Kubeadapt
DocsConfigurationAPI ReferenceCLI
CONFIGURATION

eBPF Agent

View on GitHub

Configuration reference for the Kubeadapt eBPF agent. Captures pod-to-pod network traffic for cross-AZ and egress cost visibility.

The eBPF agent runs as a DaemonSet on every node. It captures pod-to-pod network traffic and provides visibility into cross-AZ and egress data transfer.

Note

The eBPF agent is developed and collects pod-to-pod traffic metrics. Full network cost attribution requires cloud provider pricing integration (starting with AWS), which is in progress. So until that happens, you won't see network costs in the Kubeadapt UI. However, you can start collecting cross-AZ traffic data now, which helps us provide data backwards once pricing integration is live. Track the status on our roadmap.

Enable It

The eBPF agent is disabled by default. Enable it through the parent kubeadapt chart:

yaml
ebpf-agent: enabled: true

Or at install time:

bash
helm install kubeadapt kubeadapt/kubeadapt \ --namespace kubeadapt \ --create-namespace \ --set agent.config.token="<your-token>" \ --set ebpf-agent.enabled=true

Prerequisites

  • Linux nodes only with kernel 5.8 or later
  • Privileged container access (the DaemonSet runs as privileged)
  • hostNetwork: true and hostPID: true must be allowed by your pod security policy or admission controller
Warning

If your cluster uses a restrictive PodSecurityPolicy, OPA Gatekeeper, or Kyverno policy that blocks privileged containers, you need to create an exception for the kubeadapt namespace before enabling the eBPF agent.

Check Your Kernel Version

bash
kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.nodeInfo.kernelVersion}{"\n"}{end}'

All nodes must be running kernel 5.8+. Older kernels will fail to load the BPF programs.

Resources

yaml
ebpf-agent: resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 384Mi

If you see OOMKilled pods, increase the memory limit.

Scheduling

ValueTypeDefaultDescription
tolerationslist[]Pod tolerations.
nodeSelectorobject{}Node selector constraints.
affinityobject{}Pod affinity rules.
topologySpreadConstraintslist[]Topology spread constraints.
Tip

For complete network visibility, the eBPF agent should run on every node. Add a broad toleration so it is not excluded from tainted nodes.

Full Values Reference

The sections above cover what you need for enabling and scheduling the eBPF agent. For other configurations, see the full values.yaml.

← PreviousAgent ConfigurationNext →Auto-Upgrade