network-mapper
kubeshark
| network-mapper | kubeshark | |
|---|---|---|
| 10 | 16 | |
| 570 | 10,562 | |
| 0.5% | 0.9% | |
| 8.7 | 9.4 | |
| 3 days ago | 9 days ago | |
| Go | Go | |
| Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
network-mapper
- Network Mapper – low privileges, no-eBPF network observability tool for K8s
-
Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters
Yep! When you deploy Otterize, you get a map of your cluster’s traffic, with zero-configuration, through the open-source network-mapper.
-
Kubernetes traffic discovery
After multiple iterations, research sessions and some trial & error, we could produce an exportable list of network connections in any Kubernetes cluster. You might recall that our larger goal was to get to a logical (functional) map of pod-to-pod traffic, and that will be covered in a future posting. After adding that capability, here’s an example output from our project, now called network-mapper, when pointed at one of the clusters in our “lab” environment:
- Show HN: Visualize Kubernetes Clusters
-
Visualizing Kubernetes traffic, the non-invasive way
It'll require some changes but you can go for it if that's something up your alley, as after all, it's all open source - https://github.com/otterize/network-mapper
- GitHub - otterize/network-mapper: Map Kubernetes in-cluster traffic and export as text, intents, or an image
-
Open-source Kubernetes traffic visualizer - Otterize network mapper
We received some great feedback from the community regarding our tool, and one of the most commonly requested features was visualization. So we embedded this functionality into the tool, and now you can easily map and visualize your cluster with a single CLI command.
-
Alternative to Network Policys
As you've mentioned, it is not possible to define deny rules using the native NetworkPolicy resource. Instead, you could use your CNI’s implementation for network policies. If you use Calico as your CNI you can use Calico's network policies to create deny rules. You can also take a look at Otterize OSS, an open-source solution my team and I are working on recently. It simplifies network policies by defining them from the client’s perspective in a ClientIntents resource. You can use the network mapper to auto-generate those ClientIntents from the traffic in your cluster, and then deploy them and let the intents-operator manage the network policies for you.
- Otterize network mapper - map Kubernetes in-cluster traffic with zero-config
kubeshark
-
Show HN: Alaz: Open-Source, Self-Hosted, eBPF-Based K8s Monitoring
The one similar product I had come across is Kubeshark (https://github.com/kubeshark/kubeshark). But admittedly the eBPF way seems more performant theoretically (given you can afford to have a modern-enough kernel). I'm really excited to see how this project develops out.
The eBPF-mode of innovation is pretty exciting, truly a fresh lens to building software. I'm also following Akita Software - the company building an eBPF paradigm of monitoring.
-
Top open source security devtools you need to know about
GitHub: https://github.com/kubeshark/kubeshark Website: https://kubeshark.co/
-
Can't make kubeshark work
Can you send us the logs using: `kubeshark logs` (you can also use the issues page or slack)
-
Diagnosing high Cloud NAT usage for a CI cluster
Yes there are, but Cloud NAT alone won't be able to help you with that. You can either use a standalone proxy or a 3rd party firewall appliance through which you can route your traffic, or use more modern approaches with tools such as Kubeshark or Cillium.
-
Monitoring service network traffic
https://github.com/kubeshark/kubeshark - somewhat like Wireshark for Kubernetes. LMK if you have any questions
-
Tips on enumerating unknown APIs in my environment?
For example, this open-source project gives instant visibility into API traffic in kubernetes environments: https://github.com/kubeshark/kubeshark
-
Kubeshark PCAP Export
Check out the GitHub repository: https://github.com/kubeshark/kubeshark
- Kubeshark: The API Traffic Viewer for Kubernetes
What are some alternatives?
echopod - The minimal HTTP server that provides info about container/pod.
kui - A hybrid command-line/UI development experience for cloud-native development
tic-tac-toe - 🎮 Tic Tac Toe implementation over network 🌐
ksniff - Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
intents-operator - Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
cli - Snyk CLI scans and monitors your projects for security vulnerabilities.
grafana-operator - An operator for Grafana that installs and manages Grafana instances, Dashboards and Datasources through Kubernetes/OpenShift CRs
kwok - Kubernetes WithOut Kubelet - Simulates thousands of Nodes and Clusters.
kubetunnel - Develop microservices locally while being connected to your Kubernetes environment
fake-k8s - [Moved to https://github.com/kubernetes-sigs/kwok] fake-k8s is a tool for running Fake Kubernetes clusters, It can be used as an alternative to Kind in some scenarios where you don’t need to actually run the Pod
CoreDNS - CoreDNS is a DNS server that chains plugins
alaz - Alaz: Advanced eBPF Agent for Kubernetes Observability – Effortlessly monitor K8s service interactions and performance metrics in your K8s environment. Gain in-depth insights with service maps, metrics, distributed tracing, and more, while staying alert to crucial system anomalies 🐝