Inspektor Gadget is a set of tools and a framework enabling observability of Kubernetes clusters and Linux hosts using eBPF.
You can use the framework to create your own tools, _i.e._ gadgets, which are packaged as OCI images, enabling you to easily share them with other users.
Inspektor Gadget handles the enrichment of low-level data, like disk I/O to higher level ones, like container names.
Azure Linux is an open source Linux distribution developed by Microsoft.
It is the predominant Linux distribution for first-party Microsoft services and is also available for customers via, among others, Azure Kubernetes Service (AKS).
Recently, the Azure Linux team officially released its version 3.
Starting with this version, Inspektor Gadget is available in the official repository and can be installed by simply calling `dnf`.
This is a big improvement, as previously users had to download the RPM package available in our release pages themselves before proceeding with the installation.
Let's now deploy an Azure Linux 3 VM to install and use Inspektor Gadget, specifically the `trace exec` gadget to monitor the corresponding syscalls:
# Let's set some variables we will use to deploy the Azure Linux VM.
you@home$ resource_group='azure-linux-3'
you@home$ vm='azure-linux-3-vm'
you@home$ admin='testadmin'
you@home$ image='MicrosoftCBLMariner:azure-linux-3:azure-linux-3:latest'
# Let's now create the resource group and the VM inside it.
you@home$ az group create --name $resource_group --location westeurope
...
you@home$ az vm create --resource-group $resource_group --name $vm --image $image --admin-username ${admin} --generate-ssh-keys --security-type Standard
...
you@home$ ip=$(az vm show --resource-group $resource_group --name $vm -d --query '[privateIps]' --output tsv)
# We can now connect to the VM through ssh.
you@home$ ssh $admin@$ip
testadmin@azure-linux-3-vm [ ~ ]$ cat /etc/os-release
NAME="Microsoft Azure Linux"
VERSION="3.0.20240727"
ID=azurelinux
VERSION_ID="3.0"
PRETTY_NAME="Microsoft Azure Linux 3.0"
ANSI_COLOR="1;34"
HOME_URL="https://aka.ms/azurelinux"
BUG_REPORT_URL="https://aka.ms/azurelinux"
SUPPORT_URL="https://aka.ms/azurelinux"
# Let's install ig!
testadmin@azure-linux-3-vm [ ~ ]$ sudo dnf install -y ig
Last metadata expiration check: 0:03:01 ago on Thu Aug 22 08:31:41 2024.
Dependencies resolved.
=========================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================
Installing:
ig x86_64 0.30.0-1.azl3 azurelinux-official-base 18 M
Transaction Summary
=========================================================================================================================================
Install 1 Package
Total download size: 18 M
Installed size: 69 M
Downloading Packages:
ig-0.30.0-1.azl3.x86_64.rpm 3.2 MB/s | 18 MB 00:05
-----------------------------------------------------------------------------------------------------------------------------------------
Total 3.2 MB/s | 18 MB 00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : ig-0.30.0-1.azl3.x86_64 1/1
Installed:
ig-0.30.0-1.azl3.x86_64
Complete!
testadmin@azure-linux-3-vm [ ~ ]$ ig version
v30.0.0
# Let's run a simple loop spawning some processes.
testadmin@azure-linux-3-vm [ ~ ]$ while true; do date > /dev/null; sleep 1; done &
[1] 2035
# Let's trace the exec syscall with the corresponding ig tool.
testadmin@azure-linux-3-vm [ ~ ]$ sudo ig trace exec --host
RUNTIME.CONTAINERNAME PID PPID COMM PCOMM RET ARGS
2127 2035 date bash 0 /usr/bin/date
2128 2035 sleep bash 0 /usr/bin/sleep 1
2129 2035 date bash 0 /usr/bin/date
2130 2035 sleep bash 0 /usr/bin/sleep 1
^C
testadmin@azure-linux-3-vm [ ~ ]$ kill 2035
As you can see, ig was able to report the exec() syscalls done to run date and sleep!
This way, you can use the tool to diagnose and troubleshoot AzureLinux host processes as well as processes running in containers!
This work would not have been possible without the help from the AzureLinux team, particularly Christopher Co and Muhammad Falak R. Wani.
We thank them for making it possible!