►
From YouTube: Porting eBPF applications to BumbleBee
Description
In this livestream, Krisztian will join Lin to discuss why you may want to port your eBPF applications to BumbleBee and how you can take a BPF CO-RE libbpf script, and porting it to Bumblebee to solve the user-space, distribution, and integration challenges.
#ebpf #bumblebee #observability
00:06 welcome + speakers intro
1:14 hoot updates, service mesh, Cilium, eBPF news
4:25 general discussion around BumbleBee, what is NEW and its roadmap
11:15 oomkills and experience of porting oomkills to bumblebee
18:10 cloud flare exporter vs bumblebee
20:05 live DEMO from Krisztian about porting oomkill and run it on bumblebee
42:30 live DEMO from prometheus about oomkill events
51:15 wrap up
A
A
I
believe
it's
out
of
memory
related
application
to
bumblebee,
so
I
am
so
excited
to
have
him
back
to
our
hood,
live
stream
to
discuss
evpf
and
bumblebee
with
him
today.
Yeah
christian
welcome
back.
Can
you
introduce
yourself
quickly
to
the
audience
for
any
folks
who
are
new
here.
B
Yes,
hello,
everyone-
I
was
here
a
few
sessions
ago,
employee
and
I'm
here
as
a
solo
employee,
it's
great
to
be
back
and
yes
thank
you
for
joining.
We
will
take
a
look
at
my
experience
on
porting
lee
bpf
application
to
to
bumblebee.
A
Awesome
very
nice
to
have
you
and
even
nice
this
time
that
you
work
for
solo.
Last
time
you
were
back,
you
were
on
the
hoot.
Actually,
it's
the
very
first
food
that
I
run.
I
host
is
episode.
20
one
click
istio
install
using
help,
and
I
believe
you
joined
solo
somewhere
in
april,
so
we're
so
excited
to
have
you
back
on
the
first
before
we
get
to
the
episode.
Let's
talk
about
news
quickly,
so
the
first
thing
I
want
to
share
last
a
week
the
hood
episode
28.
A
The
steps
are
published
now.
So,
if
you
are
interested
in
the
25
plus
minutes
demo,
that
facili-
and
I
shared
please
check
out
our
steps
here-
about
workflow
selector,
credential
name
in
destination-
rule
auto
sni,
telemetry,
minimum
tls
telemetry
new
additions
to
the
telemetry
api
so
definitely
check
that
out
and
follow
along.
A
The
next
news
I
want
to
share
is,
if
I
can
get,
the
the
thing
out
is
sd
time
release
their
100
best
in
show
in
software
development
and
solo.
The
io
made
to
the
list
of
the
category
of
api
and
integration
for
2022
so
very
exciting,
along
with
many
other
companies
like
typical
kong,
you
know
very
exciting
to
be
on
the
list.
A
Willie
morgan
has
published
a
very
interesting
article
about
his
thoughts
on
ebpf
psycho
and
the
future
of
service
mesh.
If
you
haven't
checked
it
out,
I
definitely
encourage
you
to
check
out
I'm
actually
a
big
fan
of
william
when
he
writes
a
technical
sub
leadership
blocks,
because
he
has
that
skill
of
explaining
things
really
really
understandable
for
folks
reading
his
mutual
ties.
Kubernetes
guide,
you
know
it's
just
a
great
blog,
so
it's
really
cool
that
in
this
blog
he
talked
about
ebpf.
A
You
know
how
you
should
understand
the
ebpf
and
think
about
in
the
context
of
multi-tenancy.
You
know
how
that's
becoming
a
part
of
the
problem
for
evpf.
What
are
the
areas
ebpf
is
limited
and
how
ebpf
will
intersect
with
service
mesh?
So
please
check
it
out.
I
think
it's
a
really
good
blog
with
that.
Let's
get
to
the
episodes
of
today,
protein
ebpf
applications
to
bumblebee
so
christian
for
folks
who
are
not
familiar
with
bumblebee.
B
Yes,
basically
bumblebee
is
it's
a
project
by
so
that
io
it's
it's
a
way
to
distribute
your
ebpf
modules
scripts.
Basically,
you
can
think
of
it
as
a
docker
for
ebpf,
basically,
because
it
solves
the
distributional
challenges
and
also
the
integration
integration
challenges
of
distributing
your
little
ebpf
scripts.
A
Yeah
definitely
I
launched
the
bumblebee
website
on
the
side,
so
people
can
take
a
look
too
so
bumblebee
really
focus
on.
You
know,
building,
publish
and
wrong
experience
to
help
you
get
started
with
ebpf.
In
fact,
it's
one
way
for
me
personally
to
learn
evpf
as
well,
so
you
know
we're
very
excited
about
bumblebee.
A
That's
very
cool!
Let's
move
into
my
next
question
for
you,
what
is
new
about
bumblebee?
I
noticed
you've
been
working
on
bumblebee
for
the
past.
Maybe
two
two
months.
B
Yes,
I
I
had
some
time
and
I
checked
out
the
repo
which
is
available
on
github,
and
I
wanted
to
get
familiar
with
the
inner
workings
of
bumblebee,
what
what
issues
it
solves
and
how
you
can
easily
contribute
to
it,
and
I
found
that
one
of
the
easiest
angle
to
to
address
this
question
is
to
port
some
actual
examples
to
bumblebee.
B
If,
if
a
project
has
many
examples,
people
are
people
can
start
exploring
these
in
their
own
environment
and
and
play
play
with
these
clips.
So
I
take
a
look
at
the
extra
slips
that
was
already
there
and
started
my
ebpf
journey
with
bumblebee
as
well
and
ported.
I
think
two
scripts
to
the
repository,
which
was
a
great
way
to
wait
for
me
to
get
get
familiar
with
the
core
concepts
of
ebpf.
A
A
You
know
without
following
any
instructions
out
there
just
kind
of
figure
out
how
to
do
it
yourself.
It's
the
easiest
way
to
learn.
So
can
you
talk
about
what's
on
the
roadmap
of
bumblebee.
B
Yes,
do.
B
Yes,
we
can,
we
can
also
pull
up
the
page,
I
don't
have
it
open
yet,
but
I
think
I
can
get
it
up.
B
Basically,
a
great
area
for
for
any
ebp
application
is
to
get
proper
integration
with
existing
systems.
B
This
can
be.
This
can
cover
distribution,
and
this
can
cover
integration
with
other
parts
of
the
infrastructure
as
well.
We
can
think
about
observability,
for
example,
because
there
are
some
interesting
challenges
that
that
can
be
solved
with
ebpf.
Some
of
this
cannot
really
be
solved
otherwise
or
or
cannot
really
be
solved.
The
way
that's
efficient,
so
integration
with
these
applications
and
technologies,
I
think,
is
pretty
important.
B
Bumblebee
can
integrate
with
prometheus,
for
example.
Currently
bumblebee
only
supports
the
gauge
and
the
counter
matrix
type,
but,
for
example,
on
the
roadmap.
We
have
the
support
for
the
histogram
type,
which
would
be
a
great
addition,
because
there
are
some
already
proven
applications,
abpf
applications
that
are
relying
on
the
data
by
data
metric
type,
and
once
we
have
it,
we
are
ready
to
visualize
all
these
new
kind
of
observability
challenges
with
the
help
of
bumblebee.
B
And
apart
from
this,
we
also
have
multiple
other
items.
For
example,
we
are
working
on
adding
new
languages,
for
example,
rust
and
go
and
there's
another
request
from
the
community,
for
example,
to
have
support
for
user
space
probes
as
well.
That's
that's
an
issue.
That's
that's!
A
frequent
ask
for
many
applications
working
in
the
ebbs
space.
Currently
then
there's
the
usual
multi-urge
beards
and
some
quality
of
life
improvements
on
the
b
cli.
We
will
explore
the
cli
at
the
demo
in
this
session
on
this
session.
A
Yeah,
that's
great
one
thing
I
would
add,
on
top
of
what
christian
said
is.
Certainly
the
project
is
very
new
and
you
know
it's
pretty
dynamic
right
based
on
feedback.
A
For
example,
a
few
a
couple
of
us
were
traveling
to
venezia
for
evpf
day
as
part
of
kubecon
europe,
and
I
I
was
presenting
about
evpf
and
bumblebee
to
ebpf
day
one
of
the
user
in
the
audience
the
attendee
in
the
audience
asked.
Do
we
support
cosign
to
bumblebee
right
for
bumblebee
images
and
etan,
who
is
the
maintainer
on
the
bumblebee
actually
just
implemented
added
that
feature
to
the
bumblebee
and
even
provided
with
me
on
how
to
use
that
right.
So
our
roadmap
is
depends
on
you
to
help
us
shaping
it
too.
A
B
A
B
The
tool
itself
is
about
catching
wound
kills.
You
are
most
probably
familiar
with
with
the
unkiller
in
in
linux
system
and
even
in
kubernetes,
and
if
you
are
trying,
if
you
have
experience
trying
to
catch
these
room
kills
for
your
applications,
memory
leaks
in
production
systems.
It
might
not
be
that
easy.
For
example,
from
my
time
as
an
sre
devops
engineer,
I
was
having
a
harsh
time
height.
B
Sorry,
I
was
having
a
hard
time
catching
all
these
events
and
getting
to
the
bottom
of
the
actual
root
cause.
So
I
take
a
look
at
the
existing
ebpf
examples.
I
saw
there's
oompkir
example
there,
so
I
choose
to
work
on
that.
A
A
B
As
I
mentioned,
I
used
a
script
that
was,
that
was
already
written,
handy
and
it's
available
in
an
upstream
github
repo.
But
if
you
want
to
take
that
script
into
production,
you
will
have
to
work
around
many
rough
edges.
You
have
to
distribute
that
image.
You
have
to
it's.
It's
it's
not
real
to
get
this
into
an
image,
and
that
might
be
a
requirement
for
former
security
team
to
to
have
information
and
and,
for
example,
to
verify
the
origin
of
your
of
your
script
security
device.
B
Also,
the
integration
challenges
are
quite
rough
currently.
So,
for
example,
if
you
want
to
let's
say
you
are
using
the
usual
promotion
stack
on
top
of
kubernetes,
and
you
want
to
have
an
alert
for
your
room
event.
Then
your
pure
existing
upstream
unkill
script
will
not
get
you
there
by
default
out
of
box.
You
have
to
create
promise
metrics
from
that.
B
So
these
are
the
challenges
that
you
can
easily
solve
with
with
bumblebee,
and
on
top
of
that,
on
top
of
that,
you
can
only
just
focus
on
the
actual
kernel
space
code,
the
generation
of
the
application
side,
the
user
land
code
is
taken
care
of
by
bumblebee,
which
is
another
great
advantage
of
of
using
this
project.
A
A
B
Actually,
I
think
the
umkil
example
was
was
my
second
after
attempt
to
poke
port
script,
so
I
had
some
very
minor
experience
before
that.
B
B
So
your
so
your
code
that
you
found
on
the
internet
might
not
work
or
might
not
be,
might
not
have
the
best
performance,
and
these
are.
These
are
very
important
aspects
to
pay
attention,
so
I
had
to
jump
around
a
lot
check,
check,
documentations
and
existing
blog
posts
and
the
and
the
debugging
experience
was
was
not
that
not
that
great
as
well.
B
B
So,
probably
in
a
couple
of
months
or
years,
this
experience
will
be
pretty
simple,
but
bumblebee
is
a
great
step
in
into
the
direction,
because
with
bumblebee
you
can
just
focus
on
the
the
user,
the
kernel
space
code
and
and
that's
much
more
focused
on
the
actual
problem
that
that
you
are
trying
to
solve.
B
So
there
were
some
glitches,
but
the
experience
is
getting
better
and
better
and
soon
we
will
publish
a
blog
on
on
this
actual
porting
exercise,
which
will
go
into
much
more
details
about
the
technical
choices
and
the
technical
limitation
of
each
data
type
and
and
all
these
technical
things.
So
I
recommend
checking
that
post
out
when
it's
when
it's
out.
A
C
A
B
I
was
trying
to
implement
a
hello
world-like
application
where
I'm
just
printing
anything,
basically
into
into
anything.
I
had
the
kernel
space
and
reading
back
reading
it
back
from
the
user
space
and
after
that
I
think
it
was
the
exit
snoop
application,
which
is.
B
The
exit
course
it
was
fairly
straightforward.
The
approach
is
a
bit
different
than
with
we
don't
kill.
A
Yeah,
okay,
very
cool.
The
next
question
I
want
to
ask
you:
have
you
heard
of
this
cloudflare
exporter
and
what's
your
thoughts
on
you
know
the
difference
between
bumblebee
and
this
project.
B
Yes,
cloudflare
has
has
an
ebpf
exporter
which
has
similar
functionalities
to
the
to
the
functionalities
of
bumblebee.
That
is
focusing
on
the
primitives
exporter
side.
B
So
if
you
are
loading
evps
scripts
that
are
relying
on
that
data
structure
that
can
be
handled
already
but
yeah,
I
think
the
the
core
focus
of
the
two
projects
are
a
bit
different,
because,
while
the
cloudflare
exporter
is
basically
dbpf,
exporter
is
basically
just
an
exporter
focusing
on
exporting
ebpf
metrics
in
a
primitives
format.
The
wb
project
is
more
like
about
providing
a
runtime
for
your
scripts
and
about
distributing
these
modules
in
a
in
a
very
efficient
and
convenient
way.
A
Yeah,
I
guess
that's
a
small
piece
of
what
bumblebee
can
do.
Just
the
promise
is
that
expert
portion,
yes,
agree
all
right,
let's
get
to
the
demo,
then
I
think
our
audience
probably
have
been
waiting
for
that.
Should
I
bring
up
your
screen.
B
Yes,
you
can
bring
it
up,
so,
as
I
mentioned,
there
will
be
a
block
about
the
all
the
technical
details.
We
won't
have
time
to
to
get
into
to
all
this
all
these
inner
workings
of
of
the
script,
but
we
will
take
a
high
level
overview
of
of
everything.
B
B
B
If
you
take
a
look
at
the
dbpf
tools,
folder
in
the
bcc
repository,
you
will
see
that
all
these
examples
are
having-
maybe
two
or
or
sometimes
three
files.
One
of
them
is
the
dot
bpf.c,
which
is
basically
the
the
bpf
kernel
space
logic.
B
That's
the
main
part
of
the
of
the
actual
application,
then
there's
the
dot
c
extension,
which
is
the
the
application
side
of
things
getting
all
this
data
to
to
user
space
and
attaching
loading
and
destroying
the
the
resources
required
to
run
this,
and
sometimes
we
also
have
a
separate
header
if
the
data
types
requires
it.
B
B
We
are
handling
the
events.
We
are
handling
the
lost
events.
We
are
responsible
for
printing
all
this
data.
We
have
the
main
function
here.
B
We
have
all
these
fprintf
statements
here
and,
as
I
mentioned,
we
are
also
responsible
for
cleaning
up
all
this
or
this
resource
all
these
resources
that
we
have,
as
you
can
see,
it's
180
lines
of
code
and
the
premise
of
bumblebees
that
you
would
not
need
to
be
responsible
for
any
of
these,
because
bumblebee
can
take
take
care
of
it.
A
A
B
So
yes
download
this
file,
I
just
showed
you
the
bpf.c
and
let's
compare
it
to
the
file
that
I
made
during
the
during
porting
this
application.
B
B
Others,
of
course,
the
left
on
the
left
hand
side
you
can
see
the
original
code,
the
dot
bpf.c.
So
this
is
the
upstream
code
and
on
the
right
hand,
side
you
can
see
our
code.
B
Yes,
it's
it's
a
few
lines
more,
but
the
difference
is
it's
not
that
much.
B
So,
yes,
I
got
rid
of
the
this
header,
because
this
header
only
included
the
this
truck
that
defined
the
structure
of
our
data.
We
are
basically
interested
in
the
process,
that's
getting
room
killed
and
the
process.
That's
that's
currently
running
at
the
time
of
the
unkill,
so
we
will
you
we
will
need
the
the
name
of
these
two
commands.
B
C
B
Difference
is
having
a
different
map.
There
are
various
reasons
for
this.
The
first
and
the
detriment,
reason
is
that
bumblebee
currently
only
supports
two
map
types.
These
are
hashmap
and
ring
buff
ring
buffer.
As
you
can
see,
the
original
code
is
using
a
different
type.
That's
the
let's
say:
legacy
map
type,
it's
called
perf
buffer,
so
we
are
migrating
to
ring
buff
from
perth
buff,
because
bumblebee
only
can
handle
ring
buffer.
B
But
the
other
reason
for
this
change
is
that
currently
using
ring
buffer
instead
of
per
buffer
is
the
best
practice
because
it
can
solve
ordering
issues
it's
much
more
performant,
so
you
cannot
really
think
of
it
as
a
limitation,
it's
basically
the
the
current
good
practice
to
develop
your
abpf
code.
B
There
are
some.
There
are
some
trivial
changes
because
of
this
you
don't
need
to
specify
the
key
size.
You
just
need
to
define
the
max
entries
that
can
that
can
be
used
in
this
map.
You
can
think
of
this
map
if
you
are
not
familiar
with
the
with
this
bppf
concept
as
a
queue
as
a
high
performance.
Cue
that
you
can
write
into
from
the
kernel
space
and
access
all
these
data,
all
these
events
or
these
fields
at
the
at
the
application
side.
That's
basically
the
the
structure
structures
goal.
B
Yes
for
this
type,
we
are
using.
The
data
underscore
t
that
we
referenced
earlier
and
we
are
using
a
different
name.
The
original
code
called
it
events
and
we
are
calling
it
wound-
kills
that's
just
a
minor
detail,
but
it
will
be
important
when
we
are
taking
a
look
at
the
promise
integration,
because
we
are
exposing
all
this
data
as
a
primitives
metric.
B
This
name
will
be
used
to
name
the
metric,
so
you
can
find
it
easier.
So
I
I
thought
it
would
be
good
to
to
have
a
matching
name
for
for
this
script.
B
Yes,
yes,
if
you,
if
you
don't
know
what
what's
behind
this
metrics,
you
will
just
see
the
the
suffix
events
and
after
a
few
months
you,
you
won't
even
know
that
what
are
these
events?
Yes,
these
are
events.
B
These
are.
These
are
room,
kill
events.
You
are
free
to
choose
any
name,
but
I
think
using
the
proper
name
can
make
make
your
life
easier
in
the
long
run.
Yeah,
and
I
go
into
more
details
on
the
blog
about
this
primitives
integration
logic.
But
basically
the
nice
thing
with
bumblebee
is
that
it's
taking
care
of
all
these
metrics
explosions.
So,
basically
you,
you
can
just
add
the
dot
counter
suffix
to
your
map.
B
So
if
you
compare
these
two
two
lines,
the
difference
here
is
not
just
the
name,
but
the
original
has
the
dot
maps
and
our
version
has
the
dotmaps.counter.
C
B
Basically,
that's
it
after
this
point.
If
the
image
is
built
and
deployed,
you
can
scrape
all
the
content
of
your
map
as
a
parameters
matrix.
We
will
see
that
at
the
at
the
end
of
the
demo,
and
after
this
point
we
have
the
core
function,
the
core
bpf
logic.
This
logic
will
be
triggered
each
time
this
kernel
probe
is
executed
in
your
system.
B
So
basically
your
your
kernel
has
this
k
probe
and
every
time
it's
triggered,
you
can
execute
a
little
script
and
the
content
of
the
script
will
populate
this
data
type,
and
these
events
with
this
data
type
will
go
into
your
little
queue.
I
think
that's
the
simplest
way
of
explaining
the
process
of
a
simple
ebbf
script.
A
B
C
A
This
is
triggered.
You
essentially
update
the
map
so
that
your
user
program
can
have
access
which
bumblebee
provides.
B
Yes,
exactly
the
blog
is
going
more
details
about
each
of
these
instructions,
but
basically,
as
I
said,
we
are
interesting
in
we
are
interested
in
these
details.
The
process
that's
getting
room
killed,
that's
the
most
important
one
and
we
can
additionally
get
the
process
id
and
we
are.
We
can
also
get
the
process,
that's
being
run
at
the
time
of
the
room,
kill
which
might
be
which
might
help
to
pinpoint
which
process
caused
the
actual
wound
kill.
B
There
are
some
small
changes
at
the
beginning
at
the
end,
and
that's
because
our
migration
to
during
buffer,
because
ring
buffers
I
mentioned,
is
about
providing
an
more
a
more
performant
way
to
handle
these
events
in
the
ring
buffer.
You
can
basically
reserve
in
reserve
the
space
in
memory
for
your
events
and,
if
you
can,
if
you
could
preserve
it
and
populate
all
the
data
that
you
wanted,
you
can
submit
it
and
commit
it.
That's
a
simplified
api
on
top
of
the
existing
logic.
B
Basically,
it's
just
a
nicer
developer
experience
to
to
reserve
the
memory
space
and
and
commit
and
submit
this
data.
B
You
can
get
rid
of
insufficient
memory
copies
and
there
will
be
no
ordering
issues
if
you
are
running
on
multiple
cpus
and
the
events
are
arriving
at
a
therapeutic
pace
and,
as
you
can
see,
the
the
line
chain,
the
changes
are
are
not
that
complex.
Basically,
we
are
just
preserving
preserving
the
space
and
at
the
end,
submitting
submitting
this
and
and
that's
that's
about
it-.
B
Okay,
so
basically
that's
the
difference
between
the
two
codes,
as
I
mentioned
check
out
the
blog
for
further
details.
So
once
we
have
the
code,
let's
see
bumblebee
in
action
and
package
this
into
an
oci
image.
To
this
we
will
first
download
bumblebee
currently
beyond
dot
12
version,
and
it's
already
installed.
B
B
B
Yes,
exactly
if
we
try
to
run
this
image
locally,
we
will
see
if
there's
an
issue
with
the
code.
You
can.
You
can
test
it
locally,
for
example,
if
the
if
the
kernel
verifier
find
something,
that's
that
not
should
be
there
some
issue
with
with
your
code
regarding
memory,
access
or
performance,
you
will
be
notified
and
you
won't
be
able
to
load
it
into
your
kernel.
So
it's
a
pretty
safe
way
to
to
play
with
this.
I'm
only
using
this
lab
setup
because
catching
gunk
is
in
your
local
system
can
cause
issues.
C
B
B
If
we
would
have
any
issues
with
our
code,
we
wouldn't
see
the
interface
of
of
bumblebee.
We
would
be
able
to
get
an
error
of
of
some
sort.
So
if
we
see
this
actual
interface,
we
are
good
to
move
forward.
We
don't
see
any
events
here
because
we
don't
have
any
room
keys
in
our
system.
Fortunately,
but
we
will
simulate
this
after
a
couple
of
minutes.
B
B
So
we
can
use
this
quick
and
dirty
cube.
Ctr,
manifest
q
kubernetes
manifest
to
deploy
this
as
a
demo
set.
If
you
deploy
it
as
a
demonstrate,
you
will
have
bumble
bee
pots
on
your
across
all
of
your
notes.
So
if
you,
if
you
experience
any
memory
related
issue
in
any
of
those,
you
will
have
the
data.
B
As
you
can
see,
the
interesting
thing
here
is
that
we
have
a
single
container.
It's
called
bumblebee.
We
are
using
a
bumblebee
image
and
we
are
executing
the
b
command,
which
is
the
command
of
the
cli,
and
we
are
passing
a
few
arguments
like
run
and
we
are
referencing
the
image
that
we
just
pushed
to
our
local
repository
and
we
are
exposing
the
ports.
So
we
can
access
this
with
promedus.
B
C
B
Yes,
yes,
you
need
this
security
context
to
to
basically
to
run
the
ebpf
code,
it's
a
requirement
for
for
bumblebee.
You
can
explore
all
the
prerequisites
on
on
the
github
repo.
There
are
details
about
which
kernel
is
supported,
so.
C
B
Can
check
all
those
there
if
you
are
running
on
a
very
old
kernel
version
you
might
not
be
able
to
to
use
all
the
features
and
another
information
that
we
can
call
out
is
that,
as
I
mentioned,
bumblebee
is
using
ring
the
ring
buffer
map
type,
which
is
only
available
after
5.8
kernel
version
5.8.
B
I
think,
and
db
and
ebpf
is
available
a
bit
before
that,
but
to
actually
run
these
clips
in
these
forms,
you
have
to
have
at
least
color
version
5.8,
but
I
will
check
the
exact
date,
but
I
think
that's
that's
the
that's
the
version
which
introduced
the
ring
buffer
data
type.
C
B
Okay,
so
let's
deploy
promote
use,
we
are
using
the
q
promoter
stack
to
deploy
everything.
We
will
just
use
the
primitives
interface,
but
this
will
deploy
nearly
everything
we
are
putting
this
into
the
monitoring
namespace
that
we
are
creating.
Now
it
should
take
a
couple
of
seconds,
but
not
that
not
that
many
okay,
we
already
have
it.
B
B
I
was
a
bit
fast,
but
yes,
one
of
the
ports
are
not
running
not
yet
ready,
but.
C
B
Yes,
I
will
just
pour
forward
it
and
you
are
right
actually
that
that
that
is
missing.
Primitives
itself
is
already
grafana,
that's
that's
being
that's!
That's
currently
in
progress.
Primitives
were
just
not
yet
exposed
yet,
but
we
will
fix
that
shortly
before
we
expose
the
prometheus.
B
B
C
B
Now
we
should
just
wait
until
the
config
will
be
populated
into
the
primitives
config
map,
and
we
have
this
create
config
configuration.
We
should
see
bumblebee
targets
coming
up
bumblebee
because
we
have
three
notes.
A
B
We
already
have
one,
and
the
other
two
is
two-
should
be
ready
soon:
okay,
we
have
three
pair
three,
so
we
have
all
the
we
have
access
all
the
metrics
that
are
exposed
by
these
spots.
B
B
B
C
B
Yes,
and
as
I
mentioned,
the
suffix
of
this
generic
part
is
the
name
of
our
map,
so
if
we
would
stick
with
the
events,
this
would
be
ebps
or
io
events,
which
is
not
very
useful
on
the
long
run,
to
identify
these
rules,
so
it's
better
to
have
a
proper
name
for
it.
B
And
if
you
execute
this
query,
you
will
see
that
all
these
data
that
we
wanted
to
extract
from
from
our
events
are
basically
there
and
we
have
an
one
as
a
value,
because
we
had
we
care
because
we
had
a
long
gear
for
these
events.
As
you
can
see,
that's
the
t.
Com
dt
cam
is
the
name
of
the
process.
That's
getting
cool
queued
and
the
f
com,
the
name
of
the
process
that
was
running
at
the
time
of
the
unkill.
B
One
thing
that
that
can
be
a
bit
misleading
is
that
we
are
currently
running
primitives
stack
on
top
of
kubernetes
and
if
you
are
running
that
you
most
probably
are
running
that
you
will
have
these
default.
Kubernetes
labels
container
endpoint
job
and
pod,
and
actually,
if
you
check
these,
you
will
see
that,
for
you
have
the
bumble
bee
board
seo
as
the
value
for
your
poor
label
for
this
unkill
matrix,
which
can
be
misleading
because
not
your
actual
bumblebee
pods
getting
room
killed.
That's
not
the
not
the
port,
that's
causing
the
room
here.
B
That's
that's
just
the
port,
that's
exposing
these
metrics.
So
basically,
that's
just
a
ux
thing
because
correlating
with
the
actual
pod
requires
a
bit
more
ebpf
work.
B
So
yes,
currently
with
this
quick
proof
of
concept,
you
can
just
have
the
actual
name
of
the
process,
that's
getting
greater
than
the
nd
process
id,
but
in
this
case
it's
called
stress.
But,
for
example,
if
you
are
running
let's
say,
node.js
application
and
you
see
node.js
sd
killed
process,
then
you
can
probably
easily
pinpoint
that
your
front
ends
are
having
trouble
or
that
might
not
be
the
best
example.
B
But,
for
example,
based
on
the
the
actual
process
name,
you
can
probably
filter
down
the
actual
issue
and
and
root
case.
A
B
Yes,
exactly,
that's
that's
another
another.
B
That's
another
thing
that
can
be
a
bit
misleading.
The
instance
is
the
actual
node.
So,
for
example,
we
are
running
this
as
a
demon
set,
so
you
would
have
all
the
all
the
all
the
nodes
here
as
the
instance
and
the
port
is
the
is
the
port.
That's
that
bumblebee
exposes
in
this
example.
Actually
you
can
only
see
one
of
the
instances
and
that's
because
the
port.
A
Is
always
that
one
right
co-located
with
that
part
to
because
you
have
three
bumble-
bee
demon
set
instance,
but
only
one
of
them
are
co-located
with
this
part
that
runs.
B
Straight,
that's!
Yes,
exactly
that's
getting
goom
killed!
So
yes,
that's
another
good
thing
to
to
point
out
to
call
out.
Basically,
you
can
find
the
find
a
node
which,
which
was
hosting
your
problematic
application.
A
B
Yes,
we
have
that
many
value
for
this
matrix,
because
the
the
process
ids
are
different
and
it's
not
trivial
to
pinpoint
which
process
caused
the
issue.
Basically,
we
just
took
the
upstream
script
without
any
fine
tuning.
B
I'm
I'm
not
sure
the
original
upstream
script
was
written
to
focus
on
kubernetes
deployments,
so
this
data
can
make
more
sense
in
a,
for
example,
in
a
in
a
in
a
bare
metal
environment
where,
where
everything
is,
is
running
on
the
the
actual
host.
In
that
case,
it
can
provide
better
data,
but
you
can
fine-tune
db
ppf
the
ebpf
logic
to
get
rid
of
this
noise.
B
That's
the
that's
being
generated,
and-
and
that's
another
good
thing
here-
that
with
bumblebee
you
can
focus
on
iterating
your
kernel
space
code
and
the
application,
and
you
would
not
need
to
touch
the
the
user
land
bits
for
for
this
experimentation.
In
this
example,
that's
a
fine
example
that
you
have
some
data.
It's
working,
you
can
find
the
actual
process
that's
getting
killed.
B
The
result
is
not
perfect,
but
you
were
able
to
go
and
go
up
to
this
point
in
in
a
fraction
of
the
original
time
that
you
would
need
if
you
would
go
with
any
other
application.
So
you
can
just
iterate
on
your
pppf
code.
A
Yeah,
it's
so
much
better
than
not
having
this
data
right.
It's
at
least
tell
you
what
process
and
the
name-
and
you
know
the
process
id
so
and
also
it
tells
you
the
the
ip
address
which
you
can
find
out
on
which
kubernetes
vm
right.
So
that's
helpful
too
yeah
all
right!
This
is
really
cool.
I
want
to
ask
you:
is
there
anything
else
you
want
to
show
or
add
you
mentioned
a
workshop.
B
Yes,
as
you
can
see,
it's
the
usual
instruct
platform
that
we
are
using
to
to
host
our
workshops,
and
we
we
have
a
beginner
ebpf
lab
that
you
can
enroll
to
and
have
a
certificate
even
and
we
are
currently
working
on
another
ebpf
workshop
that
will
be
focusing
on
the
actual
on
on
developing
ebpf
applications.
B
Just
like
this
one.
So,
yes,
you
will
see
some
information
about
this
when
it
will
be
ready.
It's
currently
a
work
in
progress.
A
That's
great
so
once
you
have
the
your
blog
published
and
the
ebpf
program,
which
I
I
think
is
an
intermediate
program
built
on
top
of
a
fundamental
for
ebpf
by
solo
io,
where
were
published
in
the
comments
of
the
youtube,
so
that
you
guys
can
have
access,
so
this
has
been
wonderful.
I
feel
I
learned
a
lot
more
about
ebpf
and
bumblebee
myself
today.
So
christian,
I
want
to
take
a
minute
to
thank
you
for
your
time
to
you
know,
tell
us
the
story
of
you.
Protein
almond
kill
application.