Kubernetes, modern uygulama geli\u015ftirme ve da\u011f\u0131t\u0131m\u0131n\u0131n vazge\u00e7ilmez bir par\u00e7as\u0131 haline geldi. Ancak, Kubernetes ortamlar\u0131n\u0131n karma\u015f\u0131kl\u0131\u011f\u0131, a\u011f trafi\u011fini izleme ve g\u00fcvenli\u011fi sa\u011flama konusunda \u00f6nemli zorluklar yarat\u0131r. \u0130\u015fte tam bu noktada, eBPF (extended Berkeley Packet Filter) teknolojisi devreye giriyor. eBPF, \u00e7ekirdek seviyesinde programlama yapma imkan\u0131 sunarak, a\u011f trafi\u011fini derinlemesine analiz etmeyi ve g\u00fcvenlik politikalar\u0131n\u0131 esnek bir \u015fekilde uygulamay\u0131 m\u00fcmk\u00fcn k\u0131lar.<\/p>\n
eBPF, ba\u015flang\u0131\u00e7ta a\u011f paketlerini filtrelemek i\u00e7in tasarlanm\u0131\u015f bir teknolojiydi. Ancak zamanla, \u00e7ekirdekte g\u00fcvenli bir \u015fekilde kod \u00e7al\u0131\u015ft\u0131rma yetene\u011fi sayesinde, performans analizi, g\u00fcvenlik izleme ve daha bir\u00e7ok alanda kullan\u0131labilir hale geldi. eBPF programlar\u0131, \u00e7ekirdek olaylar\u0131na tepki verir ve bu olaylarla ilgili verileri toplar. Toplanan veriler, kullan\u0131c\u0131 alan\u0131ndaki uygulamalar taraf\u0131ndan analiz edilebilir.<\/p>\n
Geleneksel a\u011f izleme ara\u00e7lar\u0131 genellikle kullan\u0131c\u0131 alan\u0131nda \u00e7al\u0131\u015f\u0131r ve \u00e7ekirdek ile ileti\u015fim kurmak i\u00e7in sistem \u00e7a\u011fr\u0131lar\u0131n\u0131 kullan\u0131r. Bu durum, performans a\u00e7\u0131s\u0131ndan \u00f6nemli bir y\u00fck getirebilir. eBPF ise \u00e7ekirdekte \u00e7al\u0131\u015ft\u0131\u011f\u0131 i\u00e7in, sistem \u00e7a\u011fr\u0131lar\u0131na gerek kalmadan do\u011frudan verilere eri\u015febilir. Bu da, \u00e7ok daha d\u00fc\u015f\u00fck bir gecikmeyle ve daha az kaynak t\u00fcketerek a\u011f trafi\u011fini izlemeyi m\u00fcmk\u00fcn k\u0131lar.<\/p>\n
Kubernetes ortam\u0131nda eBPF, \u00e7e\u015fitli kullan\u0131m senaryolar\u0131nda de\u011ferli bir ara\u00e7t\u0131r:<\/p>\n
eBPF, Kubernetes k\u00fcmelerindeki a\u011f trafi\u011fini detayl\u0131 bir \u015fekilde izlemek i\u00e7in kullan\u0131labilir. Hangi servislerin birbiriyle ileti\u015fim kurdu\u011funu, hangi protokollerin kullan\u0131ld\u0131\u011f\u0131n\u0131 ve a\u011f performans\u0131n\u0131 etkileyen fakt\u00f6rleri belirlemek m\u00fcmk\u00fcnd\u00fcr. \u00d6rne\u011fin, Cilium gibi eBPF tabanl\u0131 a\u011f \u00e7\u00f6z\u00fcmleri, servisler aras\u0131ndaki ileti\u015fimi \u015fifreleyebilir ve a\u011f politikalar\u0131n\u0131 uygulayabilir.<\/p>\n
eBPF, Kubernetes k\u00fcmelerindeki g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tespit etmek ve \u00f6nlemek i\u00e7in kullan\u0131labilir. Anormal a\u011f trafi\u011fi desenlerini belirleyerek, sald\u0131r\u0131lar\u0131 tespit etmek ve engellemek m\u00fcmk\u00fcnd\u00fcr. \u00d6rne\u011fin, bir pod’un beklenmedik bir \u015fekilde d\u0131\u015f d\u00fcnyaya ba\u011flanmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131 durumlarda, eBPF programlar\u0131 bu durumu tespit edebilir ve uyar\u0131 verebilir.<\/p>\n
eBPF, Kubernetes k\u00fcmelerindeki uygulamalar\u0131n performans\u0131n\u0131 analiz etmek i\u00e7in kullan\u0131labilir. Uygulamalar\u0131n hangi kaynaklar\u0131 kulland\u0131\u011f\u0131n\u0131, hangi fonksiyonlar\u0131n yava\u015f \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ve performans darbo\u011fazlar\u0131n\u0131 belirlemek m\u00fcmk\u00fcnd\u00fcr. Bu bilgiler, uygulamalar\u0131n optimize edilmesi ve performans\u0131n\u0131n art\u0131r\u0131lmas\u0131 i\u00e7in kullan\u0131labilir.<\/p>\n
eBPF, Kubernetes a\u011f politikalar\u0131n\u0131 daha etkin bir \u015fekilde uygulamak i\u00e7in kullan\u0131labilir. \u00d6rne\u011fin, belirli pod’lar\u0131n belirli servislerle ileti\u015fim kurmas\u0131n\u0131 engellemek veya belirli protokollerin kullan\u0131m\u0131n\u0131 k\u0131s\u0131tlamak m\u00fcmk\u00fcnd\u00fcr. Cilium gibi \u00e7\u00f6z\u00fcmler, Kubernetes a\u011f politikalar\u0131n\u0131 eBPF kullanarak uygular ve bu sayede y\u00fcksek performans ve esneklik sa\u011flar.<\/p>\n
eBPF’yi Kubernetes ortam\u0131nda kullanmaya ba\u015flamak i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 izleyebilirsiniz:<\/p>\n
\u00d6rnek: TCP Ba\u011flant\u0131lar\u0131n\u0131 \u0130zleme<\/b><\/p>\n Bu kod, TCP ba\u011flant\u0131lar\u0131n\u0131 izlemek i\u00e7in basit bir eBPF program\u0131 \u00f6rne\u011fidir. Bu program, `tcp_v4_connect` fonksiyonuna kprobe ve kretprobe ekleyerek, her yeni TCP ba\u011flant\u0131s\u0131 kuruldu\u011funda bir saya\u00e7 art\u0131r\u0131r. Bu saya\u00e7, ba\u011flant\u0131 bilgilerini (PID, kaynak IP adresi, hedef IP adresi, kaynak portu, hedef portu) i\u00e7erir. Program, bu bilgileri d\u00fczenli aral\u0131klarla yazd\u0131r\u0131r.<\/p>\n BirCloud olarak, bulut \u00e7\u00f6z\u00fcmleri konusundaki uzmanl\u0131\u011f\u0131m\u0131zla, Kubernetes ortamlar\u0131nda eBPF’nin potansiyelini en \u00fcst d\u00fczeye \u00e7\u0131karmak i\u00e7in \u00e7e\u015fitli hizmetler sunuyoruz. M\u00fc\u015fterilerimize, eBPF tabanl\u0131 a\u011f izleme ve g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini entegre etmelerine yard\u0131mc\u0131 oluyor, \u00f6zel ihtiya\u00e7lar\u0131na g\u00f6re \u00f6zelle\u015ftirilmi\u015f \u00e7\u00f6z\u00fcmler geli\u015ftiriyoruz.<\/p>\n Ayr\u0131ca, BirCloud’un bulut platformu, eBPF programlar\u0131n\u0131n kolayca da\u011f\u0131t\u0131lmas\u0131n\u0131 ve y\u00f6netilmesini sa\u011flayan ara\u00e7lar sunar. Bu sayede, m\u00fc\u015fterilerimiz eBPF’nin avantajlar\u0131ndan faydalan\u0131rken, karma\u015f\u0131k altyap\u0131 y\u00f6netimiyle u\u011fra\u015fmak zorunda kalmazlar.<\/p>\n A\u00e7\u0131k kaynak kodlu \u00e7\u00f6z\u00fcmlere olan ba\u011fl\u0131l\u0131\u011f\u0131m\u0131zla, eBPF ekosistemine katk\u0131da bulunmaya ve m\u00fc\u015fterilerimizin bu teknolojiden en iyi \u015fekilde yararlanmalar\u0131n\u0131 sa\u011flamaya odaklan\u0131yoruz.<\/p>\n eBPF, Kubernetes ortamlar\u0131nda a\u011f izleme ve g\u00fcvenli\u011fi \u00f6nemli \u00f6l\u00e7\u00fcde geli\u015ftiren g\u00fc\u00e7l\u00fc bir teknolojidir. Y\u00fcksek performans\u0131, esnekli\u011fi ve derinlemesine g\u00f6r\u00fcn\u00fcrl\u00fck sa\u011flamas\u0131 sayesinde, modern uygulama geli\u015ftirme ve da\u011f\u0131t\u0131m\u0131n\u0131n vazge\u00e7ilmez bir par\u00e7as\u0131 haline gelmi\u015ftir. BirCloud olarak, m\u00fc\u015fterilerimize eBPF’nin potansiyelini en \u00fcst d\u00fczeye \u00e7\u0131karmalar\u0131na yard\u0131mc\u0131 olmak i\u00e7in kapsaml\u0131 \u00e7\u00f6z\u00fcmler sunuyoruz. Kubernetes k\u00fcmelerinizde daha iyi a\u011f izleme ve g\u00fcvenlik sa\u011flamak istiyorsan\u0131z, eBPF’yi de\u011ferlendirmeniz kesinlikle faydal\u0131 olacakt\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":" Kubernetes ortamlar\u0131nda eBPF kullanarak a\u011f trafi\u011fini nas\u0131l izleyebilece\u011finizi, g\u00fcvenli\u011fi nas\u0131l art\u0131rabilece\u011finizi ve BirCloud’un bu konudaki \u00e7\u00f6z\u00fcmlerini ke\u015ffedin.<\/p>\n","protected":false},"author":1,"featured_media":2670,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[160],"tags":[177,165,161,164,155],"class_list":["post-2671","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bulut-bilisim","tag-ag-izleme","tag-bulut-bilisim","tag-ebpf","tag-guvenlik","tag-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/posts\/2671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/comments?post=2671"}],"version-history":[{"count":0,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/posts\/2671\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/media\/2670"}],"wp:attachment":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/media?parent=2671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/categories?post=2671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/tags?post=2671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\nfrom bcc import BPF\n\n# eBPF program\u0131\nprogram = \"\"\"\n#include \n\nstruct key_t {\n u32 pid;\n u32 saddr;\n u32 daddr;\n u16 sport;\n u16 dport;\n};\n\nBPF_HASH(connections, struct key_t, u64);\n\nint kprobe__tcp_v4_connect(struct pt_regs *ctx, struct sock *sk) {\n struct key_t key = {};\n\n key.pid = bpf_get_current_pid_tgid();\n key.saddr = sk->__sk_common.skc_rcv_saddr;\n key.daddr = sk->__sk_common.skc_daddr;\n key.sport = sk->__sk_common.skc_num;\n key.dport = sk->__sk_common.skc_dport;\n\n u64 zero = 0;\n connections.lookup_or_init(&key, &zero);\n\n return 0;\n}\n\nint kretprobe__tcp_v4_connect(struct pt_regs *ctx) {\n int ret = PT_REGS_RC(ctx);\n if (ret != 0) {\n return 0; \/\/ Ba\u011flant\u0131 ba\u015far\u0131s\u0131z oldu\n }\n\n struct key_t key = {};\n\n key.pid = bpf_get_current_pid_tgid();\n \/\/ sk de\u011fi\u015fkenine eri\u015fim g\u00fcvenli olmayabilir, bu y\u00fczden atlan\u0131yor\n\n u64 *val = connections.lookup(&key);\n if (val) {\n (*val)++;\n }\n\n return 0;\n}\n\"\"\"\n\n# BPF program\u0131n\u0131 y\u00fckle\nb = BPF(text=program)\n\n# Tabloyu yazd\u0131r\nwhile True:\n try:\n for k, v in b[\"connections\"].items():\n print(\"PID: %d, SADDR: %d, DADDR: %d, SPORT: %d, DPORT: %d, Count: %d\" % (\n k.pid, k.saddr, k.daddr, k.sport, k.dport, v.value\n ))\n time.sleep(2)\n except KeyboardInterrupt:\n exit()\n<\/code><\/pre>\nBirCloud Perspektifi<\/h2>\n
Sonu\u00e7<\/h2>\n