Inspektor Gadget is a collection of tools (or gadgets) for developers of Kubernetes applications. While it is primarily designed for Lokomotive, Kinvolk's open-source Kubernetes distribution, it can be used on other Kubernetes distributions.
Install Inspektor Gadget (client-side):
Use krew plugin manager to install:
kubectl krew install gadget
kubectl gadget --help
Install Inspektor Gadget on Kubernetes:
$ kubectl gadget deploy | kubectl apply -f -
Read the detailed install instructions to find more information.
$ kubectl gadget
Collection of gadgets for Kubernetes developers
Usage:
kubectl gadget [command]
Available Commands:
bindsnoop Trace IPv4 and IPv6 bind() system calls
capabilities Suggest Security Capabilities for securityContext
deploy Deploy Inspektor Gadget on the worker nodes
execsnoop Trace new processes
help Help about any command
network-policy Generate network policies based on recorded network activity
opensnoop Trace files
profile Profile CPU usage by sampling stack traces
tcpconnect Suggest Kubernetes Network Policies
tcptop Show the TCP traffic in a pod
tcptracer Trace tcp connect, accept and close
traceloop Get strace-like logs of a pod from the past
version Show version
Flags:
-h, --help help for kubectl gadget
--kubeconfig string Path to kubeconfig file (default "/home/alban/.kube/config")
Use "kubectl gadget [command] --help" for more information about a command.
- Demo: the "bindsnoop" gadget
- Demo: the "execsnoop" gadget – watch it as GIF
- Demo: the "opensnoop" gadget – watch it as GIF
- Demo: the "traceloop" gadget – watch it as GIF
- Demo: the "capabilities" gadget – watch is as GIF
- Demo: the "tcptop" gadget – watch it as GIF
- Demo: the "tcpconnect" gadget — watch it as GIF
- Demo: the "network-policy" gadget
- Demo: the "profile" gadget
As preview for the above demos, here is the opensnoop demo:
Inspektor Gadget is deployed to each node as a privileged DaemonSet. It uses in-kernel BPF helper programs to monitor events mainly related to syscalls from userspace programs in a pod. The BPF programs are run by the kernel and gather the log data. Inspektor Gadget's userspace utilities fetch the log data from ring buffers and display it. What BPF programs are and how Inspektor Gadget uses them is briefly explained here:
Read more about the architecture
Contributions are welcome, see CONTRIBUTING.
Join the discussions on the #inspektor-gadget channel in the Kubernetes Slack.
- Inspektor Gadget and traceloop, FOSDEM 2020 - Brussels
- Traceloop for systemd and Kubernetes + Inspektor Gadget, All Systems Go 2019 - Berlin
- BPF Compiler Collection (BCC): some of the gadgets are based on BCC tools.
- traceloop: the traceloop gadget uses the traceloop tool, which can be used independenly of Kubernetes.
- gobpf: the traceloop gadget heavily uses gobpf.
- kubectl-trace: the Inspektor Gadget architecture was inspired from kubectl-trace.