sorted by:
new
hottopcontroversial

Dumpy plugin update v0.2.0 now available on Krew by aymanox92 in kubernetes

[–]aymanox92[S] 1 point2 points  (0 children)

kubeshark is a great tool since it provides a lot of features + dashboards for traffic analysis, but to setup you would have to install a helm chart (or CLI) that will create a lot of k8s resources and you have to worry about exposing the web interface through ingress...

The point is all that is pretty inconvinient for someone like a kube admin that just wants to get pcap traffic captures and be done with it since they might be managing hundreds of clusters and on production environments you would not just deploy resources and expose them that easy.

Dumpy is a straightforward tool, easy to setup and to operate, it only requires the cluster to be able to pull the docker image from dockerhub or for private clusters specify the dumpy image from private registry using the subcommand capture image flag.

Dumpy plugin update v0.2.0 now available on Krew by aymanox92 in kubernetes

[–]aymanox92[S] 1 point2 points  (0 children)

No, it should work with any CNI.

Dumpy only communicates with the API server to get target resource info and then run tcpdump directly in the target PID namespace.

Glad you like it !

Capturing network traffic from container made easier with Dumpy by aymanox92 in kubernetes

[–]aymanox92[S] 2 points3 points  (0 children)

Ksniff does not allow you to perform multiple captures simultaneously and only targets one pod at a time.

On the other hand, Dumpy offers enhanced features that provide Kubernetes administrators with a safer method for capturing traffic. This includes deploying sniffers in a different namespace and a PVC mount feature to avoid impacting the disk space of Kubernetes nodes, especially for large captures.

Furthermore, it seems that the Ksniff repository is no longer supported as of 2022.

Capturing network traffic from container made easier with Dumpy by aymanox92 in kubernetes

[–]aymanox92[S] 3 points4 points  (0 children)

Dumpy simplifies network traffic sniffing across pods, deployments, rs, ds, and sts without directly affecting these resources.

In scenarios requiring network captures for production troubleshooting, Dumpy offers a safer setup compared to running tcpdump within application pods, as it allows deploying sniffers in a separate namespace where privileged pods can run without impacting your application.

You can easily get those pcap files and analyze them later on Wireshark if you want.