Version: latest

Gadget traceloop

The traceloop gadget traces system calls in a similar way to strace but with some differences:

traceloop uses eBPF instead of ptrace
traceloop's tracing granularity is the container instead of a process
traceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. The tracing could be permanently enabled and inspected in case of crash.

Example CR

apiVersion: gadget.kinvolk.io/v1alpha1
kind: Trace
metadata:
  name: traceloop
  namespace: gadget
spec:
  node: ubuntu-hirsute
  gadget: traceloop
  runMode: Manual
  outputMode: ExternalResource

Operations

collect

Collect traceloop

$ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=collect

delete

Delete a perf ring buffer owned by traceloop

$ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=delete

start

Start traceloop

$ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=start

stop

Stop traceloop

$ kubectl annotate -n gadget trace/traceloop \
    gadget.kinvolk.io/operation=stop

Output Modes

Status
Stream

Example CR​

Operations​

collect​

delete​

start​

stop​

Output Modes​

Example CR

Operations

collect

delete

start

stop

Output Modes