Zero-Instrumentation Observability with eBPF

How do you troubleshoot container activity across a complex microservice architecture without instrumenting your code? This session explores how eBPF is enabling a fundamentally different approach to collecting telemetry data in modern distributed systems.

As systems have grown from simple web applications into sprawling microservice architectures, observability has become harder to achieve and more critical than ever. The core questions teams need to answer, including how the system is performing right now, why certain requests are failing, and why some requests are taking longer than expected, require reliable access to metrics, logs, and traces without the overhead of traditional instrumentation.

This talk dives into eBPF, a Linux kernel feature that allows small programs to run in kernel space, enabling telemetry collection at a level that captures application behavior without requiring code changes. We cover how eBPF maps maintain state between program calls, and how this foundation makes it possible to gather rich observability data passively.

The session walks through a Golang-based open source node agent that tracks all communications between processes and containers, and captures application-level protocol data including support for encrypted traffic. We also explore how an eBPF-based approach to continuous profiling works, covering how the agent gathers and stores profiling data without requiring any integration into your application.

If you're a DevOps engineer or SRE looking to gain deeper visibility into your containerized infrastructure without the burden of manual instrumentation, this session offers a practical look at what eBPF-powered observability makes possible.