Kctrace: Log enrichment via system call tracing on Kubernetes.
Project description
This project addresses inefficiencies in root-cause analysis within Kubernetes environments, where standard application logs often lack sufficient context or fail to capture fatal system-level errors. The objective is to develop a solution that intercepts failed system calls and enriches them with specific Kubernetes metadata, such as container IDs, pods, and namespaces; with the expectation of significantly shortening the turnaround time for root-cause analysis.
The proposed solution is a containerized observability tool that leverages eBPF (Extended Berkeley Packet Filter) to intercept system calls at the Linux kernel level. Upon detecting a failed system call, the solution dynamically correlates the kernel event with Container Runtime Interface (CRI) and Kubernetes context data-identifying specific Pods, Namespaces, and Container IDs. Additionally, the solution buffers preceding successful system calls to provide a historical execution trace, ensuring transparency regarding the container's state prior to failure. The final report is serialized in the standard Syslog (RFC 5424) format to ensure compatibility with both legacy and modern monitoring ecosystems, and is subsequently persisted to a file.
Context
Kubernetes environments
Results
The solution is validated through a dual-environment testing strategy using an on-premise Kubernetes cluster and AWS EKS to ensure infrastructure agnostic stability and performance.
About the project group
A graduate student at Fontys ICT is in the final phase of the bachelor programme and works independently on a graduation assignment rooted in professional practice. The assignment addresses a concrete ICT-related challenge and requires the integration of technical knowledge, research skills, and professional competencies.
During the final semester, the student analyses a real-world problem, develops and implements a substantiated solution, and reflects critically on both the process and the outcome. As part of the graduation moment, the student presents and demonstrates their work at Innovations Insight, explaining the relevance, approach, and results to a diverse audience of professionals, students, and teachers. This presentation forms an essential part of the assessment and demonstrates the student’s readiness to enter the ICT profession.