Gadget traceloop

    The traceloop gadget traces system calls in a similar way to strace but with some differences:

    • traceloop uses eBPF instead of ptrace
    • traceloop's tracing granularity is the container instead of a process
    • traceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. The tracing could be permanently enabled and inspected in case of crash.

    Example CR

    apiVersion: gadget.kinvolk.io/v1alpha1
kind: Trace
metadata:
  name: traceloop
  namespace: gadget
spec:
  node: ubuntu-hirsute
  gadget: traceloop
  runMode: Manual
  outputMode: ExternalResource

    Operations

    collect

    Collect traceloop

    $ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=collect

    delete

    Delete a perf ring buffer owned by traceloop

    $ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=delete

    start

    Start traceloop

    $ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=start

    stop

    Stop traceloop

    $ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=stop

    Output Modes

    • Status
    • Stream
    Edit this page File documentation issue