help about any command profile Profile different subsystems prometheus Expose metrics using prometheus script Run a bpftrace-compatible scripts snapshot Take a snapshot of a subsystem and print it sync Synchronize gadget information with server top Gather, sort and periodically report events according to a given criteria trace Trace and print system events traceloop Get strace-like logs of a container from the past undeploy Undeploy Inspektor Gadget from cluster version Show version ...
You can then get help for each subcommand:
$ kubectl gadget advise --help Recommend system configurations based on collected information Usage: kubectl-gadget advise [command] Available Commands: network-policy Generate network policies based on recorded network activity seccomp-profile Generate seccomp profiles based on recorded syscalls activity ... $ kubectl gadget audit --help Audit a subsystem Usage: kubectl-gadget audit [command] Available Commands: seccomp Audit syscalls according to the seccomp profile ... $ kubectl gadget profile --help Profile different subsystems Usage: kubectl-gadget profile [command] Available Commands: block-io Analyze block I/O performance through a latency distribution cpu Analyze CPU performance by sampling stack traces tcprtt Analyze TCP connections through an Round-Trip Time (RTT) distribution ... $ kubectl gadget snapshot --help Take a snapshot of a subsystem and print it Usage: kubectl-gadget snapshot [command] Available Commands: process Gather information about running processes socket Gather information about TCP and UDP sockets ... $ kubectl gadget top --help Gather, sort and periodically report events according to a given criteria Usage: kubectl-gadget top [command] Available Commands: block-io Periodically report block device I/O activity ebpf Periodically report ebpf runtime stats file Periodically report read/write activity by file tcp Periodically report TCP activity ... $ kubectl gadget trace --help Trace and print system events Usage: kubectl-gadget trace [command] Available Commands: bind Trace socket bindings capabilities Trace security capability checks dns Trace DNS requests exec Trace new processes fsslower Trace open, read, write and fsync operations slower than a threshold mount Trace mount and umount system calls network Trace network streams oomkill Trace when OOM killer is triggered and kills a process open Trace open system calls signal Trace signals received by processes sni Trace Server Name Indication (SNI) from TLS requests tcp Trace TCP connect, accept and close tcpconnect Trace connect system calls tcpdrop Trace TCP kernel-dropped packets/segments tcpretrans Trace TCP retransmissions ...
Inspektor Gadget is deployed to each node as a privileged DaemonSet. It uses in-kernel eBPF helper programs to monitor events mainly related to syscalls from userspace programs in a pod. The eBPF programs are run by the kernel and gather the log data. Inspektor Gadget's userspace utilities fetch the log data from ring buffers and display it. What eBPF programs are and how Inspektor Gadget uses them is briefly explained in the architecture document.
Inspektor Gadget can also be used without Kubernetes to trace containers with
The different gadgets shipped with Inspektor Gadget use a variety of eBPF capabilities. The capabilities available depend on the version and configuration of the kernel running in the node. To be able to run all the gadgets, you'll need to have at least 5.10 with BTF enabled.
See requirements for a detailed list of the requirements per gadget.
There are some examples in this folder showing the usage
of the Golang packages provided by Inspektor Gadget. These examples are
designed for developers that want to use the Golang packages exposed by
Inspektor Gadget directly. End-users do not need this and can use
Contributions are welcome, see CONTRIBUTING.
We hold community meetings every other Thursday at 15:30 UTC, 7:30 PST, 16:30 CET in this link, check the calendar to have the full schedule of next meetings. Please add any topic you want to discuss to our meeting notes document.
Join the discussions on the
#inspektor-gadget channel in the Kubernetes Slack.
The Inspektor Gadget user space components are licensed under the Apache License, Version 2.0. The BPF code templates are licensed under the General Public License, Version 2.0, with the Linux-syscall-note.