Overview
eBPF Analytics provides real-time visibility into Kubernetes network activity without modifying application code or kernel modules. This feature enables you to:
- Monitor pod, node, and service communication
- Analyze network traffic (packets, bytes, latency)
- Track ingress and egress traffic flows
- Identify packet drops and TCP retransmissions
- Visualize the Kubernetes network topology
- Gain actionable insights into cluster connectivity and performance
How eBPF Enhances Network Visibility
| Existing Kubernetes 2.0 | With eBPF Network Observability |
|---|---|
| Monitors clusters, nodes, pods, and workloads | Tracks individual pod’s network usage and performance |
| Collects metrics, logs, traces, and events | Provides data on throughput, latency, drops, and retransmissions |
| Basic visibility | Deep, kernel-level network insights |
Architecture and Integration
Design
- eBPF worker runs as a DaemonSet, deploying one pod on each node.
- Collects raw kernel-level network data and enriches it with:
- Pod name, namespace, node
- Application service (Deployment, DaemonSet, ReplicaSet, StatefulSet)
- FQDN and traffic type (internal/external)
- Sends enriched telemetry to the OpsRamp cloud.
- Fully packaged with the Kubernetes 2.0 Helm charts.
Proxy Support
- Detects configured proxies automatically.
- Routes all eBPF telemetry through the proxy when present.
Configuration Options
- Monitoring is disabled by default.
- Users can enable eBPF monitoring for specific namespaces, nodes, or pods using a Custom Resource (CR).
- Future enhancements:
- Per-pod selection using names, labels, or annotations
- Configuration from the OpsRamp UI
Next Topics
- Prerequisites
- Enabling and Configuring eBPF Analytics
- Accessing eBPF Analytics Dashboards