I won't explain what ebpf is because google can do a better job of that than me but essentially this program hooks into the low-level system calls being made by your programs, so its able to grab un-encrypted network traffic before its encrypted and sent over the network. "zero-configuration" here mean you dont have to do much manual configuration to get this working.
I'm using the term "low level system calls" loosely here since the poster asked for ELI5. Trayce actually uses a combination of kprobes for system calls and uprobes to monitor calls to OpenSSL or the Go crypto/tls package. More details are here: https://github.com/evanrolfe/trayce_agent/blob/main/docs/REA...
IIRC EBPF is an enhanced version of the Berkeley Packet filter. In this scenario I believe it is being used for sandboxing a low level process to allow for TLS "decryption" on network connections related to Docker.