KubeShark : The API Traffic Analyzer for kubernetes

Kubernetes Networking overview

In a Kubernetes cluster, each container runs within a pod, and pods are scheduled onto nodes (physical or virtual machines) by the Kubernetes control plane. Kubernetes networking provides a way for pods to communicate with each other, with services, and with external resources.

Kubernetes uses a flat network model, where all pods can communicate with each other directly, regardless of which node they are running on. To enable this, Kubernetes sets up a virtual network that spans all nodes in the cluster, and assigns each pod a unique IP address within this network.

Prerequisites

A kubernetes cluster.

Kubeshark

How to install Kubeshark

You can use a shell script to download the right binary for your operating system and CPU architecture:

sh <(curl -Ls https://kubeshark.co/install)

Additional methods can be found at https://docs.kubeshark.co/en/install

To demonstrate the use of kubeshark, lets deploy a sample application into kuberenetes cluster. We are deploying the famous guesbook application from official kuberentes docs.

Example: Deploying PHP Guestbook application with Redis

Verify installed application is running.

Let’s run kubeshark for our application’s namespace. Command as below:

kubeshark tap -n <namespace name>

Once you run the CLI, a browser window will open at localhost:8899 by default.

Let’s generate some traffic.

Service MAP

In this blog we saw how Kubeshark can be used for analyzing network traffic in Kubernetes clusters, and it offers several advantages for Kubernetes administrators and developers:

1. Enhanced visibility: Kubeshark provides real-time visibility into the network traffic between pods and services in a Kubernetes cluster. This can help you troubleshoot and diagnose network-related issues, such as slow response times or high latency.
2. Easy to use: Kubeshark is a kubectl plugin, which means it can be easily installed and used within the Kubernetes command line interface. You don’t need to learn a new tool or interface to use Kubeshark.
3. Granular filtering: Kubeshark allows you to filter network traffic based on various criteria, such as protocol, source IP address, destination IP address, and port number. This can help you focus on specific traffic patterns and identify potential security threats.
4. Integration with Wireshark: Kubeshark uses Wireshark as its underlying network protocol analyzer, which is a widely-used and well-established tool in the network analysis community. This allows you to take advantage of Wireshark’s advanced features, such as protocol decoding and packet analysis.

Overall, Kubeshark provides a powerful and flexible tool for network analysis in Kubernetes clusters, and its integration with Wireshark and ease of use make it an attractive option for Kubernetes administrators and developers.