Skip to main content

Inspektor Gadget in 2025: Making Low Level Observability Accessible to All

Maya Singh
· 9 min read

2025 marked a year of significant progress and innovation for the Inspektor Gadget project. Across the observability landscape - monitoring, troubleshooting, and security - we focused relentlessly on the problems operators and developers face every day: reducing time to resolution when things go wrong, making powerful kernel-level visibility accessible without heroics, and improving trust in what runs in your clusters.

This blog post is by no means comprehensive, but acts as a look back at the user problems we tackled this year, why we pursued solving them, and how users put the project to work.

From Built-In to Image-Based Gadgets: The Big Shift

We completed the transition away from built-in gadgets to a fully modular, image-based architecture.

Why it matters: users asked for flexibility, maintainability, and a path to custom gadgets without forking the core. Image-based gadgets deliver all three and lay the groundwork for an ecosystem that can flourish and grow beyond the confines of the project itself.

  • Gadgets ship as easily sharable standalone OCI images with metadata, eBPF code, and optional WASM modules.
  • Users can store and distribute gadgets in standard registries including Artifact Hub, pin versions, and apply policies per image.
  • The architecture paves the way for innovation: community built gadgets, post-processing via WASM, and operators for a variety of export modes.

Enabling Continuous Observability: Inspektor Gadget + OpenTelemetry (OTel)

We know that a key piece of incident prevention is effective monitoring and alerting. While many initially saw Inspektor Gadget as strictly a real-time troubleshooting tool, we wanted to make it easier and more accessible to run IG continuously so users could be proactive around incident prevention. After discussion with the community, we learned that OpenTelemetry (OTel) standards were the way to enable this. In 2025, we made our OTel integration more natural and configurable:

  • We added native OTel operators and improvements so gadgets can emit metrics and logs in standardized formats right out of the box.
  • Through a configuration file users can further streamline integration with OpenTelemetry by specifying OTel export settings, enabling automatic collection and forwarding observability data from Inspektor Gadget to OTel-compatible backends.
  • Teams used this to connect eBPF-driven signals like DNS, TCP, and process events directly to Prometheus and Grafana or other cloud observability platforms without bespoke glue.

Why it matters: practitioners shouldn’t have to choose between deep kernel visibility and easy pipeline integration. With IG’s OTel operators, the same tools that measure your SLOs can now surface meaningful continuous insights inside the node and container runtime.

Troubleshooting in Natural Language: Inspektor Gadget + MCP

A big friction point we kept hearing was this idea that "I know IG can capture exactly what I need, but I don't always remember which gadgets to use or the flags or the filter syntax that come along with kubectl gadget." The new Inspektor Gadget MCP server bridges that gap by letting users simply bring their problem to LLM-powered assistants using plain language. Behind the scenes, MCP translates that into the right gadget invocations, parameters, and filters and then streams results back with context, making troubleshooting easier than ever.

  • Users can now simply indicate to their LLM assistant of choice that their cluster is facing excessive CPU or memory utilization and the AI can execute top_process behind the scenes (with appropriate permissions and guardrails in place), surface the results, and help interpret them.
  • Similarly, one can request their LLM to “capture packets from the checkout service to the database” and get tcpdump wired up with meaningful enrichments.

Why it matters: users want outcomes, not syntax. MCP lowers the barrier to expert-grade observability so more people in the team can troubleshoot quickly without having to think through the complexities associated with the details.

Gadgets That Solve Real Problems

Image-based gadgets continued to expand this year, centered on everyday troubleshooting and performance diagnostics:

  • tcpdump: In-cluster packet capture with practical filtering and Kubernetes enrichment. Operators use it to trace elusive cross-service timeouts and to validate network policies on live traffic.
  • ttysnoop: Monitors interactive activity in containers. Helpful for auditing interactive sessions and investigating unexpected command execution to keep workloads secure.
  • top_process: Surfaces the highest CPU and memory consumers across nodes or pods. Ideal for identifying resource intensive processes without ssh-ing into hosts.

Why it matters: when users report “it’s slow” or “it works from one node but not another,” these gadgets bring precision. They narrow problems from vague symptoms to specific components quickly, reducing mean time to resolution and improving confidence in remediation steps.

eBPF Stats: Understand the Impact

With eBPF becoming pervasive, we heard a recurring need: “How do I know what eBPF is doing on my system? What is the impact here?” The bpfstats gadget and our IG benchmark framework answers that by giving operators real-time insight and metrics about loaded BPF programs and the overhead of IG on the system. This increases transparency and helps teams manage eBPF usage responsibly.

  • See which programs are loaded, where, and by which components.
  • Monitor runtime behavior and resource usage to detect anomalies or regressions early.
  • Measure Inspektor Gadget’s overhead in controlled benchmarks to ensure it stays within acceptable limits.

Why it matters: eBPF delivers powerful insights, and like any tool, users should know how it impacts their systems. bpfstats and our benchmark framework help teams balance visibility gains with resource stewardship and guardrail enforcement.

Security: Verify What You Run

Modern production demands supply-chain trust. We invested heavily in signature verification and secure image workflows, guided by the question: “Can users verify and enforce what’s allowed to run?”

  • Added Notation signature verification for images integrated into the signature-verifier.
  • Made improvements to our Cosign integration for better usability and reliability.
  • Hardened container runtime detection to avoid symlink/path attacks.

Why it matters: the more IG becomes part of critical debugging, monitoring, and security workflows, the more it itself must be trustworthy and controllable. These changes help teams lock down which gadgets can run and prove their provenance.

Community Growth

We kept users at the center of development through open dialogue and shared learning. It is important for us to keep sharing the message and value prop of Inspektor Gadget so that community members are empowered to have full visibility into their systems in an easy to use way.

Highlights include:

  • Community calls and an updated calendar to make engagement easier.
  • TAG Observability involvement and CNCF lifecycle analysis to keep alignment with CNCF best practices.
  • A focus on increasing the diversity of maintainers and contributors so the project reflects the community it serves.

Events + Webinars

We aimed to meet users where they are - at conferences and virtually - so they can keep learning about IG and eBPF:

Why it matters: better education reduces time-to-adoption and helps teams apply IG to their real-world scenarios, not just demos.

Highlights from 2025 Blog Posts

Mentorship: Real Impact, Real Features

The CNCF’s LFX Mentorship program pairs aspiring contributors with project maintainers to create meaningful impact to the open source project while guiding the mentees through contributions. This program enables mentees to receive structured guidance, create real PRs, and develop a path to long‑term community involvement. This year, IG maintainers acted as mentors and worked with mentees to ship meaningful improvements to the project. Our 2025 mentees included:

  • Kapil Sareen (LFX, June 2025): Upgraded the ig image inspect command so developers can deeply introspect gadget images—eBPF, WASM, metadata—speeding up debugging and gadget authoring.
  • Daksh Kaushik (LFX, June 2025): Added Rust-based gadget development via WASM, including bindings and build tooling, opening the door to a broader developer community.
  • Shaheer Ahmad (LFX, June 2025): Enabled true unit testing and built tests across IG, increasing reliability and confidence, plus contributions toward the Snapshot File gadget.
  • Emidowojo Opaluwa (LFX, September 2025): Advanced Traceloop traction with documentation and outreach so more users can put it to work in production troubleshooting.

Why it matters: mentorship isn’t just about shipping features for the project, it's about developing the next generation of open source leaders.

What’s Next

  • We will continue to invest in the OpenTelemetry integration to make it even easier to run IG continuously for observability and alerting use cases.
  • MCP will see more enhancements around LLM integrations, security, and usability to further lower the barrier to entry for users.
  • Continued investments in secure, verifiable gadget delivery and policy enforcement.
  • Improved developer experience and tooling for gadget authors and users alike to foster a vibrant ecosystem.

Thank You

To everyone who filed issues, attended calls, shipped PRs, or shared stories about how IG helped you troubleshoot, monitor, or secure your systems a huge thank you. Your real-world problems guided our priorities and shaped what we built this year.

If you want to get involved, join a community call, message us on Slack, try a gadget from Artifact Hub, or open an issue describing the problem you're trying to solve. We'll keep listening and building with our community at the center.