Skip to content
/ kcap Public

KCAP, Kubernetes PCAP: an easy way to capture traffic within a kubernetes cluster

License

View license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

testillano/kcap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
.github
.github
 
 
deps
deps
 
 
helm
helm
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
capture.sh
capture.sh
 
 
demo.sh
demo.sh
 
 
merge.sh
merge.sh
 
 
retrieve.sh
retrieve.sh
 
 
unpatch.sh
unpatch.sh
 
 

Repository files navigation

Kubernetes captures image

License: MIT Documentation Ask Me Anything ! Maintenance Build docker image and publish to Docker Hub

This project hosts the stuff to build the kcap docker image useful to capture traffic within a kubernetes cluster.

Project image

This image is already available at docker hub for every repository tag, and also for master as latest:

docker pull testillano/kcap:<tag>

You could also build it using the script ./build.sh located at project root.

In case that your SUT has restricted access to docker hub, you could mirror the former kcap image in another docker registry location, and then export it on KCAP_IMG environment variable to override the default image used by the scripts described below:

Usage

You may use the following scripts to complete 4 different actions in a natural order (capture -> retrieve -> [unpatch] -> [merge]). Invoke them with -h|--help to get more detail:

./capture.sh

  • Patch deployments/statefulsets within provided namespace to include a kcap container at every pod.
  • Start captures by mean kubectl remote execution of /kcap/start.sh within every kcap container (it uses tshark).

./retrieve.sh

  • Retrieve all the artifacts to ease further analysis.

./unpatch.sh

  • Optionally, unpatch affected deployments.

./merge.sh

  • Optionally, you may merge all the gathered pcap files available within the artifacts structure retrieved using an auxiliary kcap image container through /kcap/merge.sh image utility. This is focused in building sequence diagrams for HTTP/2 traffic, so the list of HTTP/2 ports should be provided to improve the procedure results (this is done automatically anyway).

Download

The project scripts can be used separately without need to clone/download this project because deployment patching procedure will pull the kcap docker image from Docker Hub when needed. Just copy/paste the following in a bash shell, and run ./capture.sh script to start:

wget https://raw.githubusercontent.com/testillano/kcap/master/\
{capture.sh,retrieve.sh,unpatch.sh,merge.sh} && \
chmod +x {capture.sh,retrieve.sh,unpatch.sh,merge.sh}

Demo

There is a demo chart which deploys two HTTP2 Agents with two replicas each, then starts captures and generate traffic using their component test image. Finally, stops captures and retrieves artifacts:

./demo.sh

License

This project is licensed under the MIT License and also uses the opensource project 5G Visualizer from Deutsche Telekom.

About

KCAP, Kubernetes PCAP: an easy way to capture traffic within a kubernetes cluster

Topics

bash docker kubernetes pcap wireshark network-analysis sniffing

Resources

Readme

License

View license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

[v1.0.2] Minor improvements Latest
Jun 29, 2022

Packages

 
 
 

Languages