Who Owns Your Pod? Observing and Blocking Unwanted Behavior at eBay With eBPF

Explore how eBay leverages Tetragon, an eBPF-based observability and enforcement tool, to enhance pod security and understand container activities in Kubernetes environments. Discover two practical use cases: replacing Auditbeat with Tetragon by mapping audit rules to tracing policies and identifying functionality gaps, plus auditing container process permissions to determine migration paths to more restrictive pod security policies. Learn about deployment challenges including SIEM platform integration, resource utilization considerations, and implementing runtime enforcement to block unwanted pod behavior. Gain practical insights into using eBPF technology for observability, policy refinement, and improving overall pod security posture while adhering to the principle of least privilege in cloud native environments.