eBPF Setup

Sentinel's eBPF mode unlocks real-time process events, per-connection network flows, and L7 HTTP tracing.

Requirements

Requirement	Minimum
Linux kernel	4.18+ (5.4+ recommended for full feature set)
Pod security	`privileged: true` (set automatically by chart)
BPF filesystem	`/sys/fs/bpf` must be mounted on the node

helm upgrade --install saviour \
  oci://ghcr.io/saviourops-labs/charts/saviour \
  --set sentinel.ebpf.enabled=true \
  --reuse-values

kubectl logs -n saviour -l app.kubernetes.io/name=sentinel | grep -i ebpf
# Expected: "eBPF programs loaded successfully"

helm upgrade saviour \
  oci://ghcr.io/saviourops-labs/charts/saviour \
  --set sentinel.ebpf.enabled=false \
  --reuse-values

In baseline mode, Sentinel runs without privileged and only collects procfs-based metrics.