Requirements

Supported Platforms & Requirements

Linux

Minimum: Linux kernel v5.2 (Amazon 2 Linux).

Recommended: v6.2 or higher.

Modern distributions (Ubuntu 22.04+, RHEL 9+, etc.) usually provide full eBPF support.

To verify, check if the following kernel configs are enabled:

CONFIG_BPF=y, CONFIG_BPF_SYSCALL=y, CONFIG_HAVE_EBPF_JIT=y

zcat /proc/config.gz | grep BPF

Alternatively, run:

bpftool feature probe

Look for BPF and JIT features marked as “available”.

Root access required.

Capabilities needed:
- CAP_BPF (primary, present in kernel 5.8+)
- CAP_SYS_ADMIN (fallback for older kernels or tools)
- CAP_PERFMON (performance monitoring)
- CAP_NET_ADMIN (network observability)

How to verify:

Check current capabilities:

capsh --print | grep cap_

For containerized environments, ensure capabilities are not dropped (see Kubernetes docs or Docker docs).

Ensure kubectl is installed and configured to communicate with the target cluster:
```
kubectl cluster-info
```
You should receive cluster details, not errors.

For cluster-wide deployments, confirm permission to create privileged DaemonSets and grant required Linux capabilities.
If using managed services (EKS, GKE, AKS), ensure nodes support eBPF and required kernel capabilities (see cloud provider documentation).

Check eBPF runtime support:
```
bpftool prog list
```
- Lists loaded eBPF programs; command should succeed without errors.
Validate capabilities in containers:
- Review securityContext.capabilities in Pod specs for necessary capabilities.
- For troubleshooting, check container logs and system logs (dmesg, /var/log/messages).

Last updated 2 days ago