Monitoring Network Traffic In K8S Using — “tcpdump”
What Is Kubernetes ???
- Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.
- It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
Kubernetes — Ingress
- An API object that manages external access to the services in a cluster, typically HTTP.
- Ingress may provide load balancing, SSL termination and name-based virtual hosting.
- “ Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. ”
- An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name-based virtual hosting. An Ingress controller is responsible for fulfilling the Ingress, usually with a load balancer, though it may also configure your edge router or additional frontends to help handle the traffic.
- An Ingress does not expose arbitrary ports or protocols. Exposing services other than HTTP and HTTPS to the internet typically uses a service of type Service.Type=NodePort or Service.Type=LoadBalancer.
Each HTTP rule contains the following information:
- An optional host. In this example, no host is specified, so the rule applies to all inbound HTTP traffic through the IP address specified. If a host is provided (for example, foo.bar.com), the rules apply to that host.
- A list of paths (for example,
/testpath), each of which has an associated backend defined with a
service.port.number. Both the host and path must match the content of an incoming request before the load balancer directs traffic to the referenced Service.
- A backend is a combination of Service and port names as described in the Service doc or a custom resource backend by way of a CRD. HTTP (and HTTPS) requests to the Ingress that matches the host and path of the rule are sent to the listed backend.
defaultBackend is often configured in an Ingress controller to service any requests that do not match a path in the spec.
Documentation Link For Your Reference :
© 2022 The Kubernetes Authors | Documentation Distributed under CC BY 4.0 Copyright © 2022 The Linux Foundation ®. All…
FEATURE STATE: Kubernetes v1.19 [stable] An API object that manages external access to the services in a cluster…
What Is tcpdump ???
- Tcpdump is a command line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool.
- A powerful and versatile tool that includes many options and filters, tcpdump can be used in a variety of cases.
- Since it’s a command line tool, it is ideal to run in remote servers or devices for which a GUI is not available, to collect data that can be analyzed later. It can also be launched in the background or as a scheduled job using tools like cron.
Link For Your Reference :
Steps to Monitor / Analyse Network Traffic in Kubernetes Containers by using Tcpdump Tool —
- Sometimes we need to debug the network traffic in Kubernetes cluster for our application if any gateway or session timeout errors, we will see how to monitor / analyse the network traffic in Kubernetes cluster.
Step 1 —
- Get node and container ID,
- First we need to know in which node the pod is running and get the container ID for the pod.
- To get the node name,
kubectl get pods -o wide
- It is running in k8snode1.com node.
- To get the docker container ID,
kubectl get pods pod-name -o json|grep containerID
eg : kubectl get pods node-red-55c5fc6c9-nj9ls -o json|grep containerID
Now we got the container ID.
Step 2 —
- Get the network adapter for the docker container,
- Find the pod unique network interface index.
docker exec container-ID /bin/bash -c ‘cat /sys/class/net/eth0/iflink’
eg : docker exec a2b145a6b08480036ba3488f3d049be67965088800823a7ba0f641c988e2163f /bin/bash -c ‘cat /sys/class/net/eth0/iflink’
- Now find the interface with the id,
for i in /sys/class/net/*/ifindex; do grep -l ID $i; done
eg : for i in /sys/class/net/*/ifindex; do grep -l 12 $i; done
- Now we got the network interface.
Step 3 —
- Analyse the network traffic of a pod,
- Install tcpdump in the node server,
yum install tcpdump -y
- check the network traffic,
tcpdump -i network-adapter-name
- Below I have given few more tcpdump commands,
- To check the output in ascii format,
tcpdump -i network-adapter-name -nn -A
- To check for any specific port number,
tcpdump -i network-adapter-name -nn -A port 8080
- Write the tcpdump output in a file,
tcpdump -i network-adapter-name -A -w file-name.pcap
- Read the .pcap file,
tcpdump -A -r file-name.pcap
- So finally we were able to Monitor network traffic in Kubernetes using tcpdump tool.
- Thank You for reading & learning with me.