Brussels / 3 & 4 February 2024


Orchestrating eBPF Applications in Kubernetes and Fedora

Orchestrating eBPF Applications in Kubernetes and Fedora


eBPF stands as a groundbreaking technology enabling the execution of programs
in an isolated space within the kernel of the operating system, operating with
privileged access. This technology proves valuable for safely and efficiently
expanding the kernel's capabilities without necessitating alterations to the
source code or the loading of additional modules. This approach provides direct
access to the Linux kernel space, leading to notable improvements in

A key facilitator in this landscape is bpfd, a system daemon explicitly
designed to streamline the deployment and management of eBPF applications,
falling under the umbrella of Extended Berkeley Packet Filter.


bpfd boasts an operator specifically crafted for utilization within
Kubernetes, allowing users to deploy eBPF programs using a Custom Resource (CR)
within a Kubernetes cluster.

Presentation Highlights

During our discussion, we will delve into the developmental journey of bpfd,
tracing its origins from Aya, a Rust library designed for eBPF development. Our
exploration will extend to practical aspects such as leveraging the operator,
deploying applications, and understanding how Fedora elevates the user
experience as a host.

Security Considerations

A significant focus will be placed on addressing security concerns pertaining
to pods designated for the execution of eBPF applications within Kubernetes.
Additionally, we will explore the challenges and outstanding tasks related to
integration with Kubernetes, along with insights on collaborative efforts within
the eBPF sig-group in Fedora.

Real-world Adoption

It's worth noting that eBPF has already been adopted in production environments
by prominent companies, including Google, Netflix, Shopify, and Cloudflare. Join
us for an insightful discussion on the evolving landscape of eBPF orchestration
in Kubernetes and Fedora.


bpfman repo bpfd/bpfman documentation Fedora eBPF SIG


Photo of Daniel Mellado Daniel Mellado
Photo of Dave Tucker Dave Tucker