https://github.com/tonyliu666/trace-your-container

get the details of docker containers running on the host via ebpf technology
https://github.com/tonyliu666/trace-your-container

docker ebpf libbpf

Last synced: 5 months ago
JSON representation

get the details of docker containers running on the host via ebpf technology

• Host: GitHub
• URL: https://github.com/tonyliu666/trace-your-container
• Owner: tonyliu666
• Created: 2024-07-30T16:19:43.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-11-18T17:56:53.000Z (over 1 year ago)
• Last Synced: 2025-04-02T07:41:26.999Z (about 1 year ago)
• Topics: docker, ebpf, libbpf
• Language: C
• Homepage:
• Size: 189 MB
• Stars: 2
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
## Trace Your Container

Before moving on, please consider giving us a GitHub star ⭐️. Thank you!

#### About Trace Your Container

Trace Your Container is an observability tool that helps you understand the details happened under the docker container

It is leveraging eBPF technology to expose the information about the events occuring in your docker engine, eg: create a container, delete a container, remove a file and collect the system calls of the specific container. 

Currently, Only supports for the kernel version **6.8.0-48-generic**. So if your kernel version is not this one, you could consider about installing Virtual Machine. I have provided a simple guildance for you. 

#### Quickstart

* Install VM: (you can download the vagrant CLI at first: https://developer.hashicorp.com/vagrant/install  and Virtualbox)

```bash

vagrant up

```

* Directly use the docker image: 

```bash

docker run -it --rm  --privileged --ulimit nproc=4096 -v /lib/modules:/lib/modules:ro -v /etc/localtime:/etc/localtime:ro -v /sys/fs/bpf:/sys/fs/bpf --pid=host --cgroupns=host  tonyliu666/ebpf-for-mac:v1

```

* or you can build the image: 

```bash

docker build -t ebpf-program .

```

Then: 

```bash

docker run -it --rm  --privileged --ulimit nproc=4096 -v /lib/modules:/lib/modules:ro -v /etc/localtime:/etc/localtime:ro --pid=host --cgroupns=host  ebpf-program

```

In the ebpf-program container: 

```bash

cd app 

```

```bash

make docker

```

Then enjoy it! 

**parameters explaination** : 

* --privileged: elevated privileges to perform tasks that involve accessing kernel tracing features

* --ulimit: Due to limitation of sizes of ebpf hashOfMap, I would like to set the process limits of the running container

* /lib/modules: share the linux headers on your host with the container so that it can leverage the header files in kernel. 

* --pid=host: share pid namespace with your host

* --cgroupns=host: share the namespaces with your host

**Demo Video**: 

#### Contributing

Welcome any who has some interests on my project to contribute your codes.