eBPF: From Kernel to Cloud

Reading Time: < 1 minute

eBPF: From Kernel to Cloud

An 18-episode series on eBPF for Linux and Kubernetes engineers — from what it is and how the verifier keeps it safe, through program types, maps, networking, observability, and runtime security, to building infrastructure that can audit itself in real time.

Who it’s for: Linux administrators, DevOps engineers, and SREs running Kubernetes clusters who want to understand what eBPF-based tools like Cilium, Falco, and Tetragon are actually doing in kernel space.

bpftool prog list       # what is loaded in kernel space right now
bpftool net list        # which interfaces have XDP or TC attached
bpftool map list        # what state is the kernel holding
bpftool map dump id N   # what is actually in that state

By EP14, these four commands are all you need to audit any cluster.

Published Episodes

EP Title
EP01 What Is eBPF? A Plain-English Guide for Linux and Kubernetes Engineers
EP02 BPF Verifier Explained: Why eBPF Is Safe for Production Kubernetes
EP03 eBPF vs Kernel Modules: An Honest Comparison for K8s Engineers
EP04 eBPF Program Types — What’s Actually Running on Your Nodes
EP05 eBPF Maps — The Persistent Data Layer Between Kernel and Userspace
EP06 CO-RE and libbpf — Write Once, Run on Any Kernel
EP07 XDP — Packets Processed Before the Kernel Knows They Arrived
EP08 TC eBPF — Pod-Level Network Policy Without iptables
EP09 bpftrace — Kernel Answers in One Line
EP10 Network Flow Observability — What Every Connection Reveals

New episodes publish every Tuesday. Subscribe to get them in your inbox.

Start with EP01: What Is eBPF? →

Get new episodes in your inbox every Tuesday → linuxcent.com/subscribe