Skip to main content

Inspektor Gadget

Inspektor Gadget is an open-source eBPF-based (observability and security) toolkit for Kubernetes and containerized environments that provides on-cluster troubleshooting, profiling, and inspection tools.

  • eBPF-based gadgets for inspecting processes, containers, and Kubernetes workloads (observability, diagnostics)
  • On-cluster deployment as Kubernetes resources, with gadgets exposed via kubectl plugin and custom resources (platform operations)
  • Runtime tracing and profiling of system calls, network activity, and resource usage for containers and pods (performance monitoring, security monitoring)
  • Integration with Kubernetes metadata to correlate low-level kernel events with pods, namespaces, and nodes (Kubernetes observability)
  • Extensible framework for building and running custom eBPF tools in Kubernetes clusters (developer tooling, extensibility)

More About Inspektor Gadget

Inspektor Gadget addresses the need for kernel-level visibility into Kubernetes and containerized workloads by providing a set of eBPF-based tools that run directly in the cluster. It targets platform engineering, Site Reliability Engineering (SRE), security, and performance analysis use cases where correlation between kernel events and Kubernetes objects is necessary. The project operates in the (Kubernetes observability) and (container diagnostics) domains, with a focus on live troubleshooting and inspection of running workloads.

The project packages eBPF programs as “gadgets” that can be deployed and executed in Kubernetes clusters. These gadgets collect data such as system calls, network connections, file operations, resource consumption, and process activity from containers and nodes (kernel observability). Inspektor Gadget uses Kubernetes primitives and metadata to associate these low-level events with pods, namespaces, and nodes, which enables queries and reports at the level of Kubernetes resources rather than only at the host level.

Inspektor Gadget is typically deployed as a DaemonSet or similar components that run on each node, with a kubectl plugin or custom resources used to invoke specific gadgets and retrieve results (cluster operations tooling). Enterprise users can run gadgets on demand for debugging incidents, profiling workloads, analyzing network flows, or observing security-relevant behavior at runtime. The project leverages eBPF technology in the Linux kernel to collect data with low overhead and without modifying application code.

The framework is extensible, allowing developers to build custom gadgets based on eBPF programs and integrate them into the same operational model (developer tooling, extensibility). This supports organization-specific diagnostics or security checks while reusing Inspektor Gadget’s deployment and metadata-correlation mechanisms. Because gadgets execute in the cluster and use Kubernetes-aware abstractions, they can be integrated into cluster maintenance workflows, Continuous Integration and Continuous Deployment (CI/CD) pipelines for validation, or runbooks for incident response.

From an enterprise architecture and taxonomy perspective, Inspektor Gadget fits into (cloud-native observability), (Kubernetes troubleshooting), and (runtime security monitoring). It interacts with Linux eBPF capabilities, Kubernetes APIs, and container runtimes, and it exposes a user experience aligned with kubectl and Kubernetes custom resources. This positioning makes it relevant for teams standardizing on cloud-native platforms that require kernel-level insight tied directly to Kubernetes objects for diagnostics, performance analysis, and security monitoring.