Inspektor Gadget is a collection of tools (or gadgets) for developers of Kubernetes applications. While it is primarily designed for Lokomotive, Kinvolk's open-source Kubernetes distribution, it can be used on other Kubernetes distributions.
How to use
$ kubectl gadget Collection of gadgets for Kubernetes developers Usage: kubectl gadget [command] Available Commands: capabilities Suggest Security Capabilities for securityContext execsnoop Trace new processes health Check the gadget installation on a Kubernetes cluster help Help about any command install Install or reinstall Inspektor Gadget on the worker nodes opensnoop Trace files tcpconnect Suggest Kubernetes Network Policies tcptop Show the TCP traffic in a pod traceloop Get strace-like logs of a pod from the past version Show version Flags: -h, --help help for kubectl-gadget --kubeconfig string Path to kubeconfig file (default "/home/alban/.kube/config") Use "kubectl gadget [command] --help" for more information about a command.
Inspektor Gadget is a kubectl plugin. It can also be invoked with
- Demo: the "execsnoop" gadget – watch it as GIF
- Demo: the "opensnoop" gadget – watch it as GIF
- Demo: the "traceloop" gadget – watch it as GIF
- Demo: the "capabilities" gadget – watch is as GIF
- Demo: the "tcptop" gadget – watch it as GIF
- Demo: the "tcpconnect" gadget — watch it as GIF
As preview for the above demos, here is the
How does it work?
Inspektor Gadget is deployed to each node as a privileged DeamonSet. It uses in-kernel BPF helper programs to monitor events mainly related to syscalls from userspace programs in a pod. The BPF programs are run by the kernel and gather the log data. Inspector Gadget's userspace utilities fetch the log data from ring buffers and display it. What BPF programs are and how Inspektor Gadget uses them is briefly explained here: