// the find
getanteon/alaz
Alaz: Advanced eBPF Agent for Kubernetes Observability – Effortlessly monitor K8s service interactions and performance metrics in your K8s environment. Gain in-depth insights with service maps, metrics, and more, while staying alert to crucial system anomalies 🐝
Alaz is a Go-based eBPF agent that runs as a Kubernetes DaemonSet and passively captures service-to-service traffic — HTTP, Postgres, Redis, Kafka, gRPC, and more — without code changes or sidecars. It builds a live service map showing latencies and errors, and feeds metrics into the Anteon observability platform (cloud or self-hosted). It's for platform/infra teams who want zero-instrumentation visibility into what's talking to what in a K8s cluster.
Protocol coverage is genuinely wide: HTTP/1, HTTP/2, gRPC, Postgres, MySQL, MongoDB, Redis, Kafka, RabbitMQ all handled via separate eBPF C programs per protocol, which is the right architecture for keeping parsing logic isolated. The TLS interception hooks into both OpenSSL (shared object, dynamically linked) and Go's crypto/tls via uprobes, covering the two most common cases without requiring plaintext. Uses CO-RE (BTF) so the compiled eBPF object runs across kernel versions without recompilation — the prebuilt .o files are checked in for zero-build deployment. Self-hosted option means you don't have to send traffic metadata to a SaaS if your security posture doesn't allow it.
Last commit was October 2024 and star count is only 716 — low for the complexity involved, which suggests the project isn't getting much community traction outside the Anteon ecosystem; you're effectively adopting a vendor agent, not a neutral OSS tool. The agent is tightly coupled to Anteon's backend: there's no standalone mode that exports to Prometheus or OTEL without running the full Anteon stack, which limits composability with existing observability pipelines. AGPL-3.0 license is a hard blocker for many commercial environments without a legal review. Windows and non-Linux are explicitly unsupported, and the BTFHub fallback for older kernels is listed as 'upcoming' in the README with no evidence it shipped.