opentelemetry-amplified-full-observability-with-ebpf-enabled-distributed-tracing-opentelemetrydaepzhi-ebpfzhi-zha-bin-heng-jiong-xiao-zha-qi-kai-liu-alibaba-cloud-wanqi-yang-sun-yat.pdf

1、1OpenTelemetry Amplified:Full Observability with EBPF-Enabled Distributed TracingKai Liu1,Wanqi Yang21Alibaba Cloud,2Sun Yat-sen University2Agenda31.Observability in Kubernetes2.End-to-End Request Tracing3.Fine-grained Traces4.Limitations&Future WorksObservability in Kubernetes4Application Observabi

2、lityWhats the performance of my service?Which middleware or services your application depends on?What are the dependencies between the various services?Network ObservabilityIs network communication being blocked?Is there any problems in the container network?Security ObservabilityWhat resources has

3、my service operated on?What IP addresses has my service requested?What is Opentelemetry?5From Opentelemetry.ioGeneration DataTracesMetricsLogsCollection DataConvertAggregateManagement dataGrafanaPrometheusJaeger An Observability framework and toolkitChallenges in Opentelemetry6Observability with Ope

4、ntelemetry is ChallengingObservability Blind SpotsInstrumentationLibrariesApplicationsJavaOperating SystemGoPythonHTTPSSLgRPCApplicationsTrace ProviderMeter ProviderSpan ContextSpanExporterInstrumentorProcessorMetricReaderSamplerMeterAgenda71.Observability in Kubernetes2.End-to-End Request Tracing3.

5、Fine-grained Traces4.Limitations&Future WorksWhat is eBPF?eBPF(extend Berkeley Packet Filter)enables user-defined programs to execute in Linux kernelevent-triggered programs attached to specific hooksnetwork events,file system operationsprogram types:kprobe,uprobe,kretprobeeBPF Maps enable inter-pro

6、cess communication8in-kernel processing,decoupled from user applicationsno instrumentation into user applicationscompared with Linux kernel module(LKM)high security:security verificationpre-defined hooks and program types9Avantages of eBPFLKMeBPFExecution environmentLinuxeBPF VMDegree of securityLow