Goal: Configure packet capture for specific pods and review captured payload.
Packet captures are Kubernetes Custom Resources and thus native Kubernetes RBAC can be used to control which users/groups can run and access Packet Captures; this may be useful if Compliance or Governance policies mandate strict controls on running Packet Captures for specific workloads. This demo is simplified without RBAC but further details can be found here.
-
Choose an endpoint you want to capture from from manager UI, we will use
Redisas example.Note: You can see the endpoint details from UI, and we choose the service port
6379for capture the traffic.
-
Schedule the packet capture job with specific port and time.
-
You will see the job scheduled in service graph.
-
Download the pcap file once the job is
CapturingorFinished.
-
Open the pcap file with wireshark or tcpdump, you will see the ingress and egress traffic associate with
redispods i.e10.240.0.71
