Load, attach, and manage eBPF programs safely and at scale — multi-program, declarative, secure — with bpfman.

Welcome to bpfman: Managing eBPF Programs.

A practical, in-depth guide to bpfman, the eBPF manager (a system daemon and Kubernetes operator) that makes eBPF production-ready. Learn how bpfman tames eBPF: the eBPF management problem (privileges, conflicts, lifecycle), the daemon and Kubernetes architecture, the program lifecycle (load, attach, maps, unload), multi-program support and dispatchers, distributing bytecode as OCI images, declarative eBPF on Kubernetes (operator, agents, CRDs), the centralized-privilege security model, and operating bpfman across a fleet.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What bpfman Is
2. Chapter 2 — The eBPF Management Problem
3. Chapter 3 — Architecture
4. Chapter 4 — The eBPF Program Lifecycle
5. Chapter 5 — Multi-Program Support and Dispatchers
6. Chapter 6 — Bytecode as OCI Images
7. Chapter 7 — bpfman on Kubernetes
8. Chapter 8 — Security and Privilege
9. Chapter 9 — Operations and Observability
10. Chapter 10 — bpfman in Practice