Loading eBPF code requires running privileged containers. While this might seem unusual, there's nothing to worry about - eBPF is safe by design!
Flora uses eBPF’s CO:RE feature in order to support the vast variety of linux kernels and distributions detailed above. This feature requires the kernel to be compiled with BTF information (enabled using the CONFIG_BTF_ENABLE=Y kernel compilation flag). This is the case for most common distributions nowadays.
You can check if your kernel has CO:RE support by manually looking for the BTF file:
$ ls -la /sys/kernel/btf/vmlinux
- r--r--r--.1 root root 3541561 Jun 218:16/sys/kernel/btf/vmlinux
If the file exists, congratulations! Your kernel supported CO:RE.
If your kernel is too old or you don’t have CO:RE support - groundcover still has your back. Our legacy eBPF agent is not as optimized and efficient as Flora, but it supports older systems as well - anything with linux kernel 4.14+.
To install using legacy mode follow the instructions here.
What happens if my kernel is not supported?
If your system does not fit into any of the above - unfortunately, our eBPF sensor will not be able to run on your environment. However, this does not mean groundcover won’t collect any data. You will still be able to inspect your k8s environment, see all collected logs and use integrations with outer data sources.