eBPF Fundamentals
eBPF Fundamentals explains the kernel-programmability model behind Cilium, Tetragon, Pixie, KubeArmor, and other modern platform tools. Read it after Linux and Kubernetes basics, then use it as the shared vocabulary for networking, observability, and runtime security modules that depend on BPF programs, maps, helpers, the verifier, and BTF-based portability.
Modules
Section titled “Modules”| # | Module | Time | What You’ll Learn |
|---|---|---|---|
| 1.1 | eBPF Fundamentals | 55-65 min | Kernel hooks, programs, maps, helpers, verifier, CO-RE, and operating risks |
| 1.2 | eBPF Security & Networking Deep-Dive | 70-85 min | Cilium datapath (XDP/tc/socket, kube-proxy replacement maps), L3/L4 vs L7 split, Tetragon kprobe/LSM enforcement, migration playbook |
Best Next Steps
Section titled “Best Next Steps”After 1.1 and 1.2, apply the mental model in toolkit overviews: Cilium (operations and policies), Tetragon (TracingPolicy catalog), KubeArmor, and Hubble. Module 1.2 is the kernel-datapath companion; 5.1 and 4.5 stay at the tool-overview layer.