Coralogix Releases eBPF Observability for K8s Workloads

There are several big barriers to an effective tracing strategy. Modern applications require complex code instrumentation, and legacy applications might not be so easy to alter, and that’s assuming every engineering team can be engaged to make the necessary changes. eBPF & OpenTelemetry flip this entire problem on its head, and Coralogix is one of the first major observability platforms to leverage this exciting functionality, to provide an unobtrusive, low risk overview of your system. 

What is eBPF?

eBPF (Extended Berkley Packet Filter) is a feature of the Linux kernel that allows for event driven, sandboxed programs to run as if they were compiled parts of the operating system. They can run safely, with no risk to the operating system, making it possible for tools to tap into the global visibility that the Kernel has over the interactions that occur within the OS. 

Coralogix has now released eBPF instrumentation with our very own eBPF agent. The Coralogix eBPF agent captures all transactions, be they API calls, SQL queries or service to service invocations, before enriching them with Kubernetes specific fields and pushing them to an OpenTelemetry collector. This creates a whole new route to APM coverage in the Coralogix platform, providing deep insights into the efficiency and reliability of the services that make up an organization’s infrastructure. 

What makes eBPF driven Observability so special with Coralogix?

eBPF makes it possible to build observability by design. Rather than enforcing coding conventions within workloads, platform engineers and SREs can include the Coralogix eBPF agent into their Kubernetes clusters, using the DaemonSet workload type, meaning that each time a new node is created, every application running on that server is automatically monitored, with no need for instrumentation. 

Insane Time-To-Value

While traditional instrumentation in the Coralogix platform is a smooth process, it still requires manual interaction with the workload’s codebase or dependencies. The Coralogix eBPF agent eliminates this step, making it possible to rapidly instrument your entire architecture and enjoy value from the Coralogix platform, leveraging the Service Catalog, Database Catalog, SLO definitions and more. 

Elimination of Blindspots

Blindspots create uncertainty in distributed systems. This cuts off an entire domain of insights from a given set of applications, which makes it much more difficult to understand the role they play in the wider architecture, or the impact of an outage in which those services are involved. 

By deploying the Coralogix eBPF agent as a DaemonSet, customers no longer have to consistently ensure that code is being appropriately instrumented. Instead, as soon as applications begin transacting on a node in their Kubernetes cluster, the data passes through the eBPF layer and is captured by the Coralogix collector.

While some platforms suffer from the sudden increase in the volume of data being produced, the Coralogix Streama architecture compliments this perfectly, allowing customers to define the value of every gigabyte, and leverage the decision making power of the TCO Optimizer, to ensure that the ROI for your eBPF based data is just as clear as the rest of your telemetry. 

Open Black-Box Applications

Closed-source and 3rd party applications do not lend themselves well to traditional instrumentation, because they do not allow users to add the relevant SDKs or make the necessary changes to the underlying application. eBPF does not depend on interaction with the application later, leveraging the visibility of the kernel to access the stream of information running through the operating system. This allows users to open their black-box applications and deeply understand how they are interacting with other parts of the system.

Near-Complete Feature Parity

Despite the ease of deployment for eBPF traces & metrics, the vast majority of features are still available, with full access to the Coralogix Service & Database Catalogs, Alerting, SLO definitions and much more. eBPF passively tracks ongoing activity at the kernel level, minimising the application level impact. 

In the future, we plan to expand our eBPF solution to include context propagation, but we intend to do this cautiously, as this means that eBPF is taking a more active role in the activity that it is monitoring. 

How do I get started?

Installation is a very simple process, which can be completed in a single Kubernetes command. Any user of the Coralogix platform is welcome to use the open Beta of our new eBPF agent, and can begin right away, by following the documentation on our site. 

The eBPF agent from Coralogix is part of our mission to extend our platform to match the needs of even the largest customers, providing incredible ROI, unmatched performance, world-class coverage and a smooth user experience.