eBPF

eBPF is an emerging Linux kernel technology that allows for user-supplied programs to run inside of the kernel. This enables a bunch of interesting usecases, particularly efficient CPU profiling of the whole Linux system.

Supported platforms#

Spy NameTypeLinuxmacOSWindowsDocker
ebpfspyembedded

Prerequisites#

For this to work you'll need

  • a Linux machine with the kernel version >= 4.9.
  • BCC tools installed on the system you want to profile. Visit BCC documentation to find the best way of installing it on your system. There are prebuilt binaries available for most flavors of Linux.
  • pyroscope server and agent. Visit our Getting Started guide to learn about that.

Running eBPF profiler#

Step 1. Install pyroscope server#

This will provision a pyroscope server in your cluster in pyroscope namespace.

kubectl apply -f https://pyroscope.io/k8s/pyroscope-server.yaml

Step 2. Install pyroscope agent#

This will install pyroscope eBPF agent on all of your nodes and start profiling applications across your cluster:

kubectl apply -f https://pyroscope.io/k8s/pyroscope-agent.yaml

Future of our eBPF integration#

One thing we're excited about at Pyroscope is eBPF portability efforts, particularly introduction of BTF (BPF Type Format) technology. You can read more about that here. When kernels with BTF support become more mainstream we're gonna embed libbpf directly into our go binary.