Inspektor Gadget is a collection of tools (or gadgets) for developers of Kubernetes applications. While it is primarily designed for Lokomotive, Kinvolk's open-source Kubernetes distribution, it can be used on other Kubernetes distributions.
$ kubectl gadget
Collection of gadgets for Kubernetes developers
Usage:
kubectl gadget [command]
Available Commands:
bindsnoop Trace IPv4 and IPv6 bind() system calls
capabilities Suggest Security Capabilities for securityContext
deploy Deploy Inspektor Gadget on the worker nodes
execsnoop Trace new processes
help Help about any command
network-policy Generate network policies based on recorded network activity
opensnoop Trace files
profile Profile CPU usage by sampling stack traces
tcpconnect Suggest Kubernetes Network Policies
tcptop Show the TCP traffic in a pod
tcptracer trace tcp connect, accept and close
traceloop Get strace-like logs of a pod from the past
version Show version
Flags:
-h, --help help for kubectl-gadget
--kubeconfig string Path to kubeconfig file (default "/home/alban/.kube/config")
Use "kubectl gadget [command] --help" for more information about a command.
Inspektor Gadget is a kubectl plugin. It can also be invoked with kubectl gadget.
- Demo: the "bindsnoop" gadget
- Demo: the "execsnoop" gadget – watch it as GIF
- Demo: the "opensnoop" gadget – watch it as GIF
- Demo: the "traceloop" gadget – watch it as GIF
- Demo: the "capabilities" gadget – watch is as GIF
- Demo: the "tcptop" gadget – watch it as GIF
- Demo: the "tcpconnect" gadget — watch it as GIF
- Demo: the "network-policy" gadget
- Demo: the "profile" gadget
As preview for the above demos, here is the opensnoop demo:
Inspektor Gadget is deployed to each node as a privileged DaemonSet. It uses in-kernel BPF helper programs to monitor events mainly related to syscalls from userspace programs in a pod. The BPF programs are run by the kernel and gather the log data. Inspektor Gadget's userspace utilities fetch the log data from ring buffers and display it. What BPF programs are and how Inspektor Gadget uses them is briefly explained here:
Read more about the architecture
Install Inspektor Gadget (client-side):
$ wget https://github.com/kinvolk/inspektor-gadget/releases/download/v0.1.0-alpha.5/inspektor-gadget.tar.gz
$ tar xvf inspektor-gadget.tar.gz
$ sudo cp inspektor-gadget/inspektor-gadget /usr/local/bin/kubectl-gadget
$ kubectl gadget version
Install Inspektor Gadget on Kubernetes:
$ kubectl gadget deploy | kubectl apply -f -
Read the detailed install instructions
Contributions are welcome!
If you're looking where to start, you can check the issues with the 'good first issue' label on Inspektor Gadget or traceloop. Don't hesitate to talk with us if you need further help.
Join the discussions on the #inspektor-gadget channel in the Kubernetes Slack.
- BPF Compiler Collection (BCC): the execsnoop, opensnoop, tcptop and tcpconnect gadgets use programs from BCC.
- traceloop: the traceloop gadget uses the traceloop tool, which can be used independenly of Kubernetes.
- gobpf: the traceloop gadget heavily uses gobpf.
- kubectl-trace: the Inspektor Gadget architecture was inspired from kubectl-trace.