Chapter 1. What is eBPF, Why Is It Important?

In this chapter, we’ll introduce eBPF, explain why it was created, and discuss its evolution over the years. We’ll explain how eBPF works in detail and why it is considered to be the most innovative Linux technology of this decade. Chapter 2 will describe why it is essential for the Cloud Native industry and how it can revolutionize the legacy Runtime Security Observability and Enforcement tools.

To make this book more interesting, we’ll describe and illustrate the different technological concepts through a sophisticated Kubernetes attack that touches each layer of a software lifecycle. This attack will start from the supply chain layer during the pre-deployment and end at the runtime layer during the post-deployment process.

Now let’s briefly explore the hypothetical attack scenario in your Kubernetes build environment! You don’t need to understand the details of this attack now, but ...