eBPF application instrumentation for Java: challenges, design, and real-world examples

Java is one of the most widely used programming languages for enterprise applications, powering everything from monoliths to large-scale microservice architectures. Frameworks such as Spring Boot and Quarkus, together with a rich ecosystem of ORM, messaging, and communication libraries, have made application-level observability relatively straightforward through the OpenTelemetry Java agent. 

However, there are many real-world scenarios where modifying application code or JVM startup parameters is not possible. The OpenTelemetry eBPF Instrumentation (OBI) project focuses on these cases, offering a powerful alternative by enabling observability without code changes or JVM configuration modifications. 

In this talk, Grafana Labs Principal Software Engineer and a maintainer of OBI, Nikola Grcevski and Causely co-founder Endre Sara, explore the challenges of instrumenting Java applications using eBPF, including the diversity of JDK distributions and versions, differences in JVM internals, and the combinatorial explosion of frameworks and libraries that makes generic instrumentation difficult. The problem becomes even harder when applications communicate over TLS-encrypted protocols, such as HTTPS, gRPC, encrypted database connections, and secure messaging systems, where payloads are opaque to traditional eBPF techniques.

This session explains the design decisions and implementation details behind OBI's approach  to these challenges, including how OBI correlates low-level kernel events with higher-level application semantics and how it deals with encrypted communication paths. Nikola and Endre also discuss the trade-offs involved, highlighting what information can be reliably extracted today and where limitations remain.

To ground the discussion, the talk includes several real-world examples: a Spring Boot application communicating with Keycloak over HTTPS, a Spring Boot application using gRPC to interact with Google Pub/Sub, and a Quarkus application using TLS-encrypted PostgreSQL and Kafka.